Jump to content

League of Angels popup


Recommended Posts

Hi,

Ive noticed that i get the same 'league of angels' popup on sites which would usually have none. It seems to be quite random and occuring for 4+ days, so i suspect i have adware. I searched on the internet, and found alot of sites claiming to help with removal, however their manual removal advice was always very vague and not practical, and all written in the same style (probably the sites were bogus).

Im still in the process of deleting some programmes that may be causing the infection (there are no obvious candidates), but in the meantime i have tried Malware bytes, Hitman pro, adware cleaner, combofix, jrt, and the following day the ad always returns. In fact, Malware bytes or Hitman never find anything on the scans. Adware remover always suggests delted the 'prefs file' in appdata>Firefox>roaming, but i think firefox automatically creates this on opening.  I have also reinstalled/reset firefox, updated pluggins, ad disabled system restore....not sure how esle to proceed.

Is it a harmless popup? Firefox vulnerability? Or something concerning on the computer?

Thanks a lot for your help in advance

 

Link to post
Share on other sites

  • Replies 65
  • Created
  • Last Reply

Top Posters In This Topic

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Run Malwarebytes,  Open > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick scan

Make sure that everything is checked, and click Remove Selected on any found items.

 

Post the produced log

 

Next,

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Let me see those logs..

 

Kevin

Link to post
Share on other sites

Hello Kevin,

Thanks for your help.

Malwarebytes scan:


----------------------------------------------------
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.25.02

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
John :: LAPTOP [administrator]

25/03/2014 07:46:29
mbam-log-2014-03-25 (07-46-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 226737
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
---------------------------------------------------------

Farbar scan:


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(WinZip Computing International, LLC) C:\Program Files\File Association Helper\FAHWindow.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIIME.EXE
(Sony) C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(F-Secure Corporation) C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSLAUNCH.EXE


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-22] (IDT, Inc.)
HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [FAHConsole] - C:\Program Files\File Association Helper\FAHConsole.exe [216248 2013-09-26] (WinZip Computing International, LLC)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2185032 2009-10-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [F-Secure Hoster (44515)] - C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
HKLM-x32\...\Run: [F-Secure Manager] - C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE [310992 2012-10-18] (F-Secure Corporation)
HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-03-12] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE [283232 2012-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [EPLTarget\P0000000000000001] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE [283232 2012-11-02] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449760 2013-10-31] (Sony)
HKU\S-1-5-21-1935344830-3333155245-2583117102-1001\...\Run: [skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.uk.msn.com/HPNOT13/2
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://g.uk.msn.com/HPNOT13/2
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {C5366604-2FED-4B35-9AEB-30FC4DA8F5B8} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {C5366604-2FED-4B35-9AEB-30FC4DA8F5B8} URL = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/710-29550-11896-25/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} -  No File
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.0.0.136\IPSFFPlgn\

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
R2 fshoster; C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)
R3 FSMA; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE [208592 2012-10-18] (F-Secure Corporation)
R2 FSORSPClient; C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe [60352 2013-09-03] (F-Secure Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-10-24] ()
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2014-03-19] (Trusteer Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
R3 F-Secure Gatekeeper; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [203304 2014-03-04] (F-Secure Corporation)
R1 F-Secure HIPS; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [69480 2014-03-04] (F-Secure Corporation)
R0 fsbts; C:\Windows\System32\Drivers\fsbts.sys [56016 2013-09-03] ()
R0 fsbts; C:\Windows\SysWOW64\Drivers\fsbts.sys [42672 2013-09-03] ()
R3 fsni; C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys [80832 2013-04-25] (F-Secure Corporation)
R1 fsvista; C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [14032 2012-10-18] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 pfc; C:\Windows\SysWOW64\drivers\pfc.sys [10368 2004-04-01] (Padus, Inc.)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-11-14] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [282712 2014-03-19] (Trusteer Ltd.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [273592 2014-03-19] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [316312 2014-03-19] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [397848 2014-03-19] (Trusteer Ltd.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-25 07:53 - 2014-03-25 07:56 - 00018804 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-25 07:53 - 2014-03-25 07:54 - 00029732 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-25 07:52 - 2014-03-25 07:56 - 00000000 ____D () C:\FRST
2014-03-25 07:43 - 2014-03-25 07:43 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-24 21:42 - 2014-03-24 21:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-03-24 21:33 - 2014-03-24 21:33 - 00019724 _____ () C:\ComboFix.txt
2014-03-24 21:07 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-24 21:07 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-24 21:07 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-24 21:07 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-24 21:03 - 2014-03-24 21:33 - 00000000 ____D () C:\Qoobox
2014-03-24 21:02 - 2014-03-24 21:31 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 21:01 - 2014-03-24 21:02 - 05192353 ____R (Swearware) C:\Users\John\Downloads\ComboFix.exe
2014-03-24 20:56 - 2014-03-24 20:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1009.exe
2014-03-24 20:54 - 2014-03-24 20:54 - 00001063 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-24 20:32 - 2014-03-24 20:32 - 00000030 _____ () C:\Users\John\AppData\Roaming\mbam.context.scan
2014-03-24 10:06 - 2014-03-24 10:06 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2014-03-24 09:56 - 2014-03-24 21:41 - 00000000 ____D () C:\AdwCleaner
2014-03-24 09:36 - 2014-03-24 09:37 - 01950720 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-24 09:32 - 2014-03-24 09:32 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-03-24 09:13 - 2014-03-24 09:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 08:34 - 2014-03-24 08:34 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-24 08:08 - 2014-03-24 08:09 - 00000000 ____D () C:\Users\John\Desktop\cccleaner reg files edit
2014-03-24 07:53 - 2014-03-24 07:53 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-24 07:53 - 2014-03-24 07:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-24 07:53 - 2014-03-24 07:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-24 07:51 - 2014-03-24 07:52 - 04765152 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup411.exe
2014-03-22 21:56 - 2014-03-22 21:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-22 21:45 - 2014-03-22 21:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-22 21:43 - 2014-03-22 21:43 - 10820032 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe
2014-03-22 21:42 - 2014-03-22 21:42 - 09988304 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro.exe
2014-03-22 17:15 - 2014-03-22 17:15 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 _____ () C:\autoexec.bat
2014-03-22 14:44 - 2014-03-22 15:38 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\John\Desktop\Santander
2014-03-20 15:31 - 2014-03-24 21:58 - 00000000 ____D () C:\Users\John\Desktop\Job info
2014-03-15 16:59 - 2014-03-15 16:59 - 00360968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 09:30 - 2013-10-25 07:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-03-13 09:30 - 2013-10-24 22:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-03-13 09:29 - 2014-02-23 08:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:29 - 2014-02-08 04:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:28 - 2014-02-23 08:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:28 - 2014-02-23 08:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:28 - 2014-02-23 08:13 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-03-13 09:28 - 2014-02-23 08:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-03-13 09:28 - 2014-02-23 08:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:28 - 2014-02-23 08:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:28 - 2014-02-23 08:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:28 - 2014-02-23 08:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:28 - 2014-02-23 06:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:28 - 2014-02-23 06:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:28 - 2014-02-23 06:54 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:28 - 2014-02-23 06:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:28 - 2014-02-23 06:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:28 - 2014-02-23 06:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:28 - 2014-02-23 04:06 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 09:27 - 2014-02-05 23:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:27 - 2014-02-05 23:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 09:27 - 2014-01-31 00:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:27 - 2014-01-31 00:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:27 - 2013-12-07 06:36 - 19751936 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-13 09:27 - 2013-12-07 05:15 - 17560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-11 21:22 - 2014-03-11 21:22 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-03 14:43 - 2014-03-24 08:09 - 00000000 ____D () C:\Users\John\Desktop\UKVI
2014-03-01 12:49 - 2014-03-01 12:49 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-03-01 12:01 - 2014-03-01 12:01 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live
2014-02-27 20:35 - 2014-02-28 10:45 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-02-27 20:25 - 2014-02-27 20:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-27 20:25 - 2014-02-27 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-23 19:54 - 2014-03-03 17:32 - 00000000 ____D () C:\Users\John\Desktop\New folder

==================== One Month Modified Files and Folders =======

2014-03-25 07:56 - 2014-03-25 07:53 - 00018804 _____ () C:\Users\John\Downloads\FRST.txt
2014-03-25 07:56 - 2014-03-25 07:52 - 00000000 ____D () C:\FRST
2014-03-25 07:54 - 2014-03-25 07:53 - 00029732 _____ () C:\Users\John\Downloads\Addition.txt
2014-03-25 07:44 - 2013-01-11 14:28 - 01696160 _____ () C:\Windows\WindowsUpdate.log
2014-03-25 07:43 - 2014-03-25 07:43 - 02157056 _____ (Farbar) C:\Users\John\Downloads\FRST64.exe
2014-03-25 07:41 - 2013-01-11 23:41 - 00000000 ____D () C:\Users\John\Documents\My Games
2014-03-25 07:22 - 2013-06-29 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-25 07:21 - 2013-01-18 14:18 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-25 07:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\sru
2014-03-24 21:58 - 2014-03-20 15:31 - 00000000 ____D () C:\Users\John\Desktop\Job info
2014-03-24 21:58 - 2013-01-16 19:43 - 00010980 _____ () C:\Users\John\AppData\Roaming\wklnhst.dat
2014-03-24 21:42 - 2014-03-24 21:42 - 00000552 _____ () C:\Windows\PFRO.log
2014-03-24 21:42 - 2012-07-26 07:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-24 21:41 - 2014-03-24 09:56 - 00000000 ____D () C:\AdwCleaner
2014-03-24 21:41 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-24 21:33 - 2014-03-24 21:33 - 00019724 _____ () C:\ComboFix.txt
2014-03-24 21:33 - 2014-03-24 21:03 - 00000000 ____D () C:\Qoobox
2014-03-24 21:31 - 2014-03-24 21:02 - 00000000 ____D () C:\Windows\erdnt
2014-03-24 21:30 - 2012-07-26 05:26 - 00000215 _____ () C:\Windows\system.ini
2014-03-24 21:02 - 2014-03-24 21:01 - 05192353 ____R (Swearware) C:\Users\John\Downloads\ComboFix.exe
2014-03-24 20:56 - 2014-03-24 20:56 - 12589848 _____ (Malwarebytes Corp.) C:\Users\John\Downloads\mbar-1.07.0.1009.exe
2014-03-24 20:54 - 2014-03-24 20:54 - 00001063 _____ () C:\Users\John\Desktop\JRT.txt
2014-03-24 20:32 - 2014-03-24 20:32 - 00000030 _____ () C:\Users\John\AppData\Roaming\mbam.context.scan
2014-03-24 12:01 - 2013-01-11 14:39 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1935344830-3333155245-2583117102-1001
2014-03-24 10:06 - 2014-03-24 10:06 - 00000000 ____D () C:\Users\John\Desktop\Old Firefox Data
2014-03-24 09:37 - 2014-03-24 09:36 - 01950720 _____ () C:\Users\John\Downloads\AdwCleaner.exe
2014-03-24 09:32 - 2014-03-24 09:32 - 04134240 _____ (Kaspersky Lab ZAO) C:\Users\John\Downloads\tdsskiller.exe
2014-03-24 09:18 - 2013-06-29 14:25 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-24 09:18 - 2013-06-29 14:25 - 00000000 ____D () C:\Users\John\AppData\Local\Adobe
2014-03-24 09:13 - 2014-03-24 09:13 - 00001151 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Users\John\AppData\Local\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\ProgramData\Mozilla
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-24 09:13 - 2014-03-24 09:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-24 08:56 - 2013-01-19 12:03 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForJohn.job
2014-03-24 08:34 - 2014-03-24 08:34 - 01038974 _____ (Thisisu) C:\Users\John\Downloads\JRT.exe
2014-03-24 08:09 - 2014-03-24 08:08 - 00000000 ____D () C:\Users\John\Desktop\cccleaner reg files edit
2014-03-24 08:09 - 2014-03-03 14:43 - 00000000 ____D () C:\Users\John\Desktop\UKVI
2014-03-24 08:09 - 2014-01-12 09:45 - 00000000 ____D () C:\Users\John\Desktop\ideas
2014-03-24 07:57 - 2013-01-13 22:19 - 01137664 ___SH () C:\Users\John\Desktop\Thumbs.db
2014-03-24 07:55 - 2012-08-03 23:21 - 00000000 ____D () C:\Windows\Panther
2014-03-24 07:53 - 2014-03-24 07:53 - 00002770 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-03-24 07:53 - 2014-03-24 07:53 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-24 07:53 - 2014-03-24 07:53 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-24 07:52 - 2014-03-24 07:51 - 04765152 _____ (Piriform Ltd) C:\Users\John\Downloads\ccsetup411.exe
2014-03-23 22:01 - 2013-01-15 19:13 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-23 12:55 - 2013-01-19 12:03 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForJohn
2014-03-23 12:55 - 2013-01-11 14:28 - 00000000 ____D () C:\Users\John
2014-03-23 12:46 - 2012-07-26 07:28 - 00941050 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 21:56 - 2014-03-22 21:56 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-03-22 21:56 - 2013-08-25 10:39 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-22 21:45 - 2014-03-22 21:45 - 00001897 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-03-22 21:45 - 2013-08-25 16:34 - 00000000 ____D () C:\Program Files\HitmanPro
2014-03-22 21:43 - 2014-03-22 21:43 - 10820032 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro_x64.exe
2014-03-22 21:42 - 2014-03-22 21:42 - 09988304 _____ (SurfRight B.V.) C:\Users\John\Downloads\HitmanPro.exe
2014-03-22 21:16 - 2013-08-20 19:40 - 00360960 ___SH () C:\Users\John\Downloads\Thumbs.db
2014-03-22 17:15 - 2014-03-22 17:15 - 00000000 ____D () C:\ProgramData\GridinSoft
2014-03-22 15:38 - 2014-03-22 14:44 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 15:24 - 2014-02-08 17:20 - 00000000 ____D () C:\Windows\Minidump
2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-03-22 14:45 - 2014-03-22 14:45 - 00000000 _____ () C:\autoexec.bat
2014-03-21 14:18 - 2013-03-12 16:40 - 00000000 ____D () C:\Users\John\Documents\John
2014-03-20 15:33 - 2014-03-20 15:33 - 00000000 ____D () C:\Users\John\Desktop\Santander
2014-03-20 15:33 - 2014-01-12 09:42 - 00000000 ____D () C:\Users\John\Desktop\terrazza
2014-03-20 15:14 - 2013-01-18 17:53 - 00000000 ____D () C:\Users\John\AppData\Roaming\Tropico 3
2014-03-20 07:44 - 2013-07-23 15:20 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-20 07:40 - 2012-07-26 05:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-03-20 07:39 - 2013-01-12 17:18 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-20 07:28 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\AUInstallAgent
2014-03-19 21:27 - 2013-01-15 10:58 - 00316312 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportKE64.sys
2014-03-19 21:27 - 2013-01-15 10:58 - 00273592 _____ (Trusteer Ltd.) C:\Windows\system32\Drivers\RapportHades64.sys
2014-03-19 13:12 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-03-18 08:28 - 2013-01-15 19:12 - 00000000 ____D () C:\ProgramData\Skype
2014-03-15 17:48 - 2012-07-26 08:12 - 00000000 ____D () C:\Windows\rescache
2014-03-15 16:59 - 2014-03-15 16:59 - 00360968 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-15 12:54 - 2013-01-12 12:45 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-03-15 12:54 - 2013-01-12 12:44 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-03-15 10:03 - 2013-01-11 14:31 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-03-15 10:03 - 2013-01-11 14:31 - 00000000 ___RD () C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Windows\ToastData
2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-03-14 22:26 - 2012-07-26 08:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-03-14 14:30 - 2013-01-15 19:13 - 00000000 ____D () C:\Users\John\AppData\Roaming\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 05777288 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-03-11 12:57 - 2013-01-11 14:28 - 00000000 ____D () C:\Users\John\AppData\Local\Packages
2014-03-11 12:10 - 2013-09-19 11:43 - 00000000 ____D () C:\Users\John\AppData\Local\ABBYY
2014-03-04 22:52 - 2013-11-14 21:23 - 00694240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-04 22:52 - 2013-11-14 21:23 - 00078304 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-03 17:32 - 2014-02-23 19:54 - 00000000 ____D () C:\Users\John\Desktop\New folder
2014-03-01 12:49 - 2014-03-01 12:49 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-03-01 12:49 - 2014-03-01 12:49 - 00000000 ____D () C:\Users\John\AppData\Local\Skype
2014-03-01 12:19 - 2014-01-12 20:58 - 00000000 ____D () C:\Users\John\Desktop\english teaching
2014-03-01 12:01 - 2014-03-01 12:01 - 00000000 ____D () C:\Users\John\AppData\Local\Windows Live
2014-02-28 10:45 - 2014-02-27 20:35 - 00000000 ____D () C:\Users\John\AppData\Roaming\vlc
2014-02-27 20:25 - 2014-02-27 20:25 - 00001070 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-27 20:25 - 2014-02-27 20:25 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2014-02-23 08:13 - 2014-03-13 09:28 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-23 08:13 - 2014-03-13 09:28 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-23 08:13 - 2014-03-13 09:28 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-02-23 08:13 - 2014-03-13 09:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-02-23 08:13 - 2014-03-13 09:28 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-23 08:12 - 2014-03-13 09:29 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-23 08:12 - 2014-03-13 09:28 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-23 08:12 - 2014-03-13 09:28 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 15404032 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 03960320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-23 08:11 - 2014-03-13 09:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-23 06:54 - 2014-03-13 09:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-23 06:54 - 2014-03-13 09:28 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-23 06:54 - 2014-03-13 09:28 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-23 06:53 - 2014-03-13 09:28 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-23 06:35 - 2014-03-13 09:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-23 06:31 - 2014-03-13 09:28 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-23 04:06 - 2014-03-13 09:28 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll

Some content of TEMP:
====================
C:\Users\John\AppData\Local\temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-18 09:04

==================== End Of Log ============================

Farbar Addition



==================== Security Center ========================

AV: Computer Security (Disabled - Up to date) {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Computer Security (Disabled - Up to date) {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7 Wonders II (x32 Version: 2.2.0.98 - WildTangent) Hidden
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Audition 1.5 (HKLM-x32\...\{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}) (Version: 1.5 - Adobe Systems)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.0.150 - Adobe Systems, Inc.)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Assassin's Creed Brotherhood (HKLM-x32\...\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}) (Version: 1.03 - Ubisoft)
Assassin's Creed II (HKLM-x32\...\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}) (Version: 1.01 - Ubisoft)
Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft Montreal)
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 4 - Power Source (x32 Version: 2.2.0.98 - WildTangent) Hidden
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version:  - )
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Canon MP250 series User Registration (HKLM-x32\...\Canon MP250 series User Registration) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Computer Security 12.71.102.0 (release) (x32 Version: 12.71.102.0 - F-Secure Corporation) Hidden
Connected Music powered by Universal Music Group version 1.0 (HKLM-x32\...\{46037DC7-F927-46DF-935F-D6F122BDD34B}_is1) (Version: 1.0 - Snowite)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Crazy Chicken Soccer (x32 Version: 2.2.0.98 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.3.6326 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
Epson Easy Photo Print 2 (HKLM-x32\...\{30E01116-5666-4807-8EF1-D80E9FF16717}) (Version: 2.3.2.0 - SEIKO EPSON CORPORATION)
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (HKLM-x32\...\{B2D55EB8-32C5-4B43-9006-9E97DECBA178}) (Version: 1.00.0000 - SEIKO EPSON CORPORATION2)
Epson Event Manager (HKLM-x32\...\{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}) (Version: 3.01.0000 - Seiko Epson Corporation)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-202 203 206 Series Printer Uninstall (HKLM\...\EPSON XP-202 203 206 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.6.0 - SEIKO EPSON CORPORATION)
Europa Universalis III (HKLM-x32\...\Steam App 25800) (Version:  - Paradox Development Studio)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
File Association Helper (HKLM\...\{572D0504-2C67-4016-801F-D70879A3026A}) (Version: 1.1.6.53763 - WinZip Computing International, LLC)
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Football Manager 2010 (HKLM-x32\...\Steam App 34000) (Version:  - SI Games)
F-Secure CCF Reputation (x32 Version: 1.0.25.1877 - F-Secure) Hidden
F-Secure CCF Scanning 1.23.124.8831 (release) (x32 Version: 1.23.124.8831 - F-Secure Corporation) Hidden
F-Secure Network CCF 1.02.126 (x32 Version: 1.02.126 - F-Secure Corporation) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.212 - SurfRight B.V.)
HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (HKLM-x32\...\{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.3.0 - WildTangent)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}) (Version: 7.0.39.15 - Hewlett-Packard Company)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6417.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest II (x32 Version: 2.2.0.97 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word 2002 (HKLM-x32\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}) (Version: 08.04.0623 - Microsoft Corporation)
Microsoft Works 2005 Setup Launcher (HKLM-x32\...\Works2005Setup) (Version:  - )
Microsoft Works Suite Add-in for Microsoft Word (HKLM-x32\...\{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}) (Version: 8.0.0.0000 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Network Guide EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Netg) (Version:  - )
Online Safety 2.71.927.655 (x32 Version: 2.71.927.655 - F-Secure Corporation) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Power2Go (x32 Version: 8.0 - CyberLink Corp.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.2.0 - Ralink)
Ranch Rush 2 - Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
Rapport (x32 Version: 3.5.1304.61 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Shockwave (HKLM-x32\...\Shockwave) (Version:  - )
Sid Meier's Civilization 4 - Beyond the Sword (HKCU\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 (HKCU\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.74 - Firaxis Games)
Sid Meier's Civilization 4 (x32 Version: 1.00.0000 - Firaxis Games) Hidden
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Sid Meier's Civilization V SDK (HKLM-x32\...\Steam App 16830) (Version:  - Firaxis Games)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sony PC Companion 2.10.188 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.188 - Sony)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Super Safe Boost (HKLM-x32\...\F-Secure ServiceEnabler 44515) (Version: 1.71.340.0 - F-Secure Corporation)
Super Safe Boost (x32 Version: 1.71.340.0 - F-Secure Corporation) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.12 - Synaptics Incorporated)
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Tropico 3 1.02 (HKLM-x32\...\Tropico3) (Version: 1.02 - Kalypso Media)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1304.61 - Trusteer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
User's Guide EPSON XP-202 203 206 Series (HKLM-x32\...\EPSON XP-202 203 206 Series Useg) (Version:  - )
Virtual Families (x32 Version: 2.2.0.98 - WildTangent) Hidden
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Wedding Dash (x32 Version: 2.2.0.95 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.9.6 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Works Upgrade (x32 Version: 8.0.0.0000 - Microsoft Corporation) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Restore Points  =========================


==================== Hosts content: ==========================

2012-07-26 05:26 - 2014-03-24 21:30 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {06088D2F-2BE5-477A-95F9-77F2CD852DED} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {0926AAFF-7EA1-40DC-9422-E2844D06FF14} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {0AF97890-F738-4B4A-A3B4-62A10BA825EA} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {12593FFB-CA2E-4AB6-8A69-81AA705560CA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {522A4505-103D-443A-A1A8-22E41D397211} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-12-12] (Hewlett-Packard Company)
Task: {588FA457-B78A-40F9-AAC5-8D0DB127FFF5} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {633962BC-8504-4B7C-AB86-388C595CDC6C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {9E71F6AB-8F90-44BA-B587-184F7FD352F5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-24] (Adobe Systems Incorporated)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {B15FC8DC-D0C4-4C0D-BA28-DDB95B77924D} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-24] (Synaptics Incorporated)
Task: {BBEBA448-95D2-487F-B482-0D1566AD8E77} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CCB69D09-B70A-41CD-AFB0-4A38293EAC9F} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {DCA39277-1CCA-4CC5-B439-590B58442440} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {E681D283-29C8-4BC4-87E7-EF92C0D6676B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-02-10] (Hewlett-Packard)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {F2983181-7450-450E-BAD9-3F61B3E53A60} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {F6E0ED5B-7A46-45BD-842E-4918CF2248EF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-09-17 14:05 - 2013-10-24 10:54 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-06-01 07:46 - 2013-06-01 07:46 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-08 05:17 - 2012-08-08 05:17 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-12-26 19:38 - 2013-10-31 11:35 - 00070880 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
2013-01-15 10:58 - 2014-02-08 17:24 - 01125592 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2012-11-26 12:49 - 2012-11-26 12:49 - 00216632 _____ () C:\Program Files (x86)\TalkTalk\Security\daas2.dll
2013-09-03 14:10 - 2013-09-03 14:10 - 00030888 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\hashlib_x86.dll
2013-09-03 13:59 - 2013-12-11 08:27 - 00212008 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Spam Control\fsas.dll
2013-09-03 13:58 - 2014-03-04 07:20 - 00949288 _____ () C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fm4av.dll
2012-10-22 09:47 - 2012-06-25 18:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-12-26 19:38 - 2012-04-30 10:57 - 00039936 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
2013-12-26 19:38 - 2013-09-13 10:02 - 00208896 _____ () C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
2013-09-03 12:25 - 2013-09-03 12:25 - 00593464 _____ () C:\Windows\WinSxS\x86_f-secure.qt_4_6_2_2e112a926211c0a3_4.6.482.65_none_b59e1e0911fd55ab\QtMultimediaKit1.dll
2014-03-24 09:13 - 2014-03-15 08:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/25/2014 07:53:52 AM) (Source: FSecure-FSecure-F-Secure DeepGuard) (User: )
Description: 1  2014-03-25  07:53:52+01:00  LAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (03/25/2014 07:20:37 AM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005

Error: (03/25/2014 07:10:54 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 09:43:58 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 10:18:32 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 08:57:49 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/24/2014 07:35:30 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 00:40:13 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (03/23/2014 08:07:09 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Illegal operation attempted on a registry key that has been marked for deletion.

Error: (03/23/2014 07:31:38 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall


System errors:
=============
Error: (03/24/2014 09:42:19 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys

Error: (03/24/2014 09:30:47 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2014 09:30:17 PM) (Source: Application Popup) (User: )
Description: \??\C:\ComboFix\catchme.sys

Error: (03/24/2014 09:25:00 PM) (Source: Service Control Manager) (User: )
Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

Error: (03/24/2014 10:17:17 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys

Error: (03/24/2014 08:56:35 AM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys

Error: (03/23/2014 00:38:49 PM) (Source: Application Popup) (User: )
Description: \SystemRoot\SysWow64\drivers\pfc.sys

Error: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/23/2014 00:37:56 PM) (Source: DCOM) (User: LAPTOP)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/25/2014 07:53:52 AM) (Source: FSecure-FSecure-F-Secure DeepGuard)(User: )
Description: 1  2014-03-25  07:53:52+01:00  LAPTOP  SYSTEM  F-Secure DeepGuard
 Application was blocked. This was determined to be a high-risk application by system control heuristics.
 Application path: \\?\c:\windows\mod_frst.exe
 File hash: 4bb423ae4bf7b46ba1cd43c521cf9314c03cf8c4

Error: (03/25/2014 07:20:37 AM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005

Error: (03/25/2014 07:10:54 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 09:43:58 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 10:18:32 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 08:57:49 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/24/2014 07:35:30 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 00:40:13 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (03/23/2014 08:07:09 AM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: Illegal operation attempted on a registry key that has been marked for deletion.

Error: (03/23/2014 07:31:38 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall


CodeIntegrity Errors:
===================================
  Date: 2014-03-25 07:56:34.982
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:56:00.838
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:56:00.790
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:52:25.100
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:52:22.489
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:51:53.659
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:50:45.381
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:46:21.416
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:44:49.017
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.

  Date: 2014-03-25 07:44:14.791
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\EEL64A.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 6036.27 MB
Available physical RAM: 4072.65 MB
Total Pagefile: 7124.27 MB
Available Pagefile: 4931.28 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:910.64 GB) (Free:803.73 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.11 GB) (Free:2.49 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive e: (CIV4BTS_303) (CDROM) (Total:0.65 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 2D842E40)

Partition: GPT Partition Type.

==================== End Of Log ============================



 

Link to post
Share on other sites

I see you have used Combofix, can you post that log please.. Will be here :- C:\Combofix.txt

 

Next,

 

1.Download Malwarebytes Anti-Rootkit from this link:

 

 http://www.malwarebytes.org/products/mbar/

 

2. Unzip the File to a convenient location. (Recommend the Desktop)

3. Open the folder where the contents were unzipped to run mbar.exe

 

Image1.png

 

4. Double-click on the mbar.exe file, you may receive a User Account Control prompt asking if you are sure you wish to allow the program to run. Please allow the program to run and MBAR will now start to install any necessary drivers that are required for the program to operate correctly. If a rootkit is interfering with the installation of the drivers you will see a message that states that the DDA driver was not installed and that you should reboot your computer to install it. You will see this image:

 

mbarwm.png

 

5. If you receive this message, please click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer. Once the computer is rebooted and you login, MBAR will automatically start and you will now be at the start screen. (If no Rootkit warning you will go from step 4 to 6.)

 

6. The following image opens, select Next.

 

Image2.png

 

7. The following image opens, select Update

 

Image3.png

 

8. When the update completes select Next.

 

Image4.png

 

9. In the following window ensure "Targets" are ticked. Then select "Scan"

 

Image5.png

 

10. If an infection is found select the "Cleanup Button" to remove threats, Reboot if prompted. Wait while the system shuts down and the cleanup process is performed.

 

MBAntiRKcleanA.png

 

11. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click "Cleanup Button" once more and repeat the process.

12. If no threats were found you will see the following image, Select Exit:

 

Image6.png

 

13. Verify that your system is now running normally, making sure that the following items are functional:

 


  •      
  • Internet access
         
  • Windows Update
         
  • Windows Firewall

 

14.  If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included within Malwarebytes Anti-Rootkit folder.

 

15. Select "Y" from your Keyboard, tap Enter.

 

16. The fix will be applied, select any key to Exit.

 

17. Let me know how your system now responds. Copy and paste the two following logs from the mbar folder:

 

System - log

Mbar - log   Date and time of scan will also be shown

 

Thanks,

 

Kevin...

Link to post
Share on other sites

Hello,

Combo fix (from yesterday)

ComboFix 14-03-24.01 - John 24/03/2014  21:08:44.1.4 - x64
Microsoft Windows 8  6.2.9200.0.1252.44.2057.18.6036.4225 [GMT 0:00]
Running from: c:\users\John\Downloads\ComboFix.exe
AV: Computer Security *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Computer Security *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\John\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-24 to 2014-03-24  )))))))))))))))))))))))))))))))
.
.
2014-03-24 09:56 . 2014-03-24 10:16    --------    d-----w-    C:\AdwCleaner
2014-03-24 09:13 . 2014-03-24 09:13    --------    d-----w-    c:\users\John\AppData\Local\Mozilla
2014-03-24 09:13 . 2014-03-24 09:13    --------    d-----w-    c:\program files (x86)\Mozilla Maintenance Service
2014-03-24 08:57 . 2014-03-24 08:57    --------    d-----w-    c:\windows\ServiceProfiles\LocalService\winhttp
2014-03-24 07:53 . 2014-03-24 07:53    --------    d-----w-    c:\program files\CCleaner
2014-03-22 21:56 . 2014-03-22 21:56    12872    ----a-w-    c:\windows\system32\bootdelete.exe
2014-03-22 17:15 . 2014-03-22 17:15    --------    d-----w-    c:\programdata\GridinSoft
2014-03-22 14:45 . 2014-03-22 14:45    --------    d-----w-    c:\program files\Enigma Software Group
2014-03-22 14:44 . 2014-03-22 15:38    --------    d-----w-    c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-22 14:44 . 2014-03-22 14:44    --------    d-----w-    c:\program files (x86)\Common Files\Wise Installation Wizard
2014-03-15 10:27 . 2014-03-15 10:27    254640    ----a-w-    c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10236.bin
2014-03-13 09:29 . 2014-02-08 04:34    4036608    ----a-w-    c:\windows\system32\win32k.sys
2014-03-13 09:29 . 2014-02-23 08:12    19273216    ----a-w-    c:\windows\system32\mshtml.dll
2014-03-13 09:27 . 2013-12-07 06:36    19751936    ----a-w-    c:\windows\system32\shell32.dll
2014-03-13 09:27 . 2014-02-05 23:41    595968    ----a-w-    c:\windows\system32\qedit.dll
2014-03-13 09:27 . 2014-02-05 23:37    496640    ----a-w-    c:\windows\SysWow64\qedit.dll
2014-03-13 09:27 . 2014-01-31 00:06    1628160    ----a-w-    c:\windows\system32\WindowsCodecs.dll
2014-03-13 09:27 . 2014-01-31 00:48    1339392    ----a-w-    c:\windows\SysWow64\WindowsCodecs.dll
2014-03-11 21:22 . 2014-03-11 21:22    5777288    ----a-w-    c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-03-01 12:49 . 2014-03-01 12:49    --------    d-----w-    c:\users\John\AppData\Local\Skype
2014-03-01 12:49 . 2014-03-01 12:49    --------    d-----w-    c:\program files (x86)\Common Files\Skype
2014-03-01 12:01 . 2014-03-01 12:01    --------    d-----w-    c:\users\John\AppData\Local\Windows Live
2014-02-27 20:35 . 2014-02-28 10:45    --------    d-----w-    c:\users\John\AppData\Roaming\vlc
2014-02-27 20:25 . 2014-02-27 20:25    --------    d-----w-    c:\program files (x86)\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-20 07:39 . 2013-01-12 17:18    90015360    ----a-w-    c:\windows\system32\MRT.exe
2014-03-19 21:27 . 2013-01-15 10:58    273592    ----a-w-    c:\windows\system32\drivers\RapportHades64.sys
2014-03-19 21:27 . 2013-01-15 10:58    316312    ----a-w-    c:\windows\system32\drivers\RapportKE64.sys
2014-03-04 22:52 . 2013-11-14 21:23    78304    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-04 22:52 . 2013-11-14 21:23    694240    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-12 23:30 . 2014-02-12 18:34    2032640    ----a-w-    c:\windows\SysWow64\d3d10warp.dll
2014-01-12 23:30 . 2014-02-12 18:34    2238976    ----a-w-    c:\windows\system32\d3d10warp.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2014-02-25 1821888]
"EPLTarget\P0000000000000001"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2012-11-02 283232]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-10-31 449760]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2012-11-05 1343904]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"F-Secure Hoster (44515)"="c:\program files (x86)\TalkTalk\Security\fshoster32.exe" [2012-11-26 183864]
"F-Secure Manager"="c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" [2012-10-18 310992]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2011-10-31 1058400]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-09-07 581024]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE" [2012-11-02 283232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 WSDScan;WSD Scan Support;c:\windows\System32\drivers\WSDScan.sys;c:\windows\SYSNATIVE\drivers\WSDScan.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 RapportHades64;RapportHades64;c:\windows\System32\Drivers\RapportHades64.sys;c:\windows\SYSNATIVE\Drivers\RapportHades64.sys [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys [x]
S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys [x]
S1 RapportCerberus_59849;RapportCerberus_59849;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\TalkTalk\Security\fshoster32.exe;c:\program files (x86)\TalkTalk\Security\fshoster32.exe [x]
S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe;c:\program files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys;c:\program files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys [x]
S3 fsni;fsni;c:\program files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys;c:\program files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost    REG_MULTI_SZ       apphostsvc
iissvcs    REG_MULTI_SZ       w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2013-09-05 14:04    215416    ----a-w-    c:\program files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-11 09:18]
.
2014-03-24 c:\windows\Tasks\HPCeeScheduleForJohn.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 21:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-08-08 170304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-08-08 398656]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-08-08 440640]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-22 1425408]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2013-09-26 216248]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-10-19 2185032]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-03-12 21720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-Shockwave - c:\windows\System32\Macromed\SHOCKW~1\UNWISE.EXE
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fshoster]
"ImagePath"="\"c:\program files (x86)\TalkTalk\Security\fshoster32.exe\" -hosterid:0"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\G*e*n*i*e*"!\FM Genie Scout 10]
"GameDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\games"
"ShortlistDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\shortlists"
"ScreenshotsDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010"
"SaveDir"="c:\\Users\\John\\Documents\\Sports Interactive\\Football Manager 2010\\"
"HistoryDir"="c:\\Users\\John\\Desktop\\FM Genie Scout 10\\History Points"
"LangDB"="c:\\Program Files (x86)\\Steam\\steamapps\\common\\Football Manager 2010\\data\\updates\\update-1030\\db\\1030\\lang_db.dat"
"LastSaveGame"=""
"Language"="English"
"LoadLangDB"=dword:00000001
"CompressHistoryPoints"=dword:00000000
"HighlightedAttributes"=dword:00000000
"MinCondition"=dword:00000050
"GraphStep"=dword:00000000
"SkinName"="Steklo Black"
"LastUpdateCheck"=dword:0000a237
"HighQualityGUI"=dword:00000001
"AutomaticallyUpdateCheck"=dword:00000001
"AdvancedGeneration"=dword:00000000
"TranslateStaffSkills"=dword:00000001
"TranslatePlayerSkills"=dword:00000001
"TranslatePositions"=dword:00000001
"ShowHistory"=dword:00000001
"Version"=dword:00000074
"UniqueID"="E7-A2B0-ECDF"
"Currency"=dword:00000056
"UseProxy"=dword:00000000
"ProxyHost"=""
"ProxyPort"=""
"UseAuthentication"=dword:00000000
"UserName"=""
"UserPassword"=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]
@Denied: ) (Everyone)
"AgentIdentifier"="95dd369f-d924-40fc-b740-3bb3a9f5dc99"
"AuthorizationCode"=""
"44515_AgentIdentifier"="95dd369f-d924-40fc-b740-3bb3a9f5dc99"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
Completion time: 2014-03-24  21:33:08
ComboFix-quarantined-files.txt  2014-03-24 21:33
.
Pre-Run: 855,217,975,296 bytes free
Post-Run: 855,269,617,664 bytes free
.
- - End Of File - - DC471C5FD656D5B5E3E7A16AFC0B4C10

system log

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16843

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.494000 GHz
Memory total: 6329487360, free: 4468797440

Downloaded database version: v2014.03.25.04
Downloaded database version: v2014.03.18.01
=======================================
Initializing...
------------ Kernel report ------------
     03/25/2014 14:48:16
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\hpdskflt.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\RapportKE64.sys
\SystemRoot\System32\Drivers\RapportHades64.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\system32\Drivers\fsbts.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
\??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\system32\DRIVERS\Accelerometer.sys
\SystemRoot\System32\drivers\WirelessButtonDriver64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
\??\C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\SystemRoot\System32\cdd.dll
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80071fb060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000040\
Lower Device Object: 0xfffffa800655d400
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80071fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80071fbb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80071fb060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8007138950, DeviceName: Unknown, DriverName: \Driver\hpdskflt\
DevicePointer: 0xfffffa800655d400, DeviceName: \Device\00000040\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 2D842E40

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 1953525167

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 2316418003
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid 8974fe1f-f013-4fd4-9231-2e03b224ed9
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 2316418003
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid 8974fe1f-f013-4fd4-9231-2e03b224ed9
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID 14a2ec7a-314a-4bda-86ad-fbec98e9628a
    FirstLBA 2048  Last LBA 821247
    Attributes 1
    Partition Name                 Basic data partition

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID bf254a3e-4074-44ca-878b-891710bcf732
    FirstLBA 821248  Last LBA 1353727
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 1 is bootable
    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID a2ec2995-d31f-4f2d-93f2-d1d7e090a3e7
    FirstLBA 1353728  Last LBA 1615871
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 464fc413-fef9-44b9-8848-6250aed889e7
    FirstLBA 1615872  Last LBA 1911357439
    Attributes 0
    Partition Name                 Basic data partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 99e3b03f-eb2-4e73-ae3c-54ef59c5dcfa
    FirstLBA 1911357440  Last LBA 1953523711
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished

mbar log

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.03.25.04

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16843
John :: LAPTOP [administrator]

25/03/2014 14:48:19
mbar-log-2014-03-25 (14-48-19).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 247412
Time elapsed: 27 minute(s), 17 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)




Thanks


 

Link to post
Share on other sites

Hello,

I will post the log in 2 messages, as it says 'post is too long':


Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by John on 26/03/2014 at  9:25:12.01.
Microsoft Windows 8 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek\zoek.com [scan all users] [script inserted]

==== System Restore Info ======================

26/03/2014 09:27:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{BBDA0591-3099-440a-AA10-41764D9DB4DB} deleted successfully

==== Installed Programs ======================

7 Wonders II  
ABBYY FineReader 9.0 Sprint  
Adobe Audition 1.5  
Adobe Flash Player 12 Plugin  
Adobe Reader XI (11.0.06)  
Adobe Shockwave Player 12.1  
Aloha TriPeaks  
Assassin's Creed Brotherhood  
Assassin's Creed II  
Assassin's Creed Revelations  
Bejeweled 3  
Bonjour  
Build-a-lot 4 - Power Source  
Canon Easy-WebPrint EX  
Canon MP Navigator EX 3.0  
Canon MP250 series MP Drivers  
Canon MP250 series User Registration  
Canon Utilities Easy-PhotoPrint EX  
Canon Utilities My Printer  
Canon Utilities Solution Menu  
CCleaner  
Chuzzle Deluxe  
Computer Security 12.71.102.0 (release)  
Connected Music powered by Universal Music Group version 1.0  
Cradle of Rome 2  
Crazy Chicken Soccer  
CyberLink LabelPrint  
CyberLink Media Suite 10  
CyberLink PhotoDirector  
CyberLink PowerDirector 10  
CyberLink PowerDVD  
CyberLink YouCam  
D3DX10  
Download Navigator  
Energy Star  
Epson Easy Photo Print 2  
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)  
Epson Event Manager  
EPSON Scan  
EPSON XP-202 203 206 Series Printer Uninstall  
EpsonNet Print  
Europa Universalis III  
F-Secure CCF Reputation  
F-Secure CCF Scanning 1.23.124.8831 (release)  
F-Secure Network CCF 1.02.126  
Farm Frenzy  
File Association Helper  
Final Drive Fury  
Football Manager 2010  
Governor of Poker 2 Premium Edition  
Hewlett-Packard ACLM.NET v1.2.1.1  
HitmanPro 3.7  
HP 3D DriveGuard  
HP Connected Music (Meridian - installer)  
HP CoolSense  
HP Customer Experience Enhancements  
HP Documentation  
HP Games  
HP Postscript Converter  
HP Quick Launch  
HP Recovery Manager  
HP Registration Service  
HP Software Framework  
HP Support Assistant  
HP Utility Center  
HP Wireless Button Driver  
IDT Audio  
Intel® Management Engine Components  
Intel® Processor Graphics  
Intel® SDK for OpenCL - CPU Only Runtime Package  
Intel© Trusted Connect Service Client  
Java 7 Update 51  
Java Auto Updater  
Jewel Match 3  
Jewel Quest II  
Jewel Quest Solitaire 2  
Mahjongg Artifacts  
Malwarebytes Anti-Malware version 1.75.0.1300  
Microsoft Application Error Reporting  
Microsoft Office  
Microsoft SQL Server 2005 Compact Edition [ENU]  
Microsoft Visual C++ 2005 Redistributable  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148  
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161  
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219  
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219  
Microsoft Word 2002  
Microsoft Works  
Microsoft Works 2005 Setup Launcher  
Microsoft Works Suite Add-in for Microsoft Word  
More Games from WildTangent Games  
Mozilla Firefox 28.0 (x86 en-US)  
Mozilla Maintenance Service  
MSVCRT  
Mystery of Mortlake Mansion  
Network Guide EPSON XP-202 203 206 Series  
Online Safety 2.71.927.655  
Polar Bowler  
Power2Go  
Ralink RT5390R 802.11bgn Wi-Fi Adapter  
Ranch Rush 2 - Premium Edition  
Rapport  
Realtek Ethernet Controller Driver  
Realtek PCIE Card Reader  
Shockwave  
Shockwave Director 8.0  
Shockwave Flash  
Sid Meier's Civilization 4 - Beyond the Sword  
Sid Meier's Civilization 4  
Sid Meier's Civilization V  
Sid Meier's Civilization V SDK  
SkypeT 6.14  
Sony PC Companion 2.10.197  
Steam  
Super Safe Boost  
swMSM  
Synaptics Pointing Device Driver  
Trinklit Supreme  
Tropico 3 1.02  
Trusteer Endpoint Protection  
Ubisoft Game Launcher  
Update Installer for WildTangent Games App  
User's Guide EPSON XP-202 203 206 Series  
Virtual Families  
VLC media player 2.1.3  
Wedding Dash  
Windows Live Communications Platform  
Windows Live Essentials  
Windows Live Installer  
Windows Live Language Selector  
Windows Live Movie Maker  
Windows Live Photo Common  
Windows Live Photo Gallery  
Windows Live PIMT Platform  
Windows Live SOXE  
Windows Live SOXE Definitions  
Windows Live UX Platform  
Windows Live UX Platform Language Pack  
Windows Live Writer  
Windows Live Writer Resources  
Works Upgrade  
Zuma's Revenge  

==== Running Processes ======================

C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\FSGK32.EXE
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\fssm32.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files (x86)\Microsoft Works\WkDStore.exe
C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSLAUNCH.EXE
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe

==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted
C:\Users\John\ia_remove.sh1104.tmp deleted
C:\Users\John\ia_remove.sh1491.tmp deleted
C:\Users\John\ia_remove.sh4674.tmp deleted
C:\Users\John\ia_remove.sh7167.tmp deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow\AVG Secure Search deleted

==== System Specs ======================

Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 6037 MB
CPU Info: Intel® Core i5-3210M CPU @ 2.50GHz
CPU Speed: 2521.2 MHz
Sound Card: Speakers and Headphones (IDT Hi |
Display Adapters: Intel® HD Graphics 4000 | Intel® HD Graphics 4000 | Intel® HD Graphics 4000
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1366 X 768 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter | Ralink RT5390R 802.11bgn Wi-Fi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVD-RAM UJ8D1
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C:  910.6GB | D:  20.1GB
Hard Disks - Free: C:  803.2GB | D:  2.5GB
Manufacturer *: Insyde
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1
Time Zone: GMT Standard Time
Motherboard *: Hewlett-Packard 183F
Country: United Kingdom
Language: ENG

==== System Specs (Software) ======================

Anti-Virus: Computer Security On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: Computer Security disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Default Browser: Firefox    28.0
Internet Explorer Version: 10.0.9200.16843
Mozilla Firefox version: 28.0 (x86 en-US)
Adobe Reader version: 11.0.06.70
Sun Java version: 1.7.0_51 (32-bit)
Flash Player version: 12.0.0.77
Shockwave Player version: 12.1r150

==== Files Recently Created / Modified ======================

====== C:\Windows ====
2014-03-24 21:07:00    F042EE4C8D66248D9B86DCF52ABAE416    256000    ----a-w-    C:\Windows\PEV.exe
2014-03-24 21:07:00    9E05A9C264C8A908A8E79450FCBFF047    80412    ----a-w-    C:\Windows\grep.exe
2014-03-24 21:07:00    5E832F4FAF5F481F2EAF3B3A48F603B8    68096    ----a-w-    C:\Windows\zip.exe
2014-03-24 21:07:00    0297C72529807322B152F517FDB0A9FC    406528    ----a-w-    C:\Windows\SWSC.exe
2014-03-24 21:07:00    0277C027A26428DB64EF4F64F52BB4FD    208896    ----a-w-    C:\Windows\MBR.exe
====== C:\Users\John\AppData\Local\Temp ====
2014-03-25 12:13:50    53D4253E1E2BA2974C0EE16A659ED296    20270608    ----a-w-    C:\Users\John\AppData\Local\temp\Sony\Sony PC Companion\AutoUpdate\Sony PC Companion_2.10.197_NetStorage.exe
====== Java Cache =====
2014-03-23 07:25:18    04673311002E12BCE8560B2BABB3F230    34    ----a-w-    C:\Users\John\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\splash\splash.xml
====== C:\Windows\SysWOW64 =====
2014-03-13 09:28:59    9F378D86F983E84A0212678C1D18D7FC    14358016    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:28:48    67B5955F5F2F36D58993EB87101B3D2B    13761024    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:28:46    D7B1721B587698D495079B28758F13B3    1140736    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:28:46    9284BA6C27D360D71A5C0ECC8456E78E    1767936    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:28:45    BE2E9A1E68FB4EC3603037DEFEE54ACE    109056    ----a-w-    C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 09:28:45    24E07A483C6FA35F91E9D2F84495819E    2049024    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:28:44    803063FFA8F118D8F4CB9161F02B7B84    493056    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:28:44    3F2FD720B6C4EF55B25B330808121069    2877952    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:28:43    CAF4F8373A49BF979F2F296966E7E2A0    690688    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2014-03-13 09:28:42    0F3B6590824D9C61B107A4134BB13A2F    163840    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:28:41    B22641984AFD3D4B7D7478761C32FBCD    44032    ----a-w-    C:\Windows\SysWOW64\UXInit.dll
2014-03-13 09:28:41    006345E0F3F4C34CFFDA6CE0DB59E2F6    33280    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:28:40    CA0398A7BEB5DB12594EF4ABDB078A5D    39936    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:28:40    ABB14EEA787B326975C53E7ED05B91F6    61440    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:28:40    640DE326C818DEAA57C11F97A4E20BCC    534528    ----a-w-    C:\Windows\SysWOW64\uxtheme.dll
2014-03-13 09:28:38    03430E5004CFEBAE4BC8C47A366F869A    2706432    ----a-w-    C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:27:35    2B529B7B7109BE07A9156B198F812E21    17560576    ----a-w-    C:\Windows\SysWOW64\shell32.dll
2014-03-13 09:27:13    82EABFF4B896E5D3CD5F51E38E23B56B    496640    ----a-w-    C:\Windows\SysWOW64\qedit.dll
2014-03-13 09:27:08    7E25073A2E14B0628F9325859F8D7D48    1339392    ----a-w-    C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-03-22 21:56:56    5614386D4CFDF9E56F355C45BEEBC976    12872    ----a-w-    C:\Windows\Sysnative\bootdelete.exe
2014-03-15 16:59:40    397B448E57B24C5AF9178D07EB0DD662    360968    ----a-w-    C:\Windows\Sysnative\FNTCACHE.DAT
2014-03-13 09:29:56    126D6B3B7E8339A2537C4E1FEFA454A7    4036608    ----a-w-    C:\Windows\Sysnative\win32k.sys
2014-03-13 09:29:12    87478BFD51053034E45AAB2740285AF1    19273216    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-03-13 09:28:53    EC8AE061C8F2134B9BD89634C156F425    15404032    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2014-03-13 09:28:47    8D06EB11925D312D276C672CF5E8EE9C    2648576    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2014-03-13 09:28:46    7D3FD710460FC0155C0F6A877AE46A48    1365504    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2014-03-13 09:28:46    1CF15F7C401B901AC21C0F9D5D302C23    915968    ----a-w-    C:\Windows\Sysnative\uxtheme.dll
2014-03-13 09:28:45    79EDF01FA13D886F8E1B655D542011FB    2241536    ----a-w-    C:\Windows\Sysnative\wininet.dll
2014-03-13 09:28:45    10322D8C1BC36CA7EAA5C754A54045F8    136704    ----a-w-    C:\Windows\Sysnative\iesysprep.dll
2014-03-13 09:28:44    5EA008B3EEEC19ED0AB6A5345C811499    3960320    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2014-03-13 09:28:43    2BFCEB6DC571E3277927D2E7C051C922    603136    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2014-03-13 09:28:42    EB9402ABE2A48993A829964FA55625CC    51712    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2014-03-13 09:28:42    97FE0CAE98FCCAF5BB97681F38A01CEC    197120    ----a-w-    C:\Windows\Sysnative\msrating.dll
2014-03-13 09:28:42    3D08744AD10BF721361214D88462F094    855552    ----a-w-    C:\Windows\Sysnative\jscript.dll
2014-03-13 09:28:41    BE16B6EA1F7549DFB458CC200F4978FD    53760    ----a-w-    C:\Windows\Sysnative\UXInit.dll
2014-03-13 09:28:41    A2D58DB0C1C9C0BBCF10F59855D460BD    39936    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2014-03-13 09:28:40    D12B64D097BF978D52720593D492674D    67072    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2014-03-13 09:28:40    C8F4FB5B401942E6E25D3D2360B47C86    53760    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2014-03-13 09:28:36    E230D5CD7249CF451A9B345A1353C59A    2706432    ----a-w-    C:\Windows\Sysnative\mshtml.tlb
2014-03-13 09:27:55    2AFD6F0E07EDE3E7B31C3EE2DA6C403C    19751936    ----a-w-    C:\Windows\Sysnative\shell32.dll
2014-03-13 09:27:13    220FC13B64A483A8B0ED2E3758CFAA56    595968    ----a-w-    C:\Windows\Sysnative\qedit.dll
2014-03-13 09:27:10    D27626A720F5A62CC163B82596E96DE9    1628160    ----a-w-    C:\Windows\Sysnative\WindowsCodecs.dll
====== C:\Windows\Sysnative\drivers =====
2014-03-25 14:44:51    CD51E1D0D638F1E07A6EDC98CD7F5DDA    91352    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-03-13 09:30:04    CEBD9CDAADA11FAECCA82E4C06BCDD8E    248240    ----a-w-    C:\Windows\Sysnative\drivers\WdFilter.sys
2014-03-13 09:30:04    07D19A55CD27B330534D2DDEA60D5FC6    35856    ----a-w-    C:\Windows\Sysnative\drivers\WdBoot.sys
====== C:\Windows\Tasks ======
2014-03-26 09:23:56    94B0A177AAEBB11444F7CA096927FB92    3130    ----a-w-    C:\Windows\Sysnative\Tasks\{5638B9E7-A3B6-4481-BE5C-6DFCEB5ED30E}
====== C:\Windows\Temp ======
======= C:\Program Files =====
2014-03-22 14:45:23    --------    d-----w-    C:\Program Files\Enigma Software Group
======= C:\PROGRA~2 =====
2014-03-24 09:13:17    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
2014-03-22 14:44:30    --------    d-----w-    C:\PROGRA~2\COMMON~1\Wise Installation Wizard
2014-03-01 12:49:25    --------    d-----w-    C:\PROGRA~2\COMMON~1\Skype
2014-02-27 20:25:17    --------    d-----w-    C:\PROGRA~2\VideoLAN
======= C: =====
2014-03-22 14:45:55    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\autoexec.bat
====== C:\Users\John\AppData\Roaming ======
2014-03-24 21:33:10    --------    d-----w-    C:\Users\Public\AppData\Local\temp
2014-03-24 21:33:10    --------    d-----w-    C:\Users\John\AppData\Local\temp
2014-03-24 21:33:10    --------    d-----w-    C:\Users\Default\AppData\Local\temp
2014-03-24 21:33:10    --------    d-----w-    C:\Users\Default User\AppData\Local\temp
2014-03-24 20:32:55    45A5F456D034239FA3FEE9808FBB1B9D    30    ----a-w-    C:\Users\John\AppData\Roaming\mbam.context.scan
2014-03-24 09:13:25    --------    d-----w-    C:\Users\John\AppData\Roaming\Mozilla
2014-03-24 09:13:25    --------    d-----w-    C:\Users\John\AppData\Local\Mozilla
2014-03-01 12:49:39    --------    d-----w-    C:\Users\John\AppData\Local\Skype
2014-03-01 12:01:36    --------    d-----w-    C:\Users\John\AppData\Local\Windows Live
2014-02-27 20:35:50    --------    d-----w-    C:\Users\John\AppData\Roaming\vlc
====== C:\Users\John ======
2014-03-25 14:44:19    99D69C3E87FE1556B76886F778480E2D    12589848    ----a-w-    C:\Users\John\Downloads\mbar-1.07.0.1009(1).exe
2014-03-25 09:52:07    DF06DC5837316EA78746E3F790A950ED    1950720    ----a-w-    C:\Users\John\Downloads\AdwCleaner.exe
2014-03-25 07:43:22    6655936E40C43120145A11547734F01F    2157056    ----a-w-    C:\Users\John\Downloads\FRST64.exe
2014-03-24 21:33:10    --------    d-----w-    C:\Users\Public\AppData
2014-03-24 20:56:17    99D69C3E87FE1556B76886F778480E2D    12589848    ----a-w-    C:\Users\John\Downloads\mbar-1.07.0.1009.exe
2014-03-24 09:32:06    B55D431B5EEC32FF6E7B7111DABD5711    4134240    ----a-w-    C:\Users\John\Downloads\tdsskillertest.exe
2014-03-24 09:13:17    --------    d-----w-    C:\ProgramData\Mozilla
2014-03-24 08:57:08    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\winhttp
2014-03-24 08:34:06    519A940A2CDAADE35F1EC164CB81DD82    1038974    ----a-w-    C:\Users\John\Downloads\JRT.exe
2014-03-24 07:51:59    C8F069A68D57DA55102D58CFE24C0D72    4765152    ----a-w-    C:\Users\John\Downloads\ccsetup411.exe
2014-03-22 21:45:09    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2014-03-22 21:43:42    6F4788FFB65599DB10D7B527A9619B3A    10820032    ----a-w-    C:\Users\John\Downloads\HitmanPro_x64.exe
2014-03-22 21:42:28    283CCAEB29C5B49D28EE3B0A2256223A    9988304    ----a-w-    C:\Users\John\Downloads\HitmanPro.exe
2014-03-22 17:15:01    --------    d-----w-    C:\ProgramData\GridinSoft
2014-03-01 12:49:26    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-02-27 20:25:51    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

====== C: exe-files ==
2014-03-25 12:14:27    6E0105823B4FE91632C9DA8314418417    655536    ----a-w-    C:\Program Files (x86)\InstallShield Installation Information\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}\setup.exe
2014-03-24 09:13:17    AEE4E9CC59CDEB55B1ECB0E596E796BE    119408    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
2014-03-24 09:13:17    13EFFCD1B16F980CE675DAB4350BEF11    106212    ----a-w-    C:\Program Files (x86)\Mozilla Maintenance Service\Uninstall.exe
2014-03-22 21:45:09    6F4788FFB65599DB10D7B527A9619B3A    10820032    ----a-w-    C:\Program Files\HitmanPro\HitmanPro.exe
=== C: other files ==
2014-03-25 14:44:51    CD51E1D0D638F1E07A6EDC98CD7F5DDA    91352    ----a-w-    C:\Windows\System32\Drivers\mbamchameleon.sys
2014-03-22 14:45:55    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\autoexec.bat
2014-03-19 21:27:58    A69947307E331E8E37F34AC40E0146F7    108    ----a-w-    C:\Program Files (x86)\Trusteer\Rapport\global.zip
2014-03-19 21:27:40    EBA3D20E285D7461C2177AD2E64DA7EF    282712    ----a-w-    C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
2014-03-19 21:27:40    E36D2CEC679CEDC1A298C36BCDAF8E23    397848    ----a-w-    C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
2014-03-19 21:27:40    7252FEA79A5EE99C6F7A432090978852    316312    ----a-w-    C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportKE64.sys
2014-03-19 21:27:40    6F8512C8B25445860A07B5103394FB3D    273592    ----a-w-    C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportHades64.sys

==== Startup Registry Enabled ======================

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series"

[HKEY_USERS\S-1-5-21-1935344830-3333155245-2583117102-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000000 /M XP-202 203 206 Series"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP CoolSense"="C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"F-Secure Hoster (44515)"="C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe -app -hosterid:1"
"F-Secure Manager"="C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE /splash"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Quick Launch"="C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT EPLTarget\P0000000000000001 /M XP-202 203 206 Series"
"Sony PC Companion"="C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe /Background"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"FAHConsole"="C:\Program Files\File Association Helper\FAHConsole.exe"
"CanonMyPrinter"="C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon"
"CanonSolutionMenu"="C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2013-01-16 19:03:04    1999    ----a-w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- [undetermined Task]
C:\Windows\tasks\HPCeeScheduleForJohn.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [13/09/2010 21:15]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\Windows\SysNative\tasks\HPCeeScheduleForJohn" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\MirageAgent" [C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe]
"C:\Windows\SysNative\tasks\Norton WSC Integration" ["C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe"]
"C:\Windows\SysNative\tasks\Synaptics TouchPad Enhancements" [\Program Files\Synaptics\SynTP\SynTPEnh.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Analyzer" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]
"C:\Windows\SysNative\tasks\Norton Internet Security\Norton Error Processor" [C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045
95812430959AE88CDD0301AB3A71913B    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll -    Shockwave Flash
0E8B2D0D9E3415A91EF259CE1112C579    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1210150.dll -    Shockwave for Director / Shockwave for Director
F3B0E300AFC94E1A775A2D935A7D384F    - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll -    Shockwave for Director / Shockwave for Director


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.uk.msn.com/HPNOT13/2"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.uk.msn.com/HPNOT13/2"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{D944BB61-2E34-4DBF-A683-47E505C587DC} eBay  Url="http://rover.ebay.com/rover/1/710-29550-11896-25/4"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk deleted successfully

==== HijackThis Entries ======================

O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [F-Secure Hoster (44515)] "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKCU\..\Run: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series"
O4 - HKCU\..\Run: [sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-202 203 206 Series" (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ABBYY FineReader 9.0 Sprint Licensing Service (ABBYY.Licensing.FineReader.Sprint.9.0) - ABBYY - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: F-Secure Dll Hoster (fshoster) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
O23 - Service: F-Secure ORSP Client (FSORSPClient) - F-Secure Corporation - C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: @oem87.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

Link to post
Share on other sites

==== Sysinternals Autoruns Log ======================

C:\Users\John\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
   Protection Status
     C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget
     See your computer's protection status. This requires supported security software.
     F-secure Corporation
     C:\Program Files\windows sidebar\gadgets\F-Secure.Gadget\Gadget.xml
     18/10/2012 16:43

HKLM\System\CurrentControlSet\Services
   ABBYY.Licensing.FineReader.Sprint.9.0
     "C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe" -service
     This service is required for the operation of the ABBYY FineReader 9.0 Express Edition licensing mechanism.
     ABBYY
     1.0.0.375
     c:\program files (x86)\common files\abbyy\finereadersprint\9.00\licensing\networklicenseserver.exe
     14/05/2009 14:07
   AdobeARMservice
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
     Adobe Acrobat Updater keeps your Adobe software up to date.
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
     21/11/2013 16:55
   AdobeFlashPlayerUpdateSvc
     C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
     This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes.
     Adobe Systems Incorporated
     12.0.0.77
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     03/03/2014 21:44
   Bonjour Service
     "C:\Program Files\Bonjour\mDNSResponder.exe"
     Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence.
     Apple Inc.
     3.0.0.10
     c:\program files\bonjour\mdnsresponder.exe
     31/08/2011 05:52
   cphs
     %SystemRoot%\SysWow64\IntelCpHeciSvc.exe
     Intel® Content Protection HECI Service - enables communication with the Content Protection FW
     Intel Corporation
     1.0.1.14
     c:\windows\syswow64\intelcphecisvc.exe
     22/12/2011 06:45
   EpsonBidirectionalService
     C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
     eEBAPI Core Process module
     SEIKO EPSON CORPORATION
     2.3.4.0
     c:\program files (x86)\common files\epson\ebapi\eebsvc.exe
     19/12/2006 12:53
   EpsonScanSvc
     C:\Windows\system32\EscSvc64.exe
     Epson Scanner Service (64bit)
     Seiko Epson Corporation
     1.0.2.1
     c:\windows\system32\escsvc64.exe
     12/12/2011 02:27
   fshoster
     "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -hosterid:0
     F-Secure Dll Hoster Service
     F-Secure Corporation
     1.4.35127.0
     c:\program files (x86)\talktalk\security\fshoster32.exe
     01/10/2012 10:23
   FSMA
     "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE"
     F-Secure Management Agent
     F-Secure Corporation
     8.30.43098.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsma32.exe
     28/09/2012 12:09
   FSORSPClient
     "C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe"
     F-Secure ORSP Service
     F-Secure Corporation
     1.1.25.2280
     c:\program files (x86)\talktalk\security\apps\ccf_reputation\fsorsp.exe
     05/06/2013 18:49
   GamesAppService
     "C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe"
     WT Games App Services
     WildTangent, Inc.
     4.0.4918.0
     c:\program files (x86)\wildtangent games\app\gamesappservice.exe
     04/10/2010 22:15
   HP Support Assistant Service
     "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
     HP Support Assistant Service
     Hewlett-Packard Company
     7.0.39.14
     c:\program files (x86)\hewlett-packard\hp support framework\hpsa_service.exe
     27/09/2012 11:55
   hpqwmiex
     "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
     HP Software Framework WMI Service
     Hewlett-Packard Company
     4.6.10.1
     c:\program files (x86)\hewlett-packard\shared\hpqwmiex.exe
     06/09/2012 15:18
   hpsrv
     %SystemRoot%\system32\Hpservice.exe
     HpService
     Hewlett-Packard Company
     4.2.9.1
     c:\windows\system32\hpservice.exe
     24/09/2012 15:32
   HPWMISVC
     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
     HP Quick Launch WMI Service
     Hewlett-Packard Development Company, L.P.
     3.0.1.0
     c:\program files (x86)\hewlett-packard\hp quick launch\hpwmisvc.exe
     07/09/2012 06:51
   IconMan_R
     "C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
     Realtek Card Reader Patch Tool.
     Realsil Microelectronics Inc.
     1.5.0.0
     c:\program files (x86)\realtek\realtek pcie card reader\riconman.exe
     13/07/2012 09:02
   Intel® Capability Licensing Service Interface
     "C:\Program Files\Intel\iCLS Client\HeciServer.exe"
     Version: 1.24.388.1
     Intel® Corporation
     1.24.388.1
     c:\program files\intel\icls client\heciserver.exe
     20/04/2012 12:16
   Intel® ME Service
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
     Intel© Manageability Engine Service (Intel© ME Service)
     Intel Corporation
     8.1.0.1256
     c:\program files (x86)\intel\intel® management engine components\fwservice\intelmefwservice.exe
     27/06/2012 19:39
   jhi_service
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
     Intel® Dynamic Application Loader Host Interface Service - Allows applications to access the local Intel ® DAL
     Intel Corporation
     8.1.0.1252
     c:\program files (x86)\intel\intel® management engine components\dal\jhi_service.exe
     25/06/2012 17:43
   LMS
     C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
     Allows applications to access the local Intel® Management and Security Application using its locally-available selected network interfaces.
     Intel Corporation
     8.1.0.1252
     c:\program files (x86)\intel\intel® management engine components\lms\lms.exe
     25/06/2012 17:36
   MBAMScheduler
     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe"
     Malwarebytes Anti-Malware scheduler
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe
     28/02/2013 20:38
   MBAMService
     "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
     Malwarebytes Anti-Malware service
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe
     28/02/2013 20:38
   MozillaMaintenance
     "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
     The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled.
     Mozilla Foundation
     28.0.0.5186
     c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe
     15/03/2014 06:21
   PnkBstrA
     C:\Windows\system32\PnkBstrA.exe
     PunkBuster Service Component [v1034] http://www.evenbalance.com
     c:\windows\syswow64\pnkbstra.exe
     17/11/2010 05:25
   RapportMgmtService
     "C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe"
     Trusteer Endpoint Protection Central Management and Monitoring Service
     Trusteer Ltd.
     3.5.1304.61
     c:\program files (x86)\trusteer\rapport\bin\rapportmgmtservice.exe
     19/03/2014 19:03
   SkypeUpdate
     "C:\Program Files (x86)\Skype\Updater\Updater.exe"
     Enables the detection, download and installation of updates for Skype.
     Skype Technologies
     6.8.1.61523
     c:\program files (x86)\skype\updater\updater.exe
     23/10/2013 08:12
   Sony PC Companion
     "C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe"
     Provides support for Sony PC Companion Core and Services.
     Avanquest Software
     1.0.0.0
     c:\program files (x86)\sony\sony pc companion\pccservice.exe
     11/01/2012 16:34
   STacSV
     C:\Program Files\IDT\WDM\STacSV64.exe
     Manages audio jack configurations.
     IDT, Inc.
     1.0.6417.0
     c:\program files\idt\wdm\stacsv64.exe
     21/07/2012 13:48
   Steam Client Service
     "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
     Steam Client Service monitors and updates Steam content
     Valve Corporation
     2.13.4.49
     c:\program files (x86)\common files\steam\steamservice.exe
     25/02/2014 21:44
   UNS
     "C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
     Intel® Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel® Management and Security Application Device.
     Intel Corporation
     8.1.0.1252
     c:\program files (x86)\intel\intel® management engine components\uns\uns.exe
     25/06/2012 17:38

HKLM\System\CurrentControlSet\Services
   3ware
     System32\drivers\3ware.sys
     LSI 3ware SCSI Storport Driver
     LSI
     5.1.0.47
     c:\windows\system32\drivers\3ware.sys
     08/03/2012 20:33
   Accelerometer
     \SystemRoot\system32\DRIVERS\Accelerometer.sys
     HP Accelerometer
     Hewlett-Packard Company
     4.2.9.1
     c:\windows\system32\drivers\accelerometer.sys
     24/09/2012 15:31
   adp94xx
     System32\drivers\adp94xx.sys
     Adaptec Windows SAS/SATA Storport Driver
     Adaptec, Inc.
     1.6.6.4
     c:\windows\system32\drivers\adp94xx.sys
     05/12/2008 23:54
   adpahci
     System32\drivers\adpahci.sys
     Adaptec Windows SATA Storport Driver
     Adaptec, Inc.
     1.6.6.1
     c:\windows\system32\drivers\adpahci.sys
     01/05/2007 17:30
   adpu320
     System32\drivers\adpu320.sys
     Adaptec StorPort Ultra320 SCSI Driver (X64)
     Adaptec, Inc.
     7.2.0.0
     c:\windows\system32\drivers\adpu320.sys
     28/02/2007 00:04
   amdkmdag
     \SystemRoot\system32\DRIVERS\atikmdag.sys
     ATI Radeon Kernel Mode Driver
     Advanced Micro Devices, Inc.
     8.1.1.1248
     c:\windows\system32\drivers\atikmdag.sys
     18/06/2012 21:21
   amdkmdap
     \SystemRoot\system32\DRIVERS\atikmpag.sys
     AMD multi-vendor Miniport Driver
     Advanced Micro Devices, Inc.
     8.14.1.6264
     c:\windows\system32\drivers\atikmpag.sys
     18/06/2012 20:41
   amdsata
     System32\drivers\amdsata.sys
     AHCI 1.2 Device Driver
     Advanced Micro Devices
     1.1.4.6
     c:\windows\system32\drivers\amdsata.sys
     11/06/2012 22:19
   amdsbs
     System32\drivers\amdsbs.sys
     AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform
     AMD Technologies Inc.
     3.7.1540.30
     c:\windows\system32\drivers\amdsbs.sys
     21/02/2012 18:15
   amdxata
     System32\drivers\amdxata.sys
     Storage Filter Driver
     Advanced Micro Devices
     1.1.4.6
     c:\windows\system32\drivers\amdxata.sys
     11/06/2012 22:36
   arc
     System32\drivers\arc.sys
     Adaptec RAID Storport Driver
     PMC-Sierra, Inc.
     5.2.0.18702
     c:\windows\system32\drivers\arc.sys
     19/03/2012 17:49
   arcsas
     System32\drivers\arcsas.sys
     Adaptec SAS RAID WS03 Driver
     PMC-Sierra, Inc.
     5.2.0.18702
     c:\windows\system32\drivers\arcsas.sys
     19/03/2012 17:51
   b06bdrv
     System32\drivers\bxvbda.sys
     Broadcom NetXtreme II GigE VBD
     Broadcom Corporation
     7.0.1.36
     c:\windows\system32\drivers\bxvbda.sys
     23/07/2012 23:30
   catchme
     \??\C:\ComboFix\catchme.sys
     File not found: C:\ComboFix\catchme.sys
     
   dg_ssudbus
     \SystemRoot\system32\DRIVERS\ssudbus.sys
     SAMSUNG USB Composite Device Driver (MSS Ver.3)
     DEVGURU Co., LTD.(www.devguru.co.kr)
     2.9.510.0
     c:\windows\system32\drivers\ssudbus.sys
     23/05/2013 06:33
   ebdrv
     System32\drivers\evbda.sys
     Broadcom NetXtreme II 10 GigE VBD
     Broadcom Corporation
     7.0.35.95
     c:\windows\system32\drivers\evbda.sys
     24/07/2012 12:22
   esgiguard
     \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
     File not found: C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
     
   F-Secure Gatekeeper
     \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
     F-Secure Gatekeeper
     F-Secure Corporation
     10.80.29.22
     c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsgk.sys
     27/01/2014 13:38
   F-Secure HIPS
     \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys
     F-Secure HIPS Driver
     F-Secure Corporation
     5.0.436.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\hips\drivers\fshs.sys
     15/01/2014 11:05
   fsbts
     system32\Drivers\fsbts.sys
     fsbts
     F-Secure Corporation
     2.0.18200.23
     c:\windows\system32\drivers\fsbts.sys
     14/05/2012 11:03
   fsni
     \??\C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys
     F-Secure Network Interceptor Driver, 64bit
     F-Secure Corporation
     1.23.124.0
     c:\program files (x86)\talktalk\security\apps\ccf_scanning\fsni64.sys
     25/04/2013 02:11
   fsvista
     \??\C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
     F-Secure Vista Support Driver
     F-Secure Corporation
     7.70.14120.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\anti-virus\minifilter\fsvista.sys
     18/03/2008 06:37
   hpdskflt
     system32\DRIVERS\hpdskflt.sys
     HP Disk Filter - SATA/RAID
     Hewlett-Packard Company
     4.2.9.1
     c:\windows\system32\drivers\hpdskflt.sys
     24/09/2012 15:31
   HpSAMD
     System32\drivers\HpSAMD.sys
     Smart Array SAS/SATA Controller Media Driver
     Hewlett-Packard Company
     7.0.12.0
     c:\windows\system32\drivers\hpsamd.sys
     30/05/2012 22:24
   iaStorA
     System32\drivers\iaStorA.sys
     Intel Rapid Storage Technology driver - x64
     Intel Corporation
     11.5.2.1001
     c:\windows\system32\drivers\iastora.sys
     31/07/2012 18:21
   iaStorV
     System32\drivers\iaStorV.sys
     Intel Matrix Storage Manager driver - x64
     Intel Corporation
     8.6.2.1019
     c:\windows\system32\drivers\iastorv.sys
     11/04/2011 18:48
   igfx
     \SystemRoot\system32\DRIVERS\igdkmd64.sys
     Intel Graphics Kernel Mode Driver
     Intel Corporation
     9.17.10.2828
     c:\windows\system32\drivers\igdkmd64.sys
     31/07/2012 22:05
   iirsp
     System32\drivers\iirsp.sys
     Intel/ICP Raid Storport Driver
     Intel Corp./ICP vortex GmbH
     5.4.22.0
     c:\windows\system32\drivers\iirsp.sys
     13/12/2005 21:47
   IntcDAud
     \SystemRoot\system32\DRIVERS\IntcDAud.sys
     Intel® Display Audio Driver
     Intel® Corporation
     6.14.0.3097
     c:\windows\system32\drivers\intcdaud.sys
     19/06/2012 14:40
   LSI_SAS
     System32\drivers\lsi_sas.sys
     LSI Fusion-MPT SAS Driver (StorPort)
     LSI Corporation
     1.34.2.6
     c:\windows\system32\drivers\lsi_sas.sys
     11/05/2012 19:40
   LSI_SAS2
     System32\drivers\lsi_sas2.sys
     LSI SAS Gen2 Driver (StorPort)
     LSI Corporation
     2.0.55.84
     c:\windows\system32\drivers\lsi_sas2.sys
     12/03/2012 20:28
   LSI_SCSI
     System32\drivers\lsi_scsi.sys
     LSI Fusion-MPT SCSI Driver (StorPort)
     LSI Corporation
     1.34.2.5
     c:\windows\system32\drivers\lsi_scsi.sys
     21/02/2012 23:59
   LSI_SSS
     System32\drivers\lsi_sss.sys
     LSI SSS PCIe/Flash Driver (StorPort)
     LSI Corporation
     2.10.55.81
     c:\windows\system32\drivers\lsi_sss.sys
     22/02/2012 00:00
   MBAMProtector
     \??\C:\Windows\system32\drivers\mbam.sys
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.60.2.0
     c:\windows\system32\drivers\mbam.sys
     28/02/2013 20:33
   megasas
     System32\drivers\megasas.sys
     MEGASAS RAID Controller Driver for Windows
     LSI Corporation
     6.2.8313.0
     c:\windows\system32\drivers\megasas.sys
     03/04/2012 19:45
   MegaSR
     System32\drivers\MegaSR.sys
     LSI MegaRAID Software RAID Driver
     LSI Corporation, Inc.
     14.6.1007.2012
     c:\windows\system32\drivers\megasr.sys
     24/02/2012 18:22
   MEIx64
     \SystemRoot\System32\drivers\HECIx64.sys
     Intel® Management Engine Interface
     Intel Corporation
     8.1.0.1263
     c:\windows\system32\drivers\hecix64.sys
     02/07/2012 22:14
   mvumis
     System32\drivers\mvumis.sys
     Marvell Flash Controller Driver
     Marvell Semiconductor, Inc.
     1.0.5.7
     c:\windows\system32\drivers\mvumis.sys
     20/03/2012 07:43
   netr28x
     \SystemRoot\system32\DRIVERS\netr28x.sys
     Ralink 802.11 Wireless Adapter Driver
     Ralink Technology, Corp.
     5.0.25.0
     c:\windows\system32\drivers\netr28x.sys
     13/04/2013 02:22
   nfrd960
     System32\drivers\nfrd960.sys
     IBM ServeRAID Controller Driver
     IBM Corporation
     7.10.0.0
     c:\windows\system32\drivers\nfrd960.sys
     06/06/2006 21:11
   nvraid
     System32\drivers\nvraid.sys
     NVIDIA© nForce RAID Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvraid.sys
     13/09/2011 00:01
   nvstor
     System32\drivers\nvstor.sys
     NVIDIA© nForce Sata Performance Driver
     NVIDIA Corporation
     10.6.0.22
     c:\windows\system32\drivers\nvstor.sys
     12/09/2011 23:53
   pfc
     system32\drivers\pfc.sys
     File not found: system32\drivers\pfc.sys
     
   RapportCerberus_59849
     \??\C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
     c:\programdata\trusteer\rapport\store\exts\rapportcerberus\baseline\rapportcerberus64_59849.sys
     21/09/2013 21:47
   RapportEI64
     \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
     RapportEI64
     Trusteer Ltd.
     13.5.1304.61
     c:\program files (x86)\trusteer\rapport\bin\x64\rapportei64.sys
     19/03/2014 19:24
   RapportHades64
     System32\Drivers\RapportHades64.sys
     RapportHades64
     Trusteer Ltd.
     13.5.1304.61
     c:\windows\system32\drivers\rapporthades64.sys
     19/03/2014 19:24
   RapportKE64
     System32\Drivers\RapportKE64.sys
     RapportKE
     Trusteer Ltd.
     13.5.1304.61
     c:\windows\system32\drivers\rapportke64.sys
     19/03/2014 19:24
   RapportPG64
     \??\C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
     RapportPG64
     Trusteer Ltd.
     13.5.1304.61
     c:\program files (x86)\trusteer\rapport\bin\x64\rapportpg64.sys
     19/03/2014 19:25
   RSP2STOR
     \SystemRoot\system32\DRIVERS\RtsP2Stor.sys
     Realtek Pcie CardReader Driver for 2K/XP/Vista/Win7/Win8
     Realtek Semiconductor Corp.
     6.2.8400.29029
     c:\windows\system32\drivers\rtsp2stor.sys
     03/07/2012 06:00
   RTL8168
     \SystemRoot\system32\DRIVERS\Rt630x64.sys
     Realtek 8101E/8168/8169 NDIS 6.30 64-bit Driver                
     Realtek                                            
     8.3.730.2012
     c:\windows\system32\drivers\rt630x64.sys
     30/07/2012 16:03
   secdrv
     secdrv
     Macrovision SECURITY Driver
     Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
     4.3.86.0
     c:\windows\system32\drivers\secdrv.sys
     13/09/2006 13:18
   SiSRaid2
     System32\drivers\SiSRaid2.sys
     SiS RAID Stor Miniport Driver
     Silicon Integrated Systems Corp.
     5.1.1039.2600
     c:\windows\system32\drivers\sisraid2.sys
     24/09/2008 18:28
   SiSRaid4
     System32\drivers\sisraid4.sys
     SiS AHCI Stor-Miniport Driver
     Silicon Integrated Systems
     5.1.1039.3600
     c:\windows\system32\drivers\sisraid4.sys
     01/10/2008 21:56
   SmbDrv
     \SystemRoot\System32\drivers\Smb_driver_AMDASF.sys
     Synaptics SMBus Driver
     Synaptics Incorporated
     16.2.10.12
     c:\windows\system32\drivers\smb_driver_amdasf.sys
     24/08/2012 23:21
   SmbDrvI
     \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
     Synaptics SMBus Driver
     Synaptics Incorporated
     16.2.10.12
     c:\windows\system32\drivers\smb_driver_intel.sys
     24/08/2012 23:22
   ssudmdm
     \SystemRoot\system32\DRIVERS\ssudmdm.sys
     @oem20.inf,%ssud.Service.Desc%;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.)
     DEVGURU Co., LTD.(www.devguru.co.kr)
     2.9.510.0
     c:\windows\system32\drivers\ssudmdm.sys
     23/05/2013 06:33
   stexstor
     System32\drivers\stexstor.sys
     Promise SuperTrak EX Series Driver for Windows x64
     Promise Technology, Inc.
     5.1.0.9
     c:\windows\system32\drivers\stexstor.sys
     19/11/2011 00:27
   STHDA
     \SystemRoot\system32\DRIVERS\stwrt64.sys
     IDT PC Audio
     IDT, Inc.
     6.10.6417.0
     c:\windows\system32\drivers\stwrt64.sys
     21/07/2012 13:36
   SynTP
     \SystemRoot\system32\DRIVERS\SynTP.sys
     Synaptics Touchpad Driver
     Synaptics Incorporated
     16.2.10.12
     c:\windows\system32\drivers\syntp.sys
     24/08/2012 23:20
   viaide
     System32\drivers\viaide.sys
     VIA Generic PCI IDE Bus Driver
     VIA Technologies, Inc.
     6.0.6000.170
     c:\windows\system32\drivers\viaide.sys
     26/07/2012 02:29
   vsmraid
     System32\drivers\vsmraid.sys
     VIA RAID DRIVER FOR AMD-X86-64
     VIA Technologies Inc.,Ltd
     7.0.8140.6290
     c:\windows\system32\drivers\vsmraid.sys
     31/01/2012 19:55
   VSTXRAID
     System32\drivers\vstxraid.sys
     VIA StorX RAID Controller Driver
     VIA Corporation
     8.0.8220.8080
     c:\windows\system32\drivers\vstxraid.sys
     26/03/2012 17:42
   WirelessButtonDriver
     \SystemRoot\System32\drivers\WirelessButtonDriver64.sys
     HP Wireless Button Driver
     Hewlett-Packard Development Company, L.P.
     1.0.6.1
     c:\windows\system32\drivers\wirelessbuttondriver64.sys
     30/08/2012 03:11

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
   igfxcui
     igfxdev.dll
     igfxdev Module
     Intel Corporation
     8.15.10.2828
     c:\windows\system32\igfxdev.dll
     31/07/2012 21:14

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors
   Canon BJ Language Monitor MP250 series
     CNMLM9W.DLL
     IJ Language Monitor
     CANON INC.
     0.3.0.1
     c:\windows\system32\cnmlm9w.dll
     04/02/2010 04:23
   EPSON XP-202 203 206 Series 64MonitorBE
     E_ILMIME.DLL
     EPSON Bi-directional Monitor AMD64
     SEIKO EPSON CORPORATION
     3.3.0.0
     c:\windows\system32\e_ilmime.dll
     19/04/2011 04:13
   EpsonNet Print Port
     enppmon.dll
     EpsonNet Print Component
     SEIKO EPSON CORPORATION
     2.6.0.6
     c:\windows\system32\enppmon.dll
     12/11/2012 06:15
   HP Universal Port Monitor
     hpbprtmon.dll
     Port Monitor Server DLL
     Hewlett-Packard
     0.3.1282.3554
     c:\windows\system32\hpbprtmon.dll
     24/07/2012 18:54

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries
   mdnsNSP
     C:\Program Files (x86)\Bonjour\mdnsNSP.dll
     Bonjour Namespace Provider
     Apple Inc.
     3.0.0.10
     c:\program files (x86)\bonjour\mdnsnsp.dll
     31/08/2011 05:44

HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64
   mdnsNSP
     C:\Program Files\Bonjour\mdnsNSP.dll
     Bonjour Namespace Provider
     Apple Inc.
     3.0.0.10
     c:\program files\bonjour\mdnsnsp.dll
     31/08/2011 05:53

HKLM\System\CurrentControlSet\Control\Session Manager\KnownDlls
   _Wow64cpu
     Wow64cpu.dll
     File not found: C:\Windows\syswow64\Wow64cpu.dll
     
   _Wow64win
     Wow64win.dll
     File not found: C:\Windows\syswow64\Wow64win.dll
     
   _Wow64
     Wow64.dll
     File not found: C:\Windows\syswow64\Wow64.dll
     

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
   IgfxTray
     C:\Windows\system32\igfxtray.exe
     igfxTray Module
     Intel Corporation
     8.15.10.2828
     c:\windows\system32\igfxtray.exe
     31/07/2012 21:15
   HotKeysCmds
     C:\Windows\system32\hkcmd.exe
     hkcmd Module
     Intel Corporation
     8.15.10.2828
     c:\windows\system32\hkcmd.exe
     31/07/2012 21:14
   Persistence
     C:\Windows\system32\igfxpers.exe
     persistence Module
     Intel Corporation
     8.15.10.2828
     c:\windows\system32\igfxpers.exe
     31/07/2012 21:14
   SysTrayApp
     C:\Program Files\IDT\WDM\sttray64.exe
     IDT PC Audio
     IDT, Inc.
     1.0.6417.0
     c:\program files\idt\wdm\sttray64.exe
     21/07/2012 13:49
   SynTPEnh
     %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
     Synaptics TouchPad Enhancements
     Synaptics Incorporated
     16.2.10.12
     c:\program files\synaptics\syntp\syntpenh.exe
     25/08/2012 00:02
   FAHConsole
     C:\Program Files\File Association Helper\FAHConsole.exe
     File Association Helper
     WinZip Computing International, LLC
     1.1.6.53763
     c:\program files\file association helper\fahconsole.exe
     26/09/2013 07:40
   CanonMyPrinter
     C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
     Canon My Printer
     CANON INC.
     2.1.2.0
     c:\program files\canon\myprinter\bjmyprt.exe
     19/10/2009 05:59
   CanonSolutionMenu
     C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
     CNSLMAIN
     CANON INC.
     1.4.3.0
     c:\program files (x86)\canon\solutionmenu\cnslmain.exe
     03/09/2009 12:37

HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run
   RemoteControl10
     "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
     PowerDVD RC Service
     CyberLink Corp.
     7.0.2314.0
     c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe
     28/03/2012 10:22
   HP CoolSense
     C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
     HP CoolSense
     Hewlett-Packard Development Company, L.P.
     2.1.0.51
     c:\program files (x86)\hewlett-packard\hp coolsense\coolsense.exe
     05/11/2012 08:13
   Adobe ARM
     "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
     Adobe Reader and Acrobat Manager
     Adobe Systems Incorporated
     1.701.3.3014
     c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe
     21/11/2013 16:56
   F-Secure Hoster (44515)
     "C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe" -app -hosterid:1
     F-Secure Host Process
     F-Secure Corporation
     1.4.35127.0
     c:\program files (x86)\talktalk\security\fshoster32.exe
     01/10/2012 10:23
   F-Secure Manager
     "C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSM32.EXE" /splash
     F-Secure Settings and Statistics
     F-Secure Corporation
     8.30.43098.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fsm32.exe
     28/09/2012 12:07
   EEventManager
     "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
     EEventManager Application
     SEIKO EPSON CORPORATION
     3.0.0.1
     c:\program files (x86)\epson software\event manager\eeventmanager.exe
     31/10/2011 05:23
   SunJavaUpdateSched
     "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
     Java Update Scheduler
     Oracle Corporation
     2.1.9.8
     c:\program files (x86)\common files\java\java update\jusched.exe
     02/07/2013 16:16
   HP Quick Launch
     C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
     HP Message Service
     Hewlett-Packard Development Company, L.P.
     3.0.6.0
     c:\program files (x86)\hewlett-packard\hp quick launch\hpmsgsvc.exe
     07/09/2012 09:31

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
   NCPluginUpdater
     "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
     NCPluginUpdater
     Hewlett-Packard
     1.0.0.0
     c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\ncpluginupdater.exe
     22/10/2013 02:52

HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components
   Adobe Reader User Settings
     "C:\Windows\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Reader 11.0\Esl\AiodLite.dll",CreateReaderUserSettings
     Acrobat Install On Demand
     Adobe Systems, Inc.
     11.0.4.63
     c:\program files (x86)\adobe\reader 11.0\esl\aiodlite.dll
     05/09/2013 12:29

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
   Steam
     "C:\Program Files (x86)\Steam\Steam.exe" -silent
     Steam Client Bootstrapper
     Valve Corporation
     2.13.4.49
     c:\program files (x86)\steam\steam.exe
     25/02/2014 21:45
   EPLTarget\P0000000000000001
     C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIME.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-202 203 206 Series"
     EPSON Status Monitor 3
     SEIKO EPSON CORPORATION
     7.0.3.0
     c:\windows\system32\spool\drivers\x64\3\e_iatiime.exe
     29/02/2012 07:26
   Sony PC Companion
     "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
     Sony PC Companion
     Sony
     2.1.0.0
     c:\program files (x86)\sony\sony pc companion\pccompanion.exe
     11/10/2013 13:35
   Skype
     "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
     Skype
     Skype Technologies S.A.
     6.14.0.104
     c:\program files (x86)\skype\phone\skype.exe
     10/02/2014 17:37

Task Scheduler
   \Adobe Flash Player Updater
     "C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
     Adobe© Flash© Player Update Service 12.0 r0
     Adobe Systems Incorporated
     12.0.0.77
     c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
     03/03/2014 21:44
   \CCleanerSkipUAC
     "C:\Program Files\CCleaner\CCleaner.exe" $(Arg0)
     CCleaner
     Piriform Ltd
     4.11.0.4619
     c:\program files\ccleaner\ccleaner.exe
     19/02/2014 14:42
   \HPCeeScheduleForJohn
     "C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe" HPCeeScheduleForJohn (null)
     HP Ceement
     Hewlett-Packard
     6.0.1.7
     c:\program files (x86)\hewlett-packard\hp ceement\hpcee.exe
     14/09/2010 05:11
   \MirageAgent
     "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
     YouCam Mirage
     CyberLink
     1.0.0.526
     c:\program files (x86)\cyberlink\youcam\ycmmirage.exe
     26/05/2010 02:59
   \Norton WSC Integration
     "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe" /taskschd
     File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
     
   \Synaptics TouchPad Enhancements
     "\Program Files\Synaptics\SynTP\SynTPEnh.exe"
     Synaptics TouchPad Enhancements
     Synaptics Incorporated
     16.2.10.12
     c:\program files\synaptics\syntp\syntpenh.exe
     25/08/2012 00:02
   \Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start
     "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /taskrestart
     HP Support Assistant
     Hewlett-Packard Company
     7.0.39.15
     c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
     27/09/2012 13:40
   \Hewlett-Packard\HP Support Assistant\PC Health Analysis
     "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe" /L Analysis
     HP Support Assistant
     Hewlett-Packard Company
     7.0.39.15
     c:\program files (x86)\hewlett-packard\hp support framework\hpsf.exe
     27/09/2012 13:40
   \Hewlett-Packard\HP Support Assistant\Update Check
     "C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe" /s /p 1
     HPSFUpdater
     Hewlett-Packard Company
     7.3.0.10
     c:\programdata\hewlett-packard\hp support framework\resources\updater7\hpsfupdater.exe
     12/12/2013 22:17
   \Hewlett-Packard\HP Support Assistant\WarrantyChecker
     "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe"
     HPWarrantyChecker
     Hewlett-Packard
     3.4.2.2
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
     10/02/2014 22:23
   \Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan
     "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe" /DeviceScanR6
     HPWarrantyChecker
     Hewlett-Packard
     3.4.2.2
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpwarrantycheck\hpwarrantychecker.exe
     10/02/2014 22:23
   \Microsoft\Windows\NetTrace\GatherNetworkInfo
     "%windir%\system32\gatherNetworkInfo.vbs"
     c:\windows\system32\gathernetworkinfo.vbs
     02/06/2012 14:31
   \Norton Internet Security\Norton Error Analyzer
     "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /analyze
     File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
     
   \Norton Internet Security\Norton Error Processor
     "C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe" /submit
     File not found: C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
     

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Canon Easy-WebPrint EX BHO
     HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
     Easy-WebPrint EX
     CANON INC.
     1.3.5.0
     c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
     14/06/2012 02:32
   HP Network Check Helper
     HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
     HP Network Check IE Plug-in
     Hewlett-Packard
     7.3.1.0
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
     28/08/2013 08:28

HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
   Canon Easy-WebPrint EX BHO
     HKCR\CLSID\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
     Easy-WebPrint EX
     CANON INC.
     1.3.5.0
     c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
     14/06/2012 02:32
   HP Network Check Helper
     HKCR\CLSID\{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}
     HP Network Check IE Plug-in
     Hewlett-Packard
     7.3.1.0
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
     28/08/2013 08:28

HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers
   FileAssociationHelper
     HKCR\CLSID\{D5CF14A2-B3CA-49DC-8E3E-0BB233B26D09}
     File Association Helper
     WinZip Computing International, LLC
     1.1.6.53763
     c:\program files\file association helper\fahdll.dll
     26/09/2013 07:40
   F-Prot Shell Extension
     HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9}
     FSAV Shell Extension Dll
     F-Secure Corporation
     8.80.15180.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll
     08/10/2012 08:24

HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers
   FSAV Shell Extension
     HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9}
     FSAV Shell Extension Dll
     F-Secure Corporation
     8.80.15180.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll
     08/10/2012 08:24

HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     14/12/2012 20:52

HKLM\Software\Wow6432Node\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers
   F-Prot Shell Extension
     HKCR\CLSID\{23814B80-52A2-11D0-BC1A-004095606CB9}
     FSAV Shell Extension Dll
     F-Secure Corporation
     8.80.15180.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll
     08/10/2012 08:24

HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers
   igfxcui
     HKCR\CLSID\{3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
     igfxpph Module
     Intel Corporation
     8.15.10.2828
     c:\windows\system32\igfxpph.dll
     31/07/2012 21:14

HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers
   PDF Shell Extension
     HKCR\CLSID\{F9DB5320-233E-11D1-9F84-707F02C10627}
     PDF Shell Extension
     Adobe Systems, Inc.
     11.0.3.37
     c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll
     11/05/2013 09:34

HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers
   MBAMShlExt
     HKCR\CLSID\{57CE581A-0CB6-4266-9CA0-19364C90A0B3}
     Malwarebytes Anti-Malware
     Malwarebytes Corporation
     1.70.0.0
     c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll
     14/12/2012 20:52
   F-Prot Shell Extension
     HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9}
     FSAV Shell Extension Dll
     F-Secure Corporation
     8.80.15180.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll
     08/10/2012 08:24

HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers
   FSAV Shell Extension
     HKCR\CLSID\{23814B80-52A2-11d0-BC1A-004095606CB9}
     FSAV Shell Extension Dll
     F-Secure Corporation
     8.80.15180.0
     c:\program files (x86)\talktalk\security\apps\computersecurity\common\fpshx.dll
     08/10/2012 08:24

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar
   Canon Easy-WebPrint EX
     HKCR\CLSID\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F}
     Easy-WebPrint EX
     CANON INC.
     1.3.5.0
     c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
     14/06/2012 02:31

HKLM\Software\Microsoft\Internet Explorer\Extensions
   HP Network Check
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
     NCLauncherFromIE
     Hewlett-Packard
     7.0.0.0
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
     09/07/2012 22:46

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions
   HP Network Check
     C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
     NCLauncherFromIE
     Hewlett-Packard
     7.0.0.0
     c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\nclauncherfromie.exe
     09/07/2012 22:46

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\System32\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\system32\l3codeca.acm
     26/07/2012 02:13

HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32
   msacm.l3acm
     C:\Windows\SysWOW64\l3codeca.acm
     MPEG Layer-3 Audio Codec for MSACM
     Fraunhofer Institut Integrierte Schaltungen IIS
     1.9.0.401
     c:\windows\syswow64\l3codeca.acm
     26/07/2012 02:19
   vidc.cvid
     iccvid.dll
     Cinepak© Codec
     Radius Inc.
     1.10.0.12
     c:\windows\syswow64\iccvid.dll
     26/07/2012 02:19

HKLM\Software\Wow6432Node\Classes\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance
   CyberLink Audio Wizard
     HKCR\CLSID\{1986FDCF-F657-4866-A83C-998B943A6321}
     CyberLink Audio Wizard Filter
     CyberLink Corp.
     1.0.0.4414
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudwizard.ax
     14/08/2009 13:26
   CyberLink Line21 Decoder (PDVD10)
     HKCR\CLSID\{24C79DBF-961B-4DF9-8440-3BEE8C76F1E1}
     CyberLink Line21 Decoder Filter
     CyberLink Corp.
     4.0.0.10324
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clline21.ax
     24/07/2009 02:21
   CyberLink DVD Navigator (PDVD10)
     HKCR\CLSID\{2AF76B80-2BDA-4731-932D-3FCFA9276B11}
     CyberLink DVD Navigation Filter
     CyberLink Corp.
     8.1.4208.0
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clnavx.ax
     08/06/2012 08:59
   CyberLink AudioCD Filter (PDVD10)
     HKCR\CLSID\{2D6F8EBB-80A6-4CF1-8C86-F2A8932DED3F}
     CyberLink AudioCD Filter
     CyberLink Corp.
     5.0.0.7823
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudiocd.ax
     23/06/2009 14:00
   Audition Null Audio
     HKCR\CLSID\{2EEB323F-1389-48B5-8D33-3CA84B6C1861}
     Adobe© AuditionT SCSI CD Interface
     Adobe Systems©, Incorporated
     1.5.0.0
     c:\program files (x86)\adobe\audition 1.5\videodump.ax
     04/05/2004 21:26
   CyberLink Matroska Splitter(PDVD10)
     HKCR\CLSID\{35F0AE98-673B-465F-A4D6-9F18A01F2454}
     CyberLink Matroska Splitter
     CyberLink Corp.
     1.0.0.1902
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clmkvsplter.ax
     02/07/2010 09:20
   CyberLink TimeStretch Filter (PDVD10)
     HKCR\CLSID\{36F74DF0-12FF-4881-8A55-E7CE4D12688E}
     CLAuTS.ax
     CyberLink Corp.
     2.0.0.3404
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clauts.ax
     04/10/2010 03:39
   CyberLink RealMedia Splitter(PDVD10)
     HKCR\CLSID\{38A6AC0C-4B7C-4922-8ADC-D22C55B86666}
     CyberLink RealMedia Splitter
     CyberLink Corp.
     1.0.0.1706
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clrmsplitter.ax
     06/05/2010 09:42
   CyberLink MPEG Splitter
     HKCR\CLSID\{4A55271F-A2C7-4EE5-BDCE-154FEB954E1C}
     CyberLink MPEG Splitter
     CyberLink Corp.
     3.4.0.3408
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clsplter.ax
     08/10/2010 08:23
   CyberLink Audio Decoder (PDVD10)
     HKCR\CLSID\{501099E1-5C05-4ED3-B0CB-371F97F5412C}
     CyberLink Audio Decoder Filter
     CyberLink Corp.
     9.0.0.1722
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claud.ax
     22/05/2012 08:03
   CyberLink Video/SP Decoder (PDVD10)
     HKCR\CLSID\{516F1EFA-42F4-436E-801C-B752EB9343EB}
     CyberLink Video/SP Filter
     CyberLink Corp.
     8.4.0.2505
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clvsd.ax
     05/01/2011 11:11
   CyberLink HD/BD Mixer (PDVD10)
     HKCR\CLSID\{5193BE4B-0FAF-4E3E-A7F8-5CB7140D7B7E}
     CLHBMixer
      
     2.0.0.5211
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clhbmixer.ax
     11/04/2012 10:03
   CyberLink Audio Effect (PDVD10)
     HKCR\CLSID\{5EFC04B3-68C0-4BFF-8BD4-61037272D70D}
     CyberLink Audio Effect Filter
     CyberLink Corporation
     6.0.0.7225
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\claudfx.ax
     25/12/2009 08:54
   CyberLink Digest Filter (PDVD10)
     HKCR\CLSID\{7A4A08EA-409C-4618-AE4A-FC7584FDCB7A}
     DigestFilter Dynamic Link Library
     1.0.0.4028
     c:\program files (x86)\cyberlink\powerdvd10\digestfilter.dll
     28/04/2010 12:54
   Cyberlink SubTitle Importor (PDVD10)
     HKCR\CLSID\{8BF03152-F394-4C94-A2EB-44D6B80C9E91}
     CLSubTitle.ax
     CyberLink Corp.
     2.0.0.1823
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
     23/06/2011 07:22
   CyberLink HAM Decoder
     HKCR\CLSID\{A93F76CF-4B73-4B67-89ED-7E0AF90BBFED}
     CyberLink Video Decoder Filter
     CyberLink Corp.
     1.0.8390.4214
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
     14/06/2012 07:37
   CyberLink Tzan Filter (PDVD10)
     HKCR\CLSID\{B5F41335-A18B-4362-A406-F09E43658116}
     CyberLink Tzan Filter
     CyberLink Corp.
     3.5.0.4515
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\cltzan.ax
     15/09/2011 06:04
   CyberLink RealVideo Decoder(PDVD10)
     HKCR\CLSID\{C548BB6C-0E62-4A25-AE4E-DE41856BC682}
     CyberLink RealMedia Video Decoder
     CyberLink Corp.
     1.0.0.1225
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clrmvd.ax
     25/12/2009 03:42
   Cyberlink SubTitle Importor 2.0 (PDVD10)
     HKCR\CLSID\{C88A3744-DE30-4316-BAFB-269C8A25856C}
     CLSubTitle.ax
     CyberLink Corp.
     2.0.0.1823
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clsubtitle.ax
     23/06/2011 07:22
   CyberLink Video Decoder (PDVD10)
     HKCR\CLSID\{D00E73D7-06F5-44F9-8BE4-B7DB191E9E7E}
     CyberLink Video Decoder Filter
     CyberLink Corp.
     1.0.8390.4214
     c:\program files (x86)\cyberlink\powerdvd10\videofilter\clcvd.ax
     14/06/2012 07:37
   Audition VideoDump
     HKCR\CLSID\{D88B0736-3DBF-44BF-92FF-2F3A9231C7FF}
     Adobe© AuditionT SCSI CD Interface
     Adobe Systems©, Incorporated
     1.5.0.0
     c:\program files (x86)\adobe\audition 1.5\videodump.ax
     04/05/2004 21:26
   CyberLink MPEG-4 Splitter (PDVD10)
     HKCR\CLSID\{DB17C0D7-EA02-4CC0-94A3-C8E07B1510F9}
     CyberLink MPEG-4 Splitter
     CyberLink Corp.
     1.1.0.2906
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clm4splt.ax
     06/05/2010 10:39
   CyberLink RealAudio Decoder(PDVD10)
     HKCR\CLSID\{DB5D8193-CB8D-4C72-98A5-1C147E075EDF}
     CyberLink RealMedia Audio Decoder
     CyberLink Corp.
     1.0.0.1225
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clrmaud.ax
     25/12/2009 03:44
   CyberLink FLV Splitter(PDVD10)
     HKCR\CLSID\{ECA099DE-D413-4500-B401-6C4FF1EB9580}
     CyberLink FLV Splitter
     CyberLink Corp.
     1.0.0.3327
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\clflvsplitter.ax
     27/09/2011 07:30
   CyberLink Audio Watermark Detector
     HKCR\CLSID\{F0219FAD-541A-4FCD-9E8E-22E4C14CA8BA}
     Audio Watermark Detector
     CyberLink
     1.0.0.516
     c:\program files (x86)\cyberlink\powerdvd10\audiofilter\clawmdetector.ax
     16/05/2012 02:01
   Cyberlink Demuxer 2.0
     HKCR\CLSID\{F07E981B-0EC4-4665-A671-C24955D11A38}
     CLDemuxer2
     Cyberlink
     2.0.6.2518
     c:\program files (x86)\cyberlink\powerdvd10\navfilter\cldemuxer2.ax
     18/01/2011 12:29

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVGLI7RT will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\John\AppData\Local\Mozilla\Firefox\Profiles\vjg0qiq9.default-1395655567045\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=2 327679 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\John\AppData\Local\temp will be emptied at reboot
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\John\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UVGLI7RT" not found
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

==== EOF on 26/03/2014 at  9:50:04.49 ======================
 

Link to post
Share on other sites

Hi,

Im afraid the popup is still there, and also my rapport software shows that trying to access my bank page takes me to an unknown ip address....i imagine the 2 are linked in terms of an infection, although im not sure? Usually the popup occurs on the same website, a well known premier league football site with millions of users, and it has never had popups before. But it has occurred on other standard sites too in the last week. What do you think?

Link to post
Share on other sites

Please download RogueKiller from here:

 

http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe  <- 32 bit version

http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe'>http://www.sur-la-toile.com/RogueKiller/RogueKillerX64.exe  <- 64 bit version

                                   

  • Make sure to get the correct version for your system.
  • Quit all running programs
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista/Seven, right click -> run as administrator, for XP simply run RogueKiller.exe
  • Wait until Prescan has finished...
  • The following EULA will appear, please select accept
     
    RKLicence.png
     
  • Ensure MBR scan, Check faked and AntiRootkit are checked
  • Select Scan
     
    RK1A.png
     
  • When the scan completes select Report, copy and paste that to your reply.
     
    RK2A.png
     
  • The log should be found in RKreport[?].txt on your Desktop
  • Exit/Close RogueKiller


     
    Kevin
Link to post
Share on other sites

Hi,

I have only clicked 'report', not delete/fix. Is that fine?

Here is the report. Thanks



RogueKiller V8.8.14 _x64_ [Mar 26 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : John [Admin rights]
Mode : Scan -- Date : 03/26/2014 23:35:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
[Address] EAT @explorer.exe (FS_Init) : fspmapi_64.dll -> HOOKED (c:\program files (x86)\talktalk\security\apps\computersecurity\hips\fshook64.dll @ 0x62D51E30)
[Address] EAT @explorer.exe (AssocCreate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43B20)
[Address] EAT @explorer.exe (AssocGetPerceivedType) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF44940)
[Address] EAT @explorer.exe (AssocIsDangerous) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5CFBC)
[Address] EAT @explorer.exe (AssocQueryKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A870)
[Address] EAT @explorer.exe (AssocQueryKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43A20)
[Address] EAT @explorer.exe (AssocQueryStringA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E60C)
[Address] EAT @explorer.exe (AssocQueryStringByKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E440)
[Address] EAT @explorer.exe (AssocQueryStringByKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF441A0)
[Address] EAT @explorer.exe (AssocQueryStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49CC0)
[Address] EAT @explorer.exe (ChrCmpIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A03C)
[Address] EAT @explorer.exe (ChrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A02C)
[Address] EAT @explorer.exe (ColorAdjustLuma) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F7A8)
[Address] EAT @explorer.exe (ColorHLSToRGB) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BFF0)
[Address] EAT @explorer.exe (ColorRGBToHLS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BF30)
[Address] EAT @explorer.exe (ConnectToConnectionPoint) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF442B0)
[Address] EAT @explorer.exe (DelayLoadFailureHook) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F8F0)
[Address] EAT @explorer.exe (DllGetClassObject) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6D448)
[Address] EAT @explorer.exe (DllGetVersion) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF55AE0)
[Address] EAT @explorer.exe (GUIDFromStringW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F786)
[Address] EAT @explorer.exe (GetAcceptLanguagesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597D0)
[Address] EAT @explorer.exe (GetAcceptLanguagesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A40)
[Address] EAT @explorer.exe (GetMenuPosFromID) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A60)
[Address] EAT @explorer.exe (HashData) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597C0)
[Address] EAT @explorer.exe (IStream_Copy) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A1A0)
[Address] EAT @explorer.exe (IStream_Read) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B80)
[Address] EAT @explorer.exe (IStream_ReadPidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49980)
[Address] EAT @explorer.exe (IStream_ReadStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41120)
[Address] EAT @explorer.exe (IStream_Reset) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46340)
[Address] EAT @explorer.exe (IStream_Size) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A180)
[Address] EAT @explorer.exe (IStream_Write) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46320)
[Address] EAT @explorer.exe (IStream_WritePidl) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F194)
[Address] EAT @explorer.exe (IStream_WriteStr) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46350)
[Address] EAT @explorer.exe (IUnknown_AtomicRelease) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A09C)
[Address] EAT @explorer.exe (IUnknown_Exec) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B80)
[Address] EAT @explorer.exe (IUnknown_GetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460B0)
[Address] EAT @explorer.exe (IUnknown_GetWindow) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42D20)
[Address] EAT @explorer.exe (IUnknown_QueryService) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43300)
[Address] EAT @explorer.exe (IUnknown_QueryStatus) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6BBA8)
[Address] EAT @explorer.exe (IUnknown_Set) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41130)
[Address] EAT @explorer.exe (IUnknown_SetSite) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43310)
[Address] EAT @explorer.exe (IntlStrEqWorkerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E3C)
[Address] EAT @explorer.exe (IntlStrEqWorkerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E2C)
[Address] EAT @explorer.exe (IsCharSpaceA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A80)
[Address] EAT @explorer.exe (IsCharSpaceW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41140)
[Address] EAT @explorer.exe (IsInternetESCEnabled) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597B0)
[Address] EAT @explorer.exe (IsOS) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B60)
[Address] EAT @explorer.exe (MLFreeLibrary) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69EF4)
[Address] EAT @explorer.exe (MLLoadLibraryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69F48)
[Address] EAT @explorer.exe (MLLoadLibraryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69FA8)
[Address] EAT @explorer.exe (ParseURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597A0)
[Address] EAT @explorer.exe (ParseURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C250)
[Address] EAT @explorer.exe (PathAddBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B2C)
[Address] EAT @explorer.exe (PathAddBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43C00)
[Address] EAT @explorer.exe (PathAddExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CCC)
[Address] EAT @explorer.exe (PathAddExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CBC)
[Address] EAT @explorer.exe (PathAppendA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CAC)
[Address] EAT @explorer.exe (PathAppendW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A10)
[Address] EAT @explorer.exe (PathBuildRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A05C)
[Address] EAT @explorer.exe (PathBuildRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A06C)
[Address] EAT @explorer.exe (PathCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C9C)
[Address] EAT @explorer.exe (PathCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CF0)
[Address] EAT @explorer.exe (PathCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B5C)
[Address] EAT @explorer.exe (PathCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43C10)
[Address] EAT @explorer.exe (PathCommonPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DAC)
[Address] EAT @explorer.exe (PathCommonPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D9C)
[Address] EAT @explorer.exe (PathCompactPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AF90)
[Address] EAT @explorer.exe (PathCompactPathExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AD80)
[Address] EAT @explorer.exe (PathCompactPathExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46530)
[Address] EAT @explorer.exe (PathCompactPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5EB08)
[Address] EAT @explorer.exe (PathCreateFromUrlA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59790)
[Address] EAT @explorer.exe (PathCreateFromUrlAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59780)
[Address] EAT @explorer.exe (PathCreateFromUrlW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436E0)
[Address] EAT @explorer.exe (PathFileExistsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C0C)
[Address] EAT @explorer.exe (PathFileExistsAndAttributesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45930)
[Address] EAT @explorer.exe (PathFileExistsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43690)
[Address] EAT @explorer.exe (PathFindExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C3C)
[Address] EAT @explorer.exe (PathFindExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410C0)
[Address] EAT @explorer.exe (PathFindFileNameA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BFC)
[Address] EAT @explorer.exe (PathFindFileNameW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41090)
[Address] EAT @explorer.exe (PathFindNextComponentA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59AE0)
[Address] EAT @explorer.exe (PathFindNextComponentW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A210)
[Address] EAT @explorer.exe (PathFindOnPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B610)
[Address] EAT @explorer.exe (PathFindOnPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49170)
[Address] EAT @explorer.exe (PathFindSuffixArrayA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B534)
[Address] EAT @explorer.exe (PathFindSuffixArrayW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF453D0)
[Address] EAT @explorer.exe (PathGetArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5962C)
[Address] EAT @explorer.exe (PathGetArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C880)
[Address] EAT @explorer.exe (PathGetCharTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59648)
[Address] EAT @explorer.exe (PathGetCharTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46480)
[Address] EAT @explorer.exe (PathGetDriveNumberA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D5C)
[Address] EAT @explorer.exe (PathGetDriveNumberW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41050)
[Address] EAT @explorer.exe (PathIsContentTypeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5ABAC)
[Address] EAT @explorer.exe (PathIsContentTypeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A2C0)
[Address] EAT @explorer.exe (PathIsDirectoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B404)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5B334)
[Address] EAT @explorer.exe (PathIsDirectoryEmptyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5EE78)
[Address] EAT @explorer.exe (PathIsDirectoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF454D0)
[Address] EAT @explorer.exe (PathIsFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D6C)
[Address] EAT @explorer.exe (PathIsFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46200)
[Address] EAT @explorer.exe (PathIsLFNFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CFC)
[Address] EAT @explorer.exe (PathIsLFNFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CEC)
[Address] EAT @explorer.exe (PathIsNetworkPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A07C)
[Address] EAT @explorer.exe (PathIsNetworkPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429A0)
[Address] EAT @explorer.exe (PathIsPrefixA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D8C)
[Address] EAT @explorer.exe (PathIsPrefixW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D7C)
[Address] EAT @explorer.exe (PathIsRelativeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D4C)
[Address] EAT @explorer.exe (PathIsRelativeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43680)
[Address] EAT @explorer.exe (PathIsRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C8C)
[Address] EAT @explorer.exe (PathIsRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CE0)
[Address] EAT @explorer.exe (PathIsSameRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D1C)
[Address] EAT @explorer.exe (PathIsSameRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D0C)
[Address] EAT @explorer.exe (PathIsSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A834)
[Address] EAT @explorer.exe (PathIsSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E948)
[Address] EAT @explorer.exe (PathIsUNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B3C)
[Address] EAT @explorer.exe (PathIsUNCServerA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C1C)
[Address] EAT @explorer.exe (PathIsUNCServerShareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C2C)
[Address] EAT @explorer.exe (PathIsUNCServerShareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E60)
[Address] EAT @explorer.exe (PathIsUNCServerW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E70)
[Address] EAT @explorer.exe (PathIsUNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41040)
[Address] EAT @explorer.exe (PathIsURLA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59770)
[Address] EAT @explorer.exe (PathIsURLW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436C0)
[Address] EAT @explorer.exe (PathMakePrettyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5BCB0)
[Address] EAT @explorer.exe (PathMakePrettyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49FC0)
[Address] EAT @explorer.exe (PathMakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A8C0)
[Address] EAT @explorer.exe (PathMakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41270)
[Address] EAT @explorer.exe (PathMatchSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BAC)
[Address] EAT @explorer.exe (PathMatchSpecExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B8C)
[Address] EAT @explorer.exe (PathMatchSpecExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B7C)
[Address] EAT @explorer.exe (PathMatchSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B9C)
[Address] EAT @explorer.exe (PathParseIconLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BEC)
[Address] EAT @explorer.exe (PathParseIconLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E20)
[Address] EAT @explorer.exe (PathQuoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BCC)
[Address] EAT @explorer.exe (PathQuoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42D00)
[Address] EAT @explorer.exe (PathRelativePathToA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B14)
[Address] EAT @explorer.exe (PathRelativePathToW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59AF4)
[Address] EAT @explorer.exe (PathRemoveArgsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5BC74)
[Address] EAT @explorer.exe (PathRemoveArgsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46450)
[Address] EAT @explorer.exe (PathRemoveBackslashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59CDC)
[Address] EAT @explorer.exe (PathRemoveBackslashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43730)
[Address] EAT @explorer.exe (PathRemoveBlanksA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BBC)
[Address] EAT @explorer.exe (PathRemoveBlanksW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BD0)
[Address] EAT @explorer.exe (PathRemoveExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C7C)
[Address] EAT @explorer.exe (PathRemoveExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E30)
[Address] EAT @explorer.exe (PathRemoveFileSpecA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B4C)
[Address] EAT @explorer.exe (PathRemoveFileSpecW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF44040)
[Address] EAT @explorer.exe (PathRenameExtensionA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C6C)
[Address] EAT @explorer.exe (PathRenameExtensionW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C5C)
[Address] EAT @explorer.exe (PathSearchAndQualifyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5961C)
[Address] EAT @explorer.exe (PathSearchAndQualifyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42E00)
[Address] EAT @explorer.exe (PathSetDlgItemPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5AC50)
[Address] EAT @explorer.exe (PathSetDlgItemPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E9D0)
[Address] EAT @explorer.exe (PathSkipRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D2C)
[Address] EAT @explorer.exe (PathSkipRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A20)
[Address] EAT @explorer.exe (PathStripPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59D3C)
[Address] EAT @explorer.exe (PathStripPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46220)
[Address] EAT @explorer.exe (PathStripToRootA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59C4C)
[Address] EAT @explorer.exe (PathStripToRootW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E50)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59B6C)
[Address] EAT @explorer.exe (PathUnExpandEnvStringsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42DF0)
[Address] EAT @explorer.exe (PathUndecorateA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A75C)
[Address] EAT @explorer.exe (PathUndecorateW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF464D0)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A86C)
[Address] EAT @explorer.exe (PathUnmakeSystemFolderW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5E984)
[Address] EAT @explorer.exe (PathUnquoteSpacesA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59BDC)
[Address] EAT @explorer.exe (PathUnquoteSpacesW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BE0)
[Address] EAT @explorer.exe (QISearch) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41010)
[Address] EAT @explorer.exe (SHAllocShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429D0)
[Address] EAT @explorer.exe (SHAnsiToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A310)
[Address] EAT @explorer.exe (SHAnsiToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A320)
[Address] EAT @explorer.exe (SHAutoComplete) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4BE10)
[Address] EAT @explorer.exe (SHCopyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2F0)
[Address] EAT @explorer.exe (SHCopyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A070)
[Address] EAT @explorer.exe (SHCreateMemStream) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432B0)
[Address] EAT @explorer.exe (SHCreateShellPalette) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42890)
[Address] EAT @explorer.exe (SHCreateStreamOnFileA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0DC)
[Address] EAT @explorer.exe (SHCreateStreamOnFileEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46070)
[Address] EAT @explorer.exe (SHCreateStreamOnFileW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF464A0)
[Address] EAT @explorer.exe (SHCreateStreamWrapper) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F792)
[Address] EAT @explorer.exe (SHCreateThread) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45E80)
[Address] EAT @explorer.exe (SHCreateThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B30)
[Address] EAT @explorer.exe (SHCreateThreadWithHandle) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46400)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0FC)
[Address] EAT @explorer.exe (SHDeleteEmptyKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0EC)
[Address] EAT @explorer.exe (SHDeleteKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2E0)
[Address] EAT @explorer.exe (SHDeleteKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42C60)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6EFB8)
[Address] EAT @explorer.exe (SHDeleteOrphanKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6EF48)
[Address] EAT @explorer.exe (SHDeleteValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A10C)
[Address] EAT @explorer.exe (SHDeleteValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CA0)
[Address] EAT @explorer.exe (SHEnumKeyExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A290)
[Address] EAT @explorer.exe (SHEnumKeyExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A280)
[Address] EAT @explorer.exe (SHEnumValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A250)
[Address] EAT @explorer.exe (SHEnumValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A1D0)
[Address] EAT @explorer.exe (SHFormatDateTimeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F004)
[Address] EAT @explorer.exe (SHFormatDateTimeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F070)
[Address] EAT @explorer.exe (SHFreeShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF429E0)
[Address] EAT @explorer.exe (SHGetInverseCMAP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF60830)
[Address] EAT @explorer.exe (SHGetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF49140)
[Address] EAT @explorer.exe (SHGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF443C0)
[Address] EAT @explorer.exe (SHGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B20)
[Address] EAT @explorer.exe (SHGetViewStatePropertyBag) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46FA0)
[Address] EAT @explorer.exe (SHIsChildOrSelf) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43510)
[Address] EAT @explorer.exe (SHIsLowMemoryMachine) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6BC3C)
[Address] EAT @explorer.exe (SHLoadIndirectString) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43340)
[Address] EAT @explorer.exe (SHLockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F838)
[Address] EAT @explorer.exe (SHMessageBoxCheckA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6ADD4)
[Address] EAT @explorer.exe (SHMessageBoxCheckW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6AF00)
[Address] EAT @explorer.exe (SHOpenRegStream2A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0AC)
[Address] EAT @explorer.exe (SHOpenRegStream2W) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF443F0)
[Address] EAT @explorer.exe (SHOpenRegStreamA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0CC)
[Address] EAT @explorer.exe (SHOpenRegStreamW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A0BC)
[Address] EAT @explorer.exe (SHPackDispParamsV) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF47DB0)
[Address] EAT @explorer.exe (SHPropertyBag_ReadStrAlloc) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF71598)
[Address] EAT @explorer.exe (SHPropertyBag_WriteBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF71498)
[Address] EAT @explorer.exe (SHQueryInfoKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A230)
[Address] EAT @explorer.exe (SHQueryInfoKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A210)
[Address] EAT @explorer.exe (SHQueryValueExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A120)
[Address] EAT @explorer.exe (SHQueryValueExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF463A0)
[Address] EAT @explorer.exe (SHRegCloseUSKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A70)
[Address] EAT @explorer.exe (SHRegCreateUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A58)
[Address] EAT @explorer.exe (SHRegCreateUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42640)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A44)
[Address] EAT @explorer.exe (SHRegDeleteEmptyUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A34)
[Address] EAT @explorer.exe (SHRegDeleteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A24)
[Address] EAT @explorer.exe (SHRegDeleteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59A14)
[Address] EAT @explorer.exe (SHRegDuplicateHKey) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1F0)
[Address] EAT @explorer.exe (SHRegEnumUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF599FC)
[Address] EAT @explorer.exe (SHRegEnumUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF599DC)
[Address] EAT @explorer.exe (SHRegEnumUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59998)
[Address] EAT @explorer.exe (SHRegEnumUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42590)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59984)
[Address] EAT @explorer.exe (SHRegGetBoolUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4C220)
[Address] EAT @explorer.exe (SHRegGetBoolValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46330)
[Address] EAT @explorer.exe (SHRegGetIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1E0)
[Address] EAT @explorer.exe (SHRegGetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1C0)
[Address] EAT @explorer.exe (SHRegGetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A240)
[Address] EAT @explorer.exe (SHRegGetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59948)
[Address] EAT @explorer.exe (SHRegGetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A280)
[Address] EAT @explorer.exe (SHRegGetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A2A4)
[Address] EAT @explorer.exe (SHRegGetValueFromHKCUHKLM) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46EBC)
[Address] EAT @explorer.exe (SHRegGetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF421B0)
[Address] EAT @explorer.exe (SHRegOpenUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59928)
[Address] EAT @explorer.exe (SHRegOpenUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59908)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF598E0)
[Address] EAT @explorer.exe (SHRegQueryInfoUSKeyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42610)
[Address] EAT @explorer.exe (SHRegQueryUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF598A0)
[Address] EAT @explorer.exe (SHRegQueryUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59860)
[Address] EAT @explorer.exe (SHRegSetPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A1A0)
[Address] EAT @explorer.exe (SHRegSetPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A180)
[Address] EAT @explorer.exe (SHRegSetUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59838)
[Address] EAT @explorer.exe (SHRegSetUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59810)
[Address] EAT @explorer.exe (SHRegWriteUSValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF597E4)
[Address] EAT @explorer.exe (SHRegWriteUSValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF425E0)
[Address] EAT @explorer.exe (SHRegisterValidateTemplate) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF758E0)
[Address] EAT @explorer.exe (SHReleaseThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A08C)
[Address] EAT @explorer.exe (SHRunIndirectRegClientCommand) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5C95C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A27C)
[Address] EAT @explorer.exe (SHSendMessageBroadcastW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42CC0)
[Address] EAT @explorer.exe (SHSetThreadRef) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45B10)
[Address] EAT @explorer.exe (SHSetValueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A14C)
[Address] EAT @explorer.exe (SHSetValueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF463D0)
[Address] EAT @explorer.exe (SHSkipJunction) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42E20)
[Address] EAT @explorer.exe (SHStrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4A260)
[Address] EAT @explorer.exe (SHStrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41070)
[Address] EAT @explorer.exe (SHStripMneumonicA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A900)
[Address] EAT @explorer.exe (SHStripMneumonicW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42DB0)
[Address] EAT @explorer.exe (SHUnicodeToAnsi) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432E0)
[Address] EAT @explorer.exe (SHUnicodeToAnsiCP) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF4F7B9)
[Address] EAT @explorer.exe (SHUnicodeToUnicode) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5A300)
[Address] EAT @explorer.exe (SHUnlockShared) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6F818)
[Address] EAT @explorer.exe (ShellMessageBoxA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5C604)
[Address] EAT @explorer.exe (ShellMessageBoxW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F54C)
[Address] EAT @explorer.exe (StrCSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EEC)
[Address] EAT @explorer.exe (StrCSpnIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EDC)
[Address] EAT @explorer.exe (StrCSpnIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59ECC)
[Address] EAT @explorer.exe (StrCSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF45A30)
[Address] EAT @explorer.exe (StrCatBuffA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FDC)
[Address] EAT @explorer.exe (StrCatBuffW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FEC)
[Address] EAT @explorer.exe (StrCatChainW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DCC)
[Address] EAT @explorer.exe (StrCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FCF8)
[Address] EAT @explorer.exe (StrChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FCC)
[Address] EAT @explorer.exe (StrChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F9C)
[Address] EAT @explorer.exe (StrChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410E0)
[Address] EAT @explorer.exe (StrChrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F8C)
[Address] EAT @explorer.exe (StrChrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FBC)
[Address] EAT @explorer.exe (StrChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41080)
[Address] EAT @explorer.exe (StrCmpCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DEC)
[Address] EAT @explorer.exe (StrCmpCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42C90)
[Address] EAT @explorer.exe (StrCmpICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41100)
[Address] EAT @explorer.exe (StrCmpICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410F0)
[Address] EAT @explorer.exe (StrCmpIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43650)
[Address] EAT @explorer.exe (StrCmpLogicalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DDC)
[Address] EAT @explorer.exe (StrCmpNA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EBC)
[Address] EAT @explorer.exe (StrCmpNCA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E0C)
[Address] EAT @explorer.exe (StrCmpNCW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59DFC)
[Address] EAT @explorer.exe (StrCmpNIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EAC)
[Address] EAT @explorer.exe (StrCmpNICA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460A0)
[Address] EAT @explorer.exe (StrCmpNICW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B70)
[Address] EAT @explorer.exe (StrCmpNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43670)
[Address] EAT @explorer.exe (StrCmpNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43770)
[Address] EAT @explorer.exe (StrCmpW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410B0)
[Address] EAT @explorer.exe (StrCpyNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FFC)
[Address] EAT @explorer.exe (StrCpyW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FD38)
[Address] EAT @explorer.exe (StrDupA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E4C)
[Address] EAT @explorer.exe (StrDupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF42B50)
[Address] EAT @explorer.exe (StrFormatByteSize64A) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC00)
[Address] EAT @explorer.exe (StrFormatByteSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FBF4)
[Address] EAT @explorer.exe (StrFormatByteSizeEx) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF432D0)
[Address] EAT @explorer.exe (StrFormatByteSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC60)
[Address] EAT @explorer.exe (StrFormatKBSizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FB74)
[Address] EAT @explorer.exe (StrFormatKBSizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FBE0)
[Address] EAT @explorer.exe (StrFromTimeIntervalA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF68AC8)
[Address] EAT @explorer.exe (StrFromTimeIntervalW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF68A44)
[Address] EAT @explorer.exe (StrIsIntlEqualA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E3C)
[Address] EAT @explorer.exe (StrIsIntlEqualW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E2C)
[Address] EAT @explorer.exe (StrNCatA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FCB8)
[Address] EAT @explorer.exe (StrNCatW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FC74)
[Address] EAT @explorer.exe (StrPBrkA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F5C)
[Address] EAT @explorer.exe (StrPBrkW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF461E0)
[Address] EAT @explorer.exe (StrRChrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59FAC)
[Address] EAT @explorer.exe (StrRChrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F7C)
[Address] EAT @explorer.exe (StrRChrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F6C)
[Address] EAT @explorer.exe (StrRChrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46210)
[Address] EAT @explorer.exe (StrRStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E9C)
[Address] EAT @explorer.exe (StrRStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E8C)
[Address] EAT @explorer.exe (StrRetToBSTR) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF460D0)
[Address] EAT @explorer.exe (StrRetToBufA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5F9E8)
[Address] EAT @explorer.exe (StrRetToBufW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41110)
[Address] EAT @explorer.exe (StrRetToStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5FA98)
[Address] EAT @explorer.exe (StrRetToStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43330)
[Address] EAT @explorer.exe (StrSpnA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F0C)
[Address] EAT @explorer.exe (StrSpnW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59EFC)
[Address] EAT @explorer.exe (StrStrA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E7C)
[Address] EAT @explorer.exe (StrStrIA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF46490)
[Address] EAT @explorer.exe (StrStrIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410D0)
[Address] EAT @explorer.exe (StrStrNIW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E5C)
[Address] EAT @explorer.exe (StrStrNW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E6C)
[Address] EAT @explorer.exe (StrStrW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43660)
[Address] EAT @explorer.exe (StrToInt64ExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F2C)
[Address] EAT @explorer.exe (StrToInt64ExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F3C)
[Address] EAT @explorer.exe (StrToIntA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F4C)
[Address] EAT @explorer.exe (StrToIntExA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59F1C)
[Address] EAT @explorer.exe (StrToIntExW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF461F0)
[Address] EAT @explorer.exe (StrToIntW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF410A0)
[Address] EAT @explorer.exe (StrTrimA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59E1C)
[Address] EAT @explorer.exe (StrTrimW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43320)
[Address] EAT @explorer.exe (UrlApplySchemeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59760)
[Address] EAT @explorer.exe (UrlApplySchemeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59750)
[Address] EAT @explorer.exe (UrlCanonicalizeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59740)
[Address] EAT @explorer.exe (UrlCanonicalizeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436B0)
[Address] EAT @explorer.exe (UrlCombineA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59728)
[Address] EAT @explorer.exe (UrlCombineW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43750)
[Address] EAT @explorer.exe (UrlCompareA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59714)
[Address] EAT @explorer.exe (UrlCompareW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59704)
[Address] EAT @explorer.exe (UrlCreateFromPathA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596F4)
[Address] EAT @explorer.exe (UrlCreateFromPathW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43BF0)
[Address] EAT @explorer.exe (UrlEscapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596E4)
[Address] EAT @explorer.exe (UrlEscapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43720)
[Address] EAT @explorer.exe (UrlFixupW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596D4)
[Address] EAT @explorer.exe (UrlGetLocationA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596C4)
[Address] EAT @explorer.exe (UrlGetLocationW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF596B4)
[Address] EAT @explorer.exe (UrlGetPartA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5969C)
[Address] EAT @explorer.exe (UrlGetPartW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF43700)
[Address] EAT @explorer.exe (UrlHashA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59688)
[Address] EAT @explorer.exe (UrlHashW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59678)
[Address] EAT @explorer.exe (UrlIsA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59668)
[Address] EAT @explorer.exe (UrlIsNoHistoryA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF595EC)
[Address] EAT @explorer.exe (UrlIsNoHistoryW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF41150)
[Address] EAT @explorer.exe (UrlIsOpaqueA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF5960C)
[Address] EAT @explorer.exe (UrlIsOpaqueW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF595FC)
[Address] EAT @explorer.exe (UrlIsW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436A0)
[Address] EAT @explorer.exe (UrlUnescapeA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF59658)
[Address] EAT @explorer.exe (UrlUnescapeW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF436D0)
[Address] EAT @explorer.exe (WhichPlatform) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF6A6D0)
[Address] EAT @explorer.exe (wnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF693AC)
[Address] EAT @explorer.exe (wnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69318)
[Address] EAT @explorer.exe (wvnsprintfA) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF693F8)
[Address] EAT @explorer.exe (wvnsprintfW) : imagehlp.dll -> HOOKED (C:\Windows\system32\SHLWAPI.dll @ 0xAFF69368)

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS541010A9E680 +++++
--- User ---
[MBR] 8e4e14f27291f4ddccf5ca7da0716fb1
[bSP] 7a953ccb260afb33417e633f79ea4ff4 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 953869 MB
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_03262014_233533.txt >>
 

Link to post
Share on other sites

Yes not deleting fixing is good, nothing conclusive in that log. Run the following please se what this one shows..

 

Please download the latest version of TDSSKiller from here:

http://support.kaspersky.com/downloads/utils/tdsskiller.exe and save it to your Desktop.

 

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
     
     
    image000q.png
     
     
  • Put a checkmark beside loaded modules.
     
     
    2012081514h0118.png
     
     
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
     
     
    2012081517h0349.png
     
     
  • Click the Start Scan button.
     
     
    19695967.jpg
     
     
  • The scan will be quick.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
     
     
    67776163.jpg
     
     
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
     
     
    62117367.jpg
     
     
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

     

    Kevin..

Link to post
Share on other sites

Ive downloaded and run it. The link above didnt work, just FYI, but i found it on the developer site.

Secondly, it crashed first time through the scan. When i reran the scan, the comp didnt need to reboot to load the modules - i guess thats ok.

Here is the scan (will post in 2/3 messages as is too long for 1). There was nothing to cure or delete.....Thanks

00:08:49.0223 0x0b00  TDSS rootkit removing tool 3.0.0.26 Mar 24 2014 07:28:43
00:08:49.0223 0x0b00  UEFI system
00:08:53.0364 0x0b00  ============================================================
00:08:53.0364 0x0b00  Current date / time: 2014/03/27 00:08:53.0364
00:08:53.0364 0x0b00  SystemInfo:
00:08:53.0364 0x0b00  
00:08:53.0364 0x0b00  OS Version: 6.2.9200 ServicePack: 0.0
00:08:53.0364 0x0b00  Product type: Workstation
00:08:53.0364 0x0b00  ComputerName: LAPTOP
00:08:53.0364 0x0b00  UserName: John
00:08:53.0364 0x0b00  Windows directory: C:\Windows
00:08:53.0364 0x0b00  System windows directory: C:\Windows
00:08:53.0364 0x0b00  Running under WOW64
00:08:53.0364 0x0b00  Processor architecture: Intel x64
00:08:53.0364 0x0b00  Number of processors: 4
00:08:53.0364 0x0b00  Page size: 0x1000
00:08:53.0364 0x0b00  Boot type: Normal boot
00:08:53.0364 0x0b00  ============================================================
00:08:53.0364 0x0b00  BG loaded
00:08:53.0520 0x0b00  System UUID: {B35504A9-EFD1-EED1-FE98-FC59203DD966}
00:08:53.0864 0x0b00  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:08:53.0864 0x0b00  ============================================================
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0:
00:08:53.0864 0x0b00  GPT partitions:
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {14A2EC7A-314A-4BDA-86AD-FBEC98E9628A}, Name: Basic data partition, StartLBA 0x800, BlocksNum 0xC8000
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {BF254A3E-4074-44CA-878B-891710BCF732}, Name: EFI system partition, StartLBA 0xC8800, BlocksNum 0x82000
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {A2EC2995-D31F-4F2D-93F2-D1D7E090A3E7}, Name: Microsoft reserved partition, StartLBA 0x14A800, BlocksNum 0x40000
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {464FC413-FEF9-44B9-8848-6250AED889E7}, Name: Basic data partition, StartLBA 0x18A800, BlocksNum 0x71D45800
00:08:53.0864 0x0b00  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {99E3B03F-0EB2-4E73-AE3C-54EF59C5DCFA}, Name: Basic data partition, StartLBA 0x71ED0000, BlocksNum 0x2836800
00:08:53.0864 0x0b00  MBR partitions:
00:08:53.0864 0x0b00  ============================================================
00:08:53.0911 0x0b00  C: <-> \Device\Harddisk0\DR0\Partition4
00:08:53.0957 0x0b00  D: <-> \Device\Harddisk0\DR0\Partition5
00:08:53.0957 0x0b00  ============================================================
00:08:53.0957 0x0b00  Initialize success
00:08:53.0957 0x0b00  ============================================================
00:09:26.0147 0x04a0  ============================================================
00:09:26.0147 0x04a0  Scan started
00:09:26.0147 0x04a0  Mode: Manual; SigCheck; TDLFS;
00:09:26.0147 0x04a0  ============================================================
00:09:26.0147 0x04a0  KSN ping started
00:09:28.0444 0x04a0  KSN ping finished: true
00:09:29.0553 0x04a0  ================ Scan system memory ========================
00:09:29.0553 0x04a0  System memory - ok
00:09:29.0553 0x04a0  ================ Scan services =============================
00:09:29.0662 0x04a0  [ E890C46E4754F0DF51BAFCC8D2E07498, E620D03030F3B65442E0A5CB8B59016A6E8DB3BCA52741977B8897B34438E902 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
00:09:29.0772 0x04a0  1394ohci - ok
00:09:29.0787 0x04a0  [ 4F18D4C7EA14F11A7211F60D553C03DB, 09AB6D2D8E9B7B6D6A97708551C0E4B34538947A15EA2A69C11764D7BC0BB7F6 ] 3ware           C:\Windows\system32\drivers\3ware.sys
00:09:29.0803 0x04a0  3ware - ok
00:09:29.0928 0x04a0  [ B33CF4DE909A5B30F526D82053A63C8E, ABF5BB962C038E545C18B96E686E072D780C907096C7BB341297AF31D3703ABD ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
00:09:30.0100 0x04a0  ABBYY.Licensing.FineReader.Sprint.9.0 - ok
00:09:30.0131 0x04a0  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] Accelerometer   C:\Windows\system32\DRIVERS\Accelerometer.sys
00:09:30.0147 0x04a0  Accelerometer - ok
00:09:30.0225 0x04a0  [ 975AABEB243B800C23626D6B652C5A9C, FB02336F26AF10BA2A0D1B97C33CB1D78BB90CA51EF008A613A0274779798FAD ] ACPI            C:\Windows\system32\drivers\ACPI.sys
00:09:30.0287 0x04a0  ACPI - ok
00:09:30.0319 0x04a0  [ DC968C37822117E576B933F34A2D130C, 4C94E00ADC242296D7CBBFC7346D5F9AE5FE1B0C616ECA3BDE10A7B34FD2040B ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
00:09:30.0366 0x04a0  acpiex - ok
00:09:30.0381 0x04a0  [ 0CA9F7C3A78227C21A0A7854E245CFB2, D54147C9C1EE2F0098B863B0852E027DB89D6FA67F6B7FD54F609D9715A11442 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
00:09:30.0397 0x04a0  acpipagr - ok
00:09:30.0412 0x04a0  [ 8EB8DA03B142D3DD1EB9ED8107A76C43, 24B9B24F9A5BDF3AAD13C4EE0638497D9CA4A100096C6EAE403E0215EA89C439 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
00:09:30.0428 0x04a0  AcpiPmi - ok
00:09:30.0444 0x04a0  [ CBCE725C5D86ABA7D2604E22951AA9B8, DE0440F0E943F057EBCD01DB4B1E12DBC241FBF03C42021306D322AB88FF8F21 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
00:09:30.0459 0x04a0  acpitime - ok
00:09:30.0506 0x04a0  [ B362181ED3771DC03B4141927C80F801, 69514E5177A0AEA89C27C2234712F9F82E8D8F99E1FD4273898C9324C6FF7472 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:09:30.0553 0x04a0  AdobeARMservice - ok
00:09:30.0631 0x04a0  [ 9D96B0D5855FD1B98023B3EEC9F06786, E4C79233158BE8AA4E9C6DD71585E5D2703A5156531EB3D692D7D81BC443E844 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:09:30.0694 0x04a0  AdobeFlashPlayerUpdateSvc - ok
00:09:30.0725 0x04a0  [ 93C6388592B99925C1D1576E465BC80F, 4C48BE5471DA4788357D71E90DFEA20FE320C7AAE1F4C55AFBE2E46FEA5CF8FB ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
00:09:30.0819 0x04a0  adp94xx - ok
00:09:30.0850 0x04a0  [ D27763E0247292654E7F7D16444C7C72, 0314C713D31E2B34F215B52F804F014D876E6ED92DC656CC3E27920CCD36CF0E ] adpahci         C:\Windows\system32\drivers\adpahci.sys
00:09:30.0928 0x04a0  adpahci - ok
00:09:30.0959 0x04a0  [ 67B90070FF48F794AF19F9FCF0080D75, 5D0D352606D58D2CA0814F38EF7B1774C030BE44353DF5910CBFAAF4FDE64ED6 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
00:09:30.0991 0x04a0  adpu320 - ok
00:09:31.0037 0x04a0  [ 974AE60BF5B90E31412D93596C968E5B, 092B59C2B67C4618E7B1800615D1DF7199482F60D0D27BD91763F7F8D7FC883F ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
00:09:31.0069 0x04a0  AeLookupSvc - ok
00:09:31.0100 0x04a0  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] AFD             C:\Windows\system32\drivers\afd.sys
00:09:31.0247 0x04a0  AFD - ok
00:09:31.0274 0x04a0  [ 01590377A5AB19E792528C628A2A68F9, F3A4B6CA4E8D4436E44E36D7F7EEF3DC861D1EE50D41F4273226C4ED95674B84 ] agp440          C:\Windows\system32\drivers\agp440.sys
00:09:31.0321 0x04a0  agp440 - ok
00:09:31.0336 0x04a0  [ D1BE8E6E5B3AF23A4393AF1BF867977A, B3AE97D35A9304198715D76F6C3F0545AA176FDEBA6C2055782558B11DFA14EB ] ALG             C:\Windows\System32\alg.exe
00:09:31.0368 0x04a0  ALG - ok
00:09:31.0383 0x04a0  [ 025E8C755BE293E50854D26D1BBE5133, 4373639689306A3D8FE0F862072711BAD5DBAA45E105CD3129586439A90EE070 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
00:09:31.0414 0x04a0  AllUserInstallAgent - ok
00:09:31.0430 0x04a0  [ 5A81054B824004B1ECC04F0034A1CDF9, 73A1986A4B346C425157216EBF16CC90EFFC642EDF6109E6364CF0552E3388FD ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
00:09:31.0461 0x04a0  AmdK8 - ok
00:09:31.0774 0x04a0  [ 8DC532B5BF820E48194C6AFC8862FCBC, AA8040A2EC9004FBED4B94166B2DD5A4F5BC835EBADD6199651C856A695AA3E1 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
00:09:32.0399 0x04a0  amdkmdag - ok
00:09:32.0446 0x04a0  [ AA48FEABA50C2DED9C485DFDBA044E40, AE52933B85494F51E4F1524489BEAC4C16F80D09BC8974D97F792D94EAD2A231 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
00:09:32.0524 0x04a0  amdkmdap - ok
00:09:32.0555 0x04a0  [ B849D453E644FAB9BC8EF6DC8CA9C4C6, B803CDA478D3385937C44CBB05A0E65ABACEFEBA682975787C44E2904FB89D2D ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
00:09:32.0602 0x04a0  AmdPPM - ok
00:09:32.0633 0x04a0  [ 35A0EB5AECB0FA3C41A2FB514A562304, 737783ABF348288471AC7051D4DC6CB336D686C94EC7B8938DCA74AFE9BECB1C ] amdsata         C:\Windows\system32\drivers\amdsata.sys
00:09:32.0665 0x04a0  amdsata - ok
00:09:32.0680 0x04a0  [ 00452671904F5EE94B50BF0219C97164, 99F9B86D3DB3E10B014120A63CD43CBAAB22C8E38851090ABE37D89ABD61F7B6 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
00:09:32.0711 0x04a0  amdsbs - ok
00:09:32.0743 0x04a0  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7, DC0B8B798720F5F75F8AFD3383CF69194282AEEE84DCACB97382F4C86E1D3E49 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
00:09:32.0758 0x04a0  amdxata - ok
00:09:32.0821 0x04a0  [ 823F34D1DEF120A657BB7529ABF4461F, C56D6614F6B3DA13DF7F6AC6B70ACA39D1DB146F7324CF96029CA038C3063DB3 ] AppHostSvc      C:\Windows\system32\inetsrv\apphostsvc.dll
00:09:32.0852 0x04a0  AppHostSvc - ok
00:09:32.0899 0x04a0  [ 83B3682CE922FB0F415734B26D9D6233, 9102E8B410BB1AE426770896B6AB584D1F02830337FBB2DEC182F3F19832F35F ] AppID           C:\Windows\system32\drivers\appid.sys
00:09:32.0946 0x04a0  AppID - ok
00:09:32.0977 0x04a0  [ CE2BEAD7F31816FF0AC490D048C969F9, 7D24C5A9E8F7C21CC6D8BF2CA29A8B79DDE7EEDE2F37D36B9071ECE1CF61371F ] AppIDSvc        C:\Windows\System32\appidsvc.dll
00:09:33.0008 0x04a0  AppIDSvc - ok
00:09:33.0040 0x04a0  [ 4F750B7EFCB6520AE01E01D082D7D476, AD2A67D727A1D4DD0BBACC6B4BB432FA9A14D50D8BA292B95A4747CEC9F85728 ] Appinfo         C:\Windows\System32\appinfo.dll
00:09:33.0055 0x04a0  Appinfo - ok
00:09:33.0102 0x04a0  [ E933401B392387F4BE34DE8BAF1722A7, 57CC6DE31E2C82D2B12509F0A5EC9EC70DD2EF6A1F31A66ADF62DC6AE0A67323 ] arc             C:\Windows\system32\drivers\arc.sys
00:09:33.0118 0x04a0  arc - ok
00:09:33.0149 0x04a0  [ 07CA323EF2E8247A568AB0F3662AD644, 1224B41193F0E9B164732BA5BF707A13427C82C1D8C3EDC2AAE5C5C75454B9F6 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
00:09:33.0165 0x04a0  arcsas - ok
00:09:33.0227 0x04a0  [ 108FB6DDB69E537A2EA53F425363FAE5, B12A9F5338D39805E08A44A335FF7AA77F2266F535A2F5C8412CC746C75E5B1D ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:09:33.0274 0x04a0  aspnet_state - ok
00:09:33.0290 0x04a0  [ 74DBAEC35366C4EE7670428808715A6A, 3B3A7A81CD8038C4750560B94A9247C4409410780B312BA71EDF2E393DCA7474 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:33.0321 0x04a0  AsyncMac - ok
00:09:33.0336 0x04a0  [ A721FF570C2387E383BDDEA9632863C9, 45DD7787F44A2C742560FEB03AB66910C2F0002D95BB02C55EEDE973AA92AD24 ] atapi           C:\Windows\system32\drivers\atapi.sys
00:09:33.0352 0x04a0  atapi - ok
00:09:33.0399 0x04a0  [ BCD7A47EF587DC00DD61D12D9C2D1E44, 95BC9AC8BA8A86DB5C7A6317002BD9872F193B401A0C58DF252DCF3D4A7541E2 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
00:09:33.0446 0x04a0  AudioEndpointBuilder - ok
00:09:33.0493 0x04a0  [ 599B3F685A263A114FFAF3BE29C49C75, 579E9561BA8537888E061E303F3F89E2E6F8B8DED74369C3767DB10B35CD45E8 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
00:09:33.0649 0x04a0  Audiosrv - ok
00:09:33.0680 0x04a0  [ 89491EF71D5EA011127832C588002853, 05620E4235956D8446FB9604F930738C8AA97E3A74C907E37F7CC08B8EDA0461 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
00:09:33.0711 0x04a0  AxInstSV - ok
00:09:33.0758 0x04a0  [ 87AB5BB072A3F128541D5B815F82FFDD, 186AF33D3DE90638C3E165CAC3DA17295E8A80CDB523F9BE4AF7D38CA6954905 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
00:09:33.0883 0x04a0  b06bdrv - ok
00:09:33.0899 0x04a0  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
00:09:33.0930 0x04a0  BasicDisplay - ok
00:09:33.0930 0x04a0  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
00:09:33.0946 0x04a0  BasicRender - ok
00:09:33.0993 0x04a0  [ 89143A7BA7850F5C7E61B43BB44B6418, 00BB781DF87D4FF1BAFD318AFE237296B4F5925023BA4486405EC0A384C88D8F ] BDESVC          C:\Windows\System32\bdesvc.dll
00:09:34.0024 0x04a0  BDESVC - ok
00:09:34.0040 0x04a0  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] Beep            C:\Windows\system32\drivers\Beep.sys
00:09:34.0086 0x04a0  Beep - ok
00:09:34.0165 0x04a0  [ 53AA55632B94622F2DC3695E86EF9363, 9B5BB8EDA48A37AE97BCD42D83B25A6D10AA6231EABE745DCCE6D60E19094A6F ] BFE             C:\Windows\System32\bfe.dll
00:09:34.0243 0x04a0  BFE - ok
00:09:34.0321 0x04a0  [ D598C44A7072D3108D8D8102EC5E07F7, D7472E9BAAB7B6E1D30F4E153412E2A16EE5C08DE2BF8BFF4D65089825226FE0 ] BITS            C:\Windows\system32\qmgr.dll
00:09:34.0415 0x04a0  BITS - ok
00:09:34.0477 0x04a0  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:09:34.0618 0x04a0  Bonjour Service - ok
00:09:34.0633 0x04a0  [ B17AC10B47C7FCB44D22A1F06415840E, 990D6F629D93F4F913D218ACE5187A26DCB762BAFB2BB279CCE8CAF2755D85A5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
00:09:34.0649 0x04a0  bowser - ok
00:09:34.0696 0x04a0  [ 038FA1B55531E7020DB705B42FCCE373, 023E87E3204D64890D6FEA78E762E5BC5BD0A59325EBC264834727779EEEDBC5 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
00:09:34.0727 0x04a0  BrokerInfrastructure - ok
00:09:34.0743 0x04a0  [ 310068BDA80B1D55C36580FD8A873FAF, A75412FF1F483461F526E9A359DCEECA5E683441514464D5ED82D1A9740D583E ] Browser         C:\Windows\System32\browser.dll
00:09:34.0774 0x04a0  Browser - ok
00:09:34.0821 0x04a0  [ 6695200F455E251F0BCC9CE4D0978D59, 4DB2F967E449581A9330EF43E794B45B93581564B20C5B991FC1EC665A640D69 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
00:09:34.0837 0x04a0  BthAvrcpTg - ok
00:09:34.0868 0x04a0  [ 616EB8748C988AEE98D93DA141C3D3B4, 15A055B0496BDB29CBCF6EEBF112D4BA1C7A2FF39124728830D0FD1FD7A404CB ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
00:09:34.0899 0x04a0  BthHFEnum - ok
00:09:34.0930 0x04a0  [ DCB4EBD928A6FB368BE6CAE522412DE1, 9E1345F29467054689B9F48B5CCB567760D36610A4EA9AF41B829EAD60347269 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
00:09:34.0962 0x04a0  bthhfhid - ok
00:09:34.0977 0x04a0  [ 033916CE8784A848B9A3D686B7F66D97, B4D0514D59646CF6B70D4FA488CF95C38EA38CC5C509329CC8753E897C640AFA ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
00:09:35.0008 0x04a0  BTHMODEM - ok
00:09:35.0040 0x04a0  [ A4387C3D271959313E2577DB7BE8BA7A, C71474802102102EBE04DF036EEB2F5FB3380BE288E3842F19F234EFAE977D70 ] bthserv         C:\Windows\system32\bthserv.dll
00:09:35.0055 0x04a0  bthserv - ok
00:09:35.0212 0x04a0  [ 33E9F08F675EF94633C8EF8A7C4EADF3, E1556CF27F7FB3B03EE63F3464F5EE92E7B09E67C5D8AA4A9346FEEBD716A152 ] c2cpnrsvc       C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
00:09:35.0508 0x04a0  c2cpnrsvc - ok
00:09:35.0508 0x04a0  catchme - ok
00:09:35.0555 0x04a0  [ 990B1BABE6E81FB18E65A87EBEFB1772, 1820D4AC57E1D4B7FB5AA89C277B16910ED73712878D2B43FE542CE16DFE16C3 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
00:09:35.0571 0x04a0  cdfs - ok
00:09:35.0587 0x04a0  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] cdrom           C:\Windows\System32\drivers\cdrom.sys
00:09:35.0602 0x04a0  cdrom - ok
00:09:35.0633 0x04a0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] CertPropSvc     C:\Windows\System32\certprop.dll
00:09:35.0665 0x04a0  CertPropSvc - ok
00:09:35.0696 0x04a0  [ F64B7D1A37CC1D5F421D5359EEC81E2E, 2B4879DD32B2C20B94847755E22B1BCBE2B567B3989C57A9BA2DD783307EFFDB ] circlass        C:\Windows\System32\drivers\circlass.sys
00:09:35.0712 0x04a0  circlass - ok
00:09:35.0758 0x04a0  [ 9905168708DB68849B879B5548F68AB3, B7A495E57B9398704988DC472126CBC5B8D76761A34F51732FBF6CC88E3AB79A ] CLFS            C:\Windows\system32\drivers\CLFS.sys
00:09:35.0821 0x04a0  CLFS - ok
00:09:35.0821 0x04a0  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
00:09:35.0852 0x04a0  CmBatt - ok
00:09:35.0899 0x04a0  [ E708BFF0473EC6B271EA46B65B16CA56, 2B4C661F7C5A4395CA4204122A1C3C8AA766B56C3D01CD8BAAFA18F71FC7B591 ] CNG             C:\Windows\system32\Drivers\cng.sys
00:09:35.0977 0x04a0  CNG - ok
00:09:35.0993 0x04a0  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
00:09:36.0008 0x04a0  CompositeBus - ok
00:09:36.0024 0x04a0  COMSysApp - ok
00:09:36.0024 0x04a0  [ D9CB0782AF819548072AA45B70F8B22D, 04796F39ABB88759A534DE3D0C51F684BF2A8DE1F4028B657CCFDBDD39A6618C ] condrv          C:\Windows\system32\drivers\condrv.sys
00:09:36.0040 0x04a0  condrv - ok
00:09:36.0118 0x04a0  [ DA8066CFED07DEBECB8DC08A55946ACE, 094AF4E198AACCB22F8FEA1DF0D7D8A4626BE3D2C3AE5310C47281998B84AB12 ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
00:09:36.0212 0x04a0  cphs - ok
00:09:36.0243 0x04a0  [ 5CE2742F063731EC10C1B2EE386A2C08, 309919BDDD4649AFB95A99DCF8AFC3BAE10F9BC1E2819C0794CFD0F80682C223 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
00:09:36.0274 0x04a0  CryptSvc - ok
00:09:36.0305 0x04a0  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] dam             C:\Windows\system32\drivers\dam.sys
00:09:36.0337 0x04a0  dam - ok
00:09:36.0430 0x04a0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] DcomLaunch      C:\Windows\system32\rpcss.dll
00:09:36.0508 0x04a0  DcomLaunch - ok
00:09:36.0540 0x04a0  [ C8650D1F61149AA546BDBC99172EBBC1, D9592ED1B6F23B6EC76A0B93635B6E38702311B0A6982F0F9DEC37FCDAF1288B ] defragsvc       C:\Windows\System32\defragsvc.dll
00:09:36.0665 0x04a0  defragsvc - ok
00:09:36.0696 0x04a0  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16, ADAC7FD6AC12B50F4998C5EB0BD770DD4B80A94C4CC1B9376AD77648E48D012D ] DeviceAssociationService C:\Windows\system32\das.dll
00:09:36.0759 0x04a0  DeviceAssociationService - ok
00:09:36.0790 0x04a0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
00:09:36.0821 0x04a0  DeviceInstall - ok
00:09:36.0852 0x04a0  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
00:09:36.0884 0x04a0  Dfsc - ok
00:09:36.0915 0x04a0  [ 0B3F6C8F93C5C25977EA5A8B2E656357, 1B1C8DA8592D2B892382E062017E60BF02B1B6642822039F21446DF01FAFDEE1 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
00:09:36.0946 0x04a0  dg_ssudbus - ok
00:09:36.0977 0x04a0  [ 9E0E72222264745ADEB0E5AC680B0ED6, 576AFC8741695396A3B8E9DBDD3703E9D70370437D09D162262E47A140D101B4 ] Dhcp            C:\Windows\system32\dhcpcore.dll
00:09:37.0009 0x04a0  Dhcp - ok
00:09:37.0040 0x04a0  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] discache        C:\Windows\system32\drivers\discache.sys
00:09:37.0055 0x04a0  discache - ok
00:09:37.0087 0x04a0  [ AE3786294CC246A5403783E1B86A0168, 29A7B4B490CBB16DAEF5D67D0A58A2577CF3FEE8F889484DB867F6913D9D2A28 ] disk            C:\Windows\system32\drivers\disk.sys
00:09:37.0118 0x04a0  disk - ok
00:09:37.0134 0x04a0  [ 82A7C72593793FE1EADA7A305BD1567A, 75F432E4C75AE9EFF553BD860B3B250853BDDA85C17DBD9B7242D74593506A86 ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
00:09:37.0149 0x04a0  dmvsc - ok
00:09:37.0180 0x04a0  [ 066B9710B36AB550E01EEFCA52155968, DCA9F3F4856A6866D3F5A2EEE34E96A83F40198DB0B5AC6381A7568DE1F56FAB ] Dnscache        C:\Windows\System32\dnsrslvr.dll
00:09:37.0227 0x04a0  Dnscache - ok
00:09:37.0259 0x04a0  [ 9949AD2ABA168A618D46C799D6CC898C, DFAC86A0AEE83C9EFE1BEE9EC15C8CAF1D619D55AF3ACC3986057A5AC985D06A ] dot3svc         C:\Windows\System32\dot3svc.dll
00:09:37.0290 0x04a0  dot3svc - ok
00:09:37.0305 0x04a0  [ 109FC3F80BF4F4DC5A071058074F13C1, F30736F45BA1811D59E9CB1C172D8D1EA9F5A7D36DCFFBFC9E7E02448C1CF851 ] DPS             C:\Windows\system32\dps.dll
00:09:37.0337 0x04a0  DPS - ok
00:09:37.0368 0x04a0  [ 9C7C183F937951AE17C5B8B3259CF3FF, 8ED607139F15D08B4835ACF864421BA4C08C88FE90B9AAF707F5D8514D7731B1 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
00:09:37.0415 0x04a0  drmkaud - ok
00:09:37.0462 0x04a0  [ F87F4AAAF6664906248D11D5E579A53B, F283932F68ED93891EEF00C18724359AB7057E922A3CDC8BC6F33F84D2B0BEE5 ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
00:09:37.0493 0x04a0  DsmSvc - ok
00:09:37.0571 0x04a0  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
00:09:37.0649 0x04a0  DXGKrnl - ok
00:09:37.0680 0x04a0  [ 58BA473DD88F5FC1932282BA683AA03E, B8A4407D3006D91BE88F9C5389AC1CACC73BEBF6F66433A1E5EB8E58E8836C12 ] Eaphost         C:\Windows\System32\eapsvc.dll
00:09:37.0712 0x04a0  Eaphost - ok
00:09:37.0837 0x04a0  [ 5AB97B3282D7D6114949D1EB5C8598E4, FB9449CC1CDC12C12AA0469BB6ACC770CB011250EDFD86E9600E754610608EFD ] ebdrv           C:\Windows\system32\drivers\evbda.sys
00:09:38.0055 0x04a0  ebdrv - ok
00:09:38.0134 0x04a0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] EFS             C:\Windows\System32\lsass.exe
00:09:38.0180 0x04a0  EFS - ok
00:09:38.0196 0x04a0  [ 66D60BD9A4C05616ABECA2A901475098, 8111550DB03FFD72F1822F47B16F075DA92874B64F19342D7CF60B0EE648AFEF ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
00:09:38.0212 0x04a0  EhStorClass - ok
00:09:38.0243 0x04a0  [ A61D0F543024E458C0FE32352E1978E2, BDE6BC140300EAF790F16466C28897CE0BD7D94DCED13FDE20AA4AACA0F6A4FD ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
00:09:38.0274 0x04a0  EhStorTcgDrv - ok
00:09:38.0352 0x04a0  [ ABDD5AD016AFFD34AD40E944CE94BF59, 61089124CD8FEA31142CD4D3C47224A6310B9BE7B7FA974956D9EDDAD4381503 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
00:09:38.0399 0x04a0  EpsonBidirectionalService - detected UnsignedFile.Multi.Generic ( 1 )
00:09:40.0774 0x04a0  Detect skipped due to KSN trusted
00:09:40.0774 0x04a0  EpsonBidirectionalService - ok
00:09:40.0821 0x04a0  [ 20ECD0A490A121CB34F553FAD1DBBD39, 17C9DA33E78FBC7582B0AA53C611929B80FBBE1343B84A179D515B51C964D218 ] EpsonScanSvc    C:\Windows\system32\EscSvc64.exe
00:09:40.0852 0x04a0  EpsonScanSvc - ok
00:09:40.0868 0x04a0  [ D790D058D67582DB9C84C2D33695FE6B, A5763D7F6D191EA4B290B3E92D842AC36FD46DF598472E70B46E45D8CCD2F912 ] ErrDev          C:\Windows\System32\drivers\errdev.sys
00:09:40.0899 0x04a0  ErrDev - ok
00:09:40.0946 0x04a0  esgiguard - ok
00:09:41.0009 0x04a0  [ F9E01C2D9F8BC049E04CF5DC24A5F638, CB6CCB59C77D4A59DDA846608AABEF1DFEC24C8422712AB8D59E27C13D731D2E ] EventSystem     C:\Windows\system32\es.dll
00:09:41.0102 0x04a0  EventSystem - ok
00:09:41.0134 0x04a0  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03, 6B0146A4C9AD32DCDC2DEE8E8C5A29F687665458486449E0D37B151ED63B8ADC ] exfat           C:\Windows\system32\drivers\exfat.sys
00:09:41.0196 0x04a0  exfat - ok
00:09:41.0306 0x04a0  [ 085CA7DA099678506A862AFCE927C229, A6C53F6ECF4B39FFEC6744142E586F08C7402BD562FAFCA9B50AA4CEED4148A3 ] F-Secure Gatekeeper C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsgk.sys
00:09:41.0337 0x04a0  F-Secure Gatekeeper - ok
00:09:41.0384 0x04a0  [ A71D66253EC610626AE80C7DBC0EC15E, 892C2661818B8D2ECFC6CBFD977B0DDD05D55EB9A2C73E07B745AEB448B9EC12 ] F-Secure HIPS   C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys
00:09:41.0415 0x04a0  F-Secure HIPS - ok
00:09:41.0431 0x04a0  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
00:09:41.0462 0x04a0  fastfat - ok
00:09:41.0524 0x04a0  [ F0E7F8382ED5E138B0DFA4CB5058BCFE, 6247C7B75F975F5AB080FFB9881EF58A6F360219F7AF2DE871F38E80CAF3B62C ] Fax             C:\Windows\system32\fxssvc.exe
00:09:41.0665 0x04a0  Fax - ok
00:09:41.0696 0x04a0  [ 73B2D11DF0B6E03A0CB0323218ACB3E4, BA9256919BAA2E0760F6A658B557FDC389ACE8F9820D1A41FD995FC5613F5AA6 ] fdc             C:\Windows\System32\drivers\fdc.sys
00:09:41.0712 0x04a0  fdc - ok
00:09:41.0743 0x04a0  [ 0828E3E7BD77C89149EAD3232BFD38DB, A6A296647A4EDBFF59124E3A9C0AB48759AA1738615ACFA5A454FF6BD3C31BA2 ] fdPHost         C:\Windows\system32\fdPHost.dll
00:09:41.0759 0x04a0  fdPHost - ok
00:09:41.0774 0x04a0  [ 872506AAB591E8908DF4461475AF92DF, 772F2D08CB95775E438822B9EA005CBA92ED4071ADAB2C0101156A7D037D4704 ] FDResPub        C:\Windows\system32\fdrespub.dll
00:09:41.0821 0x04a0  FDResPub - ok
00:09:41.0853 0x04a0  [ 0588950D93A426F97C7AAADB1A9B0458, ABCB3619BD58CAC438FC032495AE45A7B6FFDD4BD33C1B3D1BC7F9F13FCB727A ] fhsvc           C:\Windows\system32\fhsvc.dll
00:09:41.0899 0x04a0  fhsvc - ok
00:09:41.0899 0x04a0  [ 88A9EBACD1058ABB237A6B4E96E7F397, 263D25D33B679EB01D97763701347C31B2F72E28CE2C7EC8013EA77756D98BE1 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
00:09:41.0931 0x04a0  FileInfo - ok
00:09:41.0946 0x04a0  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02, 1D7BFB00D74A28AC13ECBA1E0036D50EE79266AC02CEDB2632466BF9DD46F211 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
00:09:41.0962 0x04a0  Filetrace - ok
00:09:41.0993 0x04a0  [ B1D4C168FF7B8579E3745888658FFB1D, 1A5C13E902A0C788A8B995ADD2FBC3303005911C0AA3F3F4497D3016AA0EF583 ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
00:09:42.0009 0x04a0  flpydisk - ok
00:09:42.0040 0x04a0  [ B33EC133AE4E6C1881D2302D93D2467D, 77E3A16257EA3698B3FCD947D004144E8D1EEE48EF5C82DF49B1B9B2B3C61DB2 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
00:09:42.0103 0x04a0  FltMgr - ok
00:09:42.0165 0x04a0  [ 0BCDC0FF11B984162B0CF0FF6E9E0146, D44A3CECBA36B7A64854E244FA6B5E65047896BF9983D20B431410FBBA36697A ] FontCache       C:\Windows\system32\FntCache.dll
00:09:42.0353 0x04a0  FontCache - ok
00:09:42.0415 0x04a0  [ 0B56259F5611787222A04A8F254E51D4, F77AEC0ACBFAF9154E32223B84B613229DACCD953AEBC3E96C27570F9AB10FD0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:09:42.0462 0x04a0  FontCache3.0.0.0 - ok
00:09:42.0493 0x04a0  [ F59F2C574AA5D84477EB89F87C938F16, 0F3905D56440F9216911F7338061CFB8BEF243DDF9DC1E5D57254874EBBFA629 ] fsbts           C:\Windows\system32\Drivers\fsbts.sys
00:09:42.0540 0x04a0  fsbts - ok
00:09:42.0556 0x04a0  [ A5F7873A39E4E9FAAAE59B7E9E36B705, 32036109F5A50E9F3BEF97C5B28AE8179B3A5E22517868A83CADE4671FF90DEC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
00:09:42.0587 0x04a0  FsDepends - ok
00:09:42.0618 0x04a0  [ 10881D41226100F44DF3BF66F5EA75C6, A2B3B46A085D10F30A2D82186C51BCBC006390EB66E6ECF4B26293FF6506B2A9 ] fshoster        C:\Program Files (x86)\TalkTalk\Security\fshoster32.exe
00:09:42.0649 0x04a0  fshoster - ok
00:09:42.0696 0x04a0  [ 11CA1330E16D1772E868A86FBFD8A0AD, 337D5FF88C27BDA70A1364CACEADF8E5A26A240C1258550ECE62EEB0F72B0B7E ] FSMA            C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Common\FSMA32.EXE
00:09:42.0759 0x04a0  FSMA - ok
00:09:42.0806 0x04a0  [ 4C19B29A6C8736B011AEABB4CEF74862, 0F7455A086976D884672A551B83AEB54EC09F51A4E9419F5EBCDEDA485697707 ] fsni            C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Scanning\fsni64.sys
00:09:42.0837 0x04a0  fsni - ok
00:09:42.0884 0x04a0  [ 45303CDBC1FD8F8D371E726BF126F771, AEBAD185AD6DA8648900C840DE64C2D83E94515EC0E08586C52BF64C8C2E4B6F ] FSORSPClient    C:\Program Files (x86)\TalkTalk\Security\apps\CCF_Reputation\fsorsp.exe
00:09:42.0931 0x04a0  FSORSPClient - ok
00:09:42.0931 0x04a0  [ 339E52896B03045FC2A738F9997FA38D, A5EDCF14BBA63DC1F855E799E671AD210734A462D41154B44551D525272DB502 ] fsvista         C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
00:09:42.0962 0x04a0  fsvista - ok
00:09:42.0978 0x04a0  [ A6DD7D491F587F4BC13FB972977DC8E8, B86F97F17F6F443EC16DEF67CCA4EF78AFE56078D2877838A982FECB19557C87 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
00:09:42.0993 0x04a0  Fs_Rec - ok
00:09:43.0040 0x04a0  [ C1646A95EAC515F60CDB2A7A8A013C1E, F559B83C02B17265EDE95DD497C1A94E402F07EC251FC47449F789907AFFED14 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
00:09:43.0103 0x04a0  fvevol - ok
00:09:43.0134 0x04a0  [ A969D92973DFA895E7776B4BFE36DBB2, 7528E6983ECC59291A7A386E4E459B19D1593ABDDFFD276E2F01B0EA21693E20 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
00:09:43.0181 0x04a0  FxPPM - ok
00:09:43.0196 0x04a0  [ 52BC441E07A827EBAB70CDC7EAEDB28D, 8DECBD8E12EA52039742599CFBBF0D3B6610B57EF8D9DAEEEA33D202A478D286 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
00:09:43.0212 0x04a0  gagp30kx - ok
00:09:43.0274 0x04a0  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:09:43.0321 0x04a0  GamesAppService - ok
00:09:43.0337 0x04a0  [ 721F8EEF5E9747F32670DEFF7FB92541, E0A8EF70753E260C2C7D93D316B5EF9589DB086FDF829BDA2958C6A09CE471A6 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
00:09:43.0353 0x04a0  gencounter - ok
00:09:43.0368 0x04a0  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E, 4BF196E1CAC94E9265EBEB68F41C3E29F0C709ECFF9420B5B1C9C82680D5D6A8 ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
00:09:43.0399 0x04a0  GPIOClx0101 - ok
00:09:43.0462 0x04a0  [ 5358678C6370F2ADC5291849F6503262, 841633D7A936C3889690C67E189BAD4C6B294C196FFFE5B564FCECDFE46A9E52 ] gpsvc           C:\Windows\System32\gpsvc.dll
00:09:43.0603 0x04a0  gpsvc - ok
00:09:43.0634 0x04a0  [ 630555943E5A3FE21010CE91EC7FC84F, 20D7247A4363EE9E851501D89A466564ADCAEC304DE42280E4E09AD8499436A9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:09:43.0712 0x04a0  HdAudAddService - ok
00:09:43.0743 0x04a0  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
00:09:43.0774 0x04a0  HDAudBus - ok
00:09:43.0806 0x04a0  [ 3F76BBA53D65E85A7F53E7A71082082C, D1E18815BB19CD11007C4A66162C76F55D4FE6B09B34ED45969C7ECC29D394AD ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
00:09:43.0821 0x04a0  HidBatt - ok
00:09:43.0853 0x04a0  [ 085F150D002B7F0153D3C06DDF33A143, 41847FD02608ECFE3A6B4B38CBDE8416B0EF17491868511FD704B0BCC280338E ] HidBth          C:\Windows\System32\drivers\hidbth.sys
00:09:43.0884 0x04a0  HidBth - ok
00:09:43.0915 0x04a0  [ CC4A07E51D89575CAB6F4EB590D87CD4, DFB4EAF0923EF9FF6C42EDD1EA5E4025F243C9BE2D03D5423FE8A897DC01D657 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
00:09:43.0946 0x04a0  hidi2c - ok
00:09:43.0978 0x04a0  [ DC96F7DACB777CDEAEF9958A50BFDA06, 7CE79F32D5EE65C0178CFF56523825D3EE01095B2CE8C67634A6604A821A9086 ] HidIr           C:\Windows\System32\drivers\hidir.sys
00:09:44.0009 0x04a0  HidIr - ok
00:09:44.0025 0x04a0  [ FAC37D7B3D6354A5A5E19A45B50B4008, 2962B552A1DA545DFDEF0886582E82596FE8A3A19AAF989B025AFDA84D16D4EC ] hidserv         C:\Windows\System32\hidserv.dll
00:09:44.0056 0x04a0  hidserv - ok
00:09:44.0071 0x04a0  [ 012C354B4AB48E9A7A657DF39E3A2073, B15D0089CE509FF1CF73DFE095425C1C99FC3971622DCAAD9CAEB989A12A4FDB ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
00:09:44.0087 0x04a0  HidUsb - ok
00:09:44.0118 0x04a0  [ 43F884B61A24377567CD0FEB35236334, B3BA36B527C8D6D83DE2FBCD8D503B87FD2611BF15B07A7BC138DC8BAE6A50C1 ] hkmsvc          C:\Windows\system32\kmsvc.dll
00:09:44.0150 0x04a0  hkmsvc - ok
00:09:44.0181 0x04a0  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF, E6967F3F465C6E903221BC0FCBAE7D05FD18C0BF110D929335F5935364B3C1BC ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:09:44.0212 0x04a0  HomeGroupListener - ok
00:09:44.0259 0x04a0  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E, B965DCC72625188F3B896CB447B7696F22687266EAFC5AA270E2AD53DD9F324D ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:09:44.0321 0x04a0  HomeGroupProvider - ok
00:09:44.0384 0x04a0  [ BB1FC298BE53AAB1E110F6E786BD8AC5, C2DA2C3CE96D5F8B50013063B5EF7BED7478636896C709A7AF34855B2E69B9F1 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:09:44.0415 0x04a0  HP Support Assistant Service - detected UnsignedFile.Multi.Generic ( 1 )
00:09:46.0806 0x04a0  Detect skipped due to KSN trusted
00:09:46.0806 0x04a0  HP Support Assistant Service - ok
00:09:46.0915 0x04a0  [ D104FF402FC3DDB686E6DEF00334DB26, 6CCE56587C02ECE474C6BF959C4A6F752A1FF0B718FBE8EE4FD9755313A207C1 ] hpdskflt        C:\Windows\system32\DRIVERS\hpdskflt.sys
00:09:46.0947 0x04a0  hpdskflt - ok
00:09:47.0009 0x04a0  [ 514455F6586473791C5C6B25BA4E1BAB, 0C2CAE8F35241F1B936C502AAB7C9303C643D898BAB1D060FCA1E6B3A7D9FDB9 ] hpqwmiex        C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
00:09:47.0228 0x04a0  hpqwmiex - ok
00:09:47.0275 0x04a0  [ 64DB7A8D97CA53DCCF93D0A1E08342CF, 02CAB7F28D3830C482683425C60044239C6F1562556688A274CA2C237C846E76 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
00:09:47.0306 0x04a0  HpSAMD - ok
00:09:47.0337 0x04a0  [ 55FFCBB036D7BE4BCA6FA1421203A27F, 5BB865FC631390F59AF5F2452D4D2DA47E34A49E194C8010E942F5A2013F3895 ] hpsrv           C:\Windows\system32\Hpservice.exe
00:09:47.0353 0x04a0  hpsrv - ok
00:09:47.0400 0x04a0  [ 3C5B2067338E4EFDADE94E4A72728F23, 72E21FA1E660F9405A5E39B0F89AB21C60F20BAC13247567EF7139AC130F1897 ] HPWMISVC        C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
00:09:47.0431 0x04a0  HPWMISVC - ok
00:09:47.0478 0x04a0  [ F4A91D985EB9D1D2717D538F3424603C, 454AD2FF3A7963B9835AEF300F6672F92D0CCF59593BA2CCC83F0EC1446BB659 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
00:09:47.0618 0x04a0  HTTP - ok
00:09:47.0650 0x04a0  [ 2A98301068801700906C06649860FE94, 664394A52326289DCA0828B0041A105653F4FEF3E3DCCC3787AAE0F6FDC73A14 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
00:09:47.0665 0x04a0  hwpolicy - ok
00:09:47.0697 0x04a0  [ DC76901D82097C9E297F20C287CB9A27, 01A412D0D8A65050BE4250A7C4B9F98A4C43FD891827761E0C830369A5F9F09C ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
00:09:47.0728 0x04a0  hyperkbd - ok
00:09:47.0743 0x04a0  [ 716413AB3CA12DE0A7222D28C1C9352C, B82B586BD9DBD70DDA19A02504E8CB00DA53677703AB848B53387601C5BAD3D3 ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
00:09:47.0759 0x04a0  HyperVideo - ok
00:09:47.0775 0x04a0  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
00:09:47.0790 0x04a0  i8042prt - ok
00:09:47.0822 0x04a0  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
00:09:47.0978 0x04a0  iaStorA - ok
00:09:48.0009 0x04a0  [ 5E394EBD26FD68AA9300332C46BEDD62, 56A5DA7CE08C07B519E55D0A46AA9D10B640349808EFE02B3278267B75B5F603 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
00:09:48.0103 0x04a0  iaStorV - ok
00:09:48.0197 0x04a0  [ ABEFA4BD23329FD9BD47496BF2E58774, 9689D4C6380735EE1CC7F480696CDDC229E0FA511942AC813314D353584D82DD ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
00:09:48.0353 0x04a0  IconMan_R - detected UnsignedFile.Multi.Generic ( 1 )
00:09:50.0697 0x04a0  Detect skipped due to KSN trusted
00:09:50.0697 0x04a0  IconMan_R - ok
00:09:50.0978 0x04a0  [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
00:09:51.0259 0x04a0  igfx - ok
00:09:51.0306 0x04a0  [ 24847A06B84339FEEDE5CABF3D27D320, 7727B1DAD0D4A1D474FBBEFCEBDF36A1F07D1AA300869AE57A24ED91BF84B6B4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
00:09:51.0337 0x04a0  iirsp - ok
00:09:51.0447 0x04a0  [ E455C83E029121270BED73CDAC381F37, 433D525C19DBF26FAC28853C606C872D973104842B0EF1B2BF2EAC85457E2953 ] IKEEXT          C:\Windows\System32\ikeext.dll
00:09:51.0619 0x04a0  IKEEXT - ok
00:09:51.0650 0x04a0  [ F5495B38BFB9149925F54F65AB40EFBF, 7CBB72C41E2343DACBFB967A39CA04788561EDECB289C41BC2D6A06B80882AC4 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
00:09:51.0712 0x04a0  IntcDAud - ok
00:09:51.0822 0x04a0  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC, F791EE101EEF8B9F48102B6C63A89B78F7C0041C750C4F4C0D16D54B583B7B5C ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
00:09:51.0994 0x04a0  Intel® Capability Licensing Service Interface - ok
00:09:52.0041 0x04a0  [ 30E9FAC23E2537D82F2836CB81AEE186, 03E5072D43ECED70EF004D2E6E654B4CCCE059825CC3C641C0534E4C0BC0C7E8 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
00:09:52.0072 0x04a0  Intel® ME Service - ok
00:09:52.0087 0x04a0  [ 4F37726CF764CA18A8A84F85EF3A7F24, 6212B23917526E127CE641A11A58DA93651FFE70829C4079FE465DBDC81CF470 ] intelide        C:\Windows\system32\drivers\intelide.sys
00:09:52.0103 0x04a0  intelide - ok
00:09:52.0150 0x04a0  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] intelppm        C:\Windows\System32\drivers\intelppm.sys
00:09:52.0181 0x04a0  intelppm - ok
00:09:52.0212 0x04a0  [ 8FCA66234A0933D796BB780B7953BAB9, 7DD677F5EE09A8D7A75C9E475B5E6B3DCA49D1E846C7D160B839D7029B1C5B6D ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:09:52.0244 0x04a0  IpFilterDriver - ok
00:09:52.0275 0x04a0  [ C217B8D2E58C57A319B16125C3D4B69C, 905BB858E1782BD08FF080A4A604CE662440A15601B178FBD30269C306C04CCF ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
00:09:52.0369 0x04a0  iphlpsvc - ok
00:09:52.0416 0x04a0  [ 6E98A046A12AA113F8898AA5D612BD6E, 28816CC1F03F2BFBF099C087C0BB6949E959F44C888DD2D0528FF7ED5D665ECF ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
00:09:52.0447 0x04a0  IPMIDRV - ok
00:09:52.0478 0x04a0  [ 3969B9C218DD3FAA9F4ED2FFC3651C02, 93447F124CC55FB17055126432194153E1BB8F0FD95A47608494B6834A5F7089 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
00:09:52.0509 0x04a0  IPNAT - ok
00:09:52.0525 0x04a0  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C, 4099BAA2DB4ADB93B878D71E241B7D9EB7E0EE7ED0FE2450CCB9E4718B3726EB ] IRENUM          C:\Windows\system32\drivers\irenum.sys
00:09:52.0556 0x04a0  IRENUM - ok
00:09:52.0572 0x04a0  [ D940C5BB9DC92E588533C19ABCC3D2C2, D1442854CEDE86F2C187A35851E74C873D34B772C60BC118FA1577F79C03364D ] isapnp          C:\Windows\system32\drivers\isapnp.sys
00:09:52.0587 0x04a0  isapnp - ok
00:09:52.0634 0x04a0  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF, 8FFF92828C3DC20F0F42C42E58A03B59A4E0187963F728DC618C9595FB2D0239 ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
00:09:52.0681 0x04a0  iScsiPrt - ok
00:09:52.0728 0x04a0  [ 3C4002D339491AF73D663FFC7F6E5ECB, 0B53047989BDB781572253BC3AA757912FE54366870C1955E687972CE210C285 ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
00:09:52.0775 0x04a0  jhi_service - ok
00:09:52.0791 0x04a0  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
00:09:52.0822 0x04a0  kbdclass - ok
00:09:52.0837 0x04a0  [ E88C932ABDF8185A62C8F2FC7B051FB6, 67F9AF58237A11F0BF3D15AA5B32E5CE66B7AA039B999D938F7F6E63DCEA7A6E ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
00:09:52.0869 0x04a0  kbdhid - ok
00:09:52.0869 0x04a0  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
00:09:52.0884 0x04a0  kdnic - ok
00:09:52.0916 0x04a0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] KeyIso          C:\Windows\system32\lsass.exe
00:09:52.0931 0x04a0  KeyIso - ok
00:09:52.0978 0x04a0  [ DFA480F6DED551464F3A5B959F437800, C07AB6F28A09FCBE11EECAD03B06CEAE1016EC24031FCA0C092639E90FBA84CF ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
00:09:53.0009 0x04a0  KSecDD - ok
00:09:53.0056 0x04a0  [ 127FB0AAD232BAAD2C9BBACD374F4FC5, 3BC56F6B4374062C96149D69ACE053DF81A278F0361599F5A2F3DB1F76F0AD68 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
00:09:53.0072 0x04a0  KSecPkg - ok
00:09:53.0103 0x04a0  [ 81492FEEBF2F26455B00EE8DBAE8A1B0, E33AA2DFB2D3BB30B02CDADA2EC290F86329DA3198327A653F39A843D86390B9 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
00:09:53.0134 0x04a0  ksthunk - ok
00:09:53.0181 0x04a0  [ 5825DBACEDC3812B5CF8D40B997BF210, 1C2997BCC707C1029B21876E093038CE3BBF6E6694B4CCF7EEDD47172ED9A541 ] KtmRm           C:\Windows\system32\msdtckrm.dll
00:09:53.0244 0x04a0  KtmRm - ok
00:09:53.0306 0x04a0  [ 256EE31588257E8A555DBFAA13F1908E, B6817F632EDEA483E35BF26846DCDD4E95E860620959179B2A5D8AD7EEDDB126 ] LanmanServer    C:\Windows\System32\srvsvc.dll
00:09:53.0369 0x04a0  LanmanServer - ok
00:09:53.0400 0x04a0  [ 16650912BE5A94B40E0B3B4C39652B56, 908C2C9367AE0AC9AECB5D91514BB33ACD746D99F19C1A8DD6A9550E9CAD9E00 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:09:53.0431 0x04a0  LanmanWorkstation - ok
00:09:53.0463 0x04a0  [ CEEFD29FC551F289810B0B9381B321DC, 900F206B487B2190D9363F28AA4BA0CD7DCFE1D005BE05A48AF74B1B81194691 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
00:09:53.0478 0x04a0  lltdio - ok
00:09:53.0509 0x04a0  [ BCF53485E0A94722CDE3C4A93CD8EB8C, D24E1066EB102245A89A5D17D608DB9DF6B71C99F1C77E070B95EFD17D268141 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
00:09:53.0541 0x04a0  lltdsvc - ok
00:09:53.0572 0x04a0  [ 5A2F7F1CBC2E631A497DAD16164E06D2, 35274FC6C386380B01B5E8F467E71A2C4E2FB2AD701554F9B1A9B036B0340142 ] lmhosts         C:\Windows\System32\lmhsvc.dll
00:09:53.0588 0x04a0  lmhosts - ok
00:09:53.0634 0x04a0  [ 4269D44BB47A6DA5D80B11F4C8536458, 7A8FFC8F851DD9E5C43986BE0888831CB71D188138DF3CF7F787DADDA70915B0 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:09:53.0728 0x04a0  LMS - ok
00:09:53.0744 0x04a0  [ 022CDD12161B063D7852B1075BF3FFF2, E21267243AF2FC208D27E67827B1264A762C99AECEDB7AD2C48A04F421A6B2F0 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
00:09:53.0759 0x04a0  LSI_SAS - ok
00:09:53.0822 0x04a0  [ 07AD59D669B996F29F91817F0ECFA34F, 026F332F862D142BFFC9D169CCD17A35BFB6B301EEC72AA13E16369B3520919C ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
00:09:53.0853 0x04a0  LSI_SAS2 - ok
00:09:53.0853 0x04a0  [ 216FB796AA4E252ACCE93B1BCB80B5EC, 5B1E49B5F7B9C7A778198D27F8EE500FE35DC32D40B22A3D6ED67560BEB04212 ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
00:09:53.0884 0x04a0  LSI_SCSI - ok
00:09:53.0884 0x04a0  [ 5E80530AF37102488EE980B4A92AF99F, 364E18EAD9AC22F8A306B24C6C43E58224F6BE2744EFEAA2484696B8D9880851 ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
00:09:53.0900 0x04a0  LSI_SSS - ok
00:09:53.0947 0x04a0  [ A57BA284F5996FFD32DCDBC41A4657DB, 2106B83873A824BC83EF42FAC9DD9A0F741209535A84AE65EA8E786519920043 ] LSM             C:\Windows\System32\lsm.dll
00:09:54.0025 0x04a0  LSM - ok
00:09:54.0041 0x04a0  [ 2BDC5D711FA61307CE6190D47C956368, 6BCDC6CBB9783F1ABE8957BDA94AF977DFB2A310BB6D19085EFC8609C97FD180 ] luafv           C:\Windows\system32\drivers\luafv.sys
00:09:54.0072 0x04a0  luafv - ok
00:09:54.0103 0x04a0  [ 0BB97D43299910CBFBA59C461B99B910, 27C22D9D9EE8A410D7396960DA93E9E260D4DCDD38DCE06E85E45C5E24C067DE ] MBAMProtector   C:\Windows\system32\drivers\mbam.sys
00:09:54.0150 0x04a0  MBAMProtector - ok
00:09:54.0181 0x04a0  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:09:54.0291 0x04a0  MBAMScheduler - ok
00:09:54.0322 0x04a0  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:09:54.0463 0x04a0  MBAMService - ok
00:09:54.0541 0x04a0  [ E416E967E3FB6FB1E9AE12B9C7DAB526, 4849AE6B628D349F64D26CDD638B34E598E7C839335961C6AE39B305765106A3 ] MDM             C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
00:09:54.0572 0x04a0  MDM - detected UnsignedFile.Multi.Generic ( 1 )
00:09:56.0947 0x04a0  Detect skipped due to KSN trusted
00:09:56.0947 0x04a0  MDM - ok
00:09:56.0994 0x04a0  [ 9B0D829C3BE4E7472DB9DD2B79908E3C, ACED5806FFF39E84007B5A3DCB16315329DC53007F46B1BEEDC391CC659F7DD3 ] megasas         C:\Windows\system32\drivers\megasas.sys
00:09:57.0041 0x04a0  megasas - ok
00:09:57.0056 0x04a0  [ ECC3F54C7AFC318271C4F0B4606D8DB0, FD1ACB18B8C912C7A57DABCD5460800DD0721A82E09C8D79C47B3392D61CBEA6 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
00:09:57.0119 0x04a0  MegaSR - ok
00:09:57.0135 0x04a0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
00:09:57.0181 0x04a0  MEIx64 - ok
00:09:57.0213 0x04a0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] MMCSS           C:\Windows\system32\mmcss.dll
00:09:57.0228 0x04a0  MMCSS - ok
00:09:57.0260 0x04a0  [ 780098AD5DA8A4822E2563984C85EF7B, 29312970774E944B5ED388316CF3D350DCABF721F9695737B0AC56BE878B0446 ] Modem           C:\Windows\system32\drivers\modem.sys
00:09:57.0291 0x04a0  Modem - ok
00:09:57.0322 0x04a0  [ EA8EAD3F5B762F889CC7F3966625B48B, B701A42E5E08B7BC6601560446146803182E5DC631AB73E9408F19CB6432F121 ] monitor         C:\Windows\System32\drivers\monitor.sys
00:09:57.0338 0x04a0  monitor - ok
00:09:57.0353 0x04a0  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] mouclass        C:\Windows\System32\drivers\mouclass.sys
00:09:57.0369 0x04a0  mouclass - ok
00:09:57.0385 0x04a0  [ C0ADEBED913295803B579ED288936CBB, 58F71541166D1DA07C18FBD27458D55E3F8AD7291CB7496B3A2F01372A5B0CAE ] mouhid          C:\Windows\System32\drivers\mouhid.sys
00:09:57.0416 0x04a0  mouhid - ok
00:09:57.0416 0x04a0  [ 89D263DBF08119CE16273991C120D6DD, 9771EDAD266F0E234E71DFB6792F396710E051F2ADCA5CDADEBBD2790D0E6054 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
00:09:57.0431 0x04a0  mountmgr - ok
00:09:57.0510 0x04a0  [ AEE4E9CC59CDEB55B1ECB0E596E796BE, 674F6F38D86D238AFD6223E03A862F8B43DD8499FBC2D4B7A04E510EC5EACF3B ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:09:57.0556 0x04a0  MozillaMaintenance - ok
00:09:57.0588 0x04a0  [ 4CCBBD4944777CA100B9A6C2F149A46F, 7FC172FAF8266BFBBBBAD94FD67EA3C1872F5927DC3900A9A54DB2DFE34E7415 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
00:09:57.0603 0x04a0  mpsdrv - ok
00:09:57.0650 0x04a0  [ 9DE3341BD4E14BC5FADFCAD3019F2D0D, 37E0531EADABC6D4BCC496826651D4D14CF0D10156FF13C11BDE466084B44FF4 ] MpsSvc          C:\Windows\system32\mpssvc.dll
00:09:57.0775 0x04a0  MpsSvc - ok
00:09:57.0791 0x04a0  [ 3D70147F55F1EC84EB9139ED7FFE48BC, 12429C2FDDDA13815F0E18F9009011AA5360955759A23A38175543F480CB92EF ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
00:09:57.0822 0x04a0  MRxDAV - ok
00:09:57.0885 0x04a0  [ 93179D48066918323628CB016D8C94DC, FE110BF7A10EDD1DF7F6B933D373FCA51F37413282EBC4187E7C9B1965186BCC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
00:09:57.0947 0x04a0  mrxsmb - ok
00:09:57.0963 0x04a0  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3, C665B7896501D42C73955F4EAF4FA3C6B2C9286957D6023C235AFBF9BFB761C6 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:09:57.0994 0x04a0  mrxsmb10 - ok
00:09:58.0041 0x04a0  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26, 9822FA53E6067C0E39B7A3A3F1E88719D5D8B055D86FF894F0475B158289EA45 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:09:58.0057 0x04a0  mrxsmb20 - ok
00:09:58.0088 0x04a0  [ 98487487D6B3797CA927E9D7B030AE13, 05840AF0DD2E3CB596DA768DBD0728B52210EC05B55AB5921E697AD8956938DD ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
00:09:58.0119 0x04a0  MsBridge - ok
00:09:58.0150 0x04a0  [ 4A07458EB4F17573BD39F22029A991C1, 74D7A1882EA4D19B8F090C2813489E5D3F759BF4AF2D88AE852EC6510C405B5E ] MSDTC           C:\Windows\System32\msdtc.exe
00:09:58.0166 0x04a0  MSDTC - ok
00:09:58.0197 0x04a0  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
00:09:58.0213 0x04a0  Msfs - ok
00:09:58.0244 0x04a0  [ C32A7A39B960A42BA9D4FBE47213CA03, 4DA48587138972DA5E95AEDBBBE73BA8CCADC8172C6654427ABEAC8047B27E95 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
00:09:58.0260 0x04a0  msgpiowin32 - ok
00:09:58.0275 0x04a0  [ D3857A767B91A061B408CCAB02DA4F40, A4D780772086AD8717EE6DC2B6189F796939FB5E5AA08FD9D1984101998FBECF ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
00:09:58.0291 0x04a0  mshidkmdf - ok
00:09:58.0307 0x04a0  [ 839B48910FB1E887635C48F3EC11A05E, F8CFD99911500CC1B6A90C8E2A1697BD5A6E5776A62A62FE5B342FE204C936B1 ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
00:09:58.0322 0x04a0  mshidumdf - ok
00:09:58.0322 0x04a0  [ 55C0DB741E3AB7463242B185B1C2997C, D2E2A5B48A64EA0EC2A6566C08E65A38D11CEA64BCA7B57793BA0D009E4D974A ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
00:09:58.0353 0x04a0  msisadrv - ok
00:09:58.0385 0x04a0  [ 216C6B035A4BA5560E1255BD8E5BB89F, A14E038604B9A5506DB145A4D9F51E2751AC825240D2744924F39C332B5DE00B ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
00:09:58.0416 0x04a0  MSiSCSI - ok
00:09:58.0416 0x04a0  msiserver - ok
00:09:58.0447 0x04a0  [ 509809566E49F4411055864EA8D437CD, 70F37BF9C759E8BCA1C6AC8FB9805950925E1C648ED37E8561A0F7A407DFDC28 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
00:09:58.0463 0x04a0  MSKSSRV - ok
00:09:58.0478 0x04a0  [ 63145201D6458E4958E572E7D6FC2604, EDD4A8A3BBE94B983554B1117734E66A2647B867269C5F0567C47EDE6F3FACCB ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
00:09:58.0494 0x04a0  MsLldp - ok
00:09:58.0510 0x04a0  [ 99D526E803DB6D7FF290FD98B6204641, 4AFAA3B1186621AEAD19E12D3DBE104DD8FCD5C106F9EC3ADA4AD1BC7093E61F ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
00:09:58.0525 0x04a0  MSPCLOCK - ok
00:09:58.0525 0x04a0  [ 06FA77C3E2A491ADCD704C5E73006269, 465A7EE5387E6C11398A554F73437278F5BF110356E7F49F315905C1F2459278 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
00:09:58.0557 0x04a0  MSPQM - ok
00:09:58.0572 0x04a0  [ E134EC4DE11CF78CB01432D180710D84, BB111F97AEEFDCA5866B157E9957599CD7A4952B5BCCA0B0BCA9EDFCD17E61FE ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
00:09:58.0635 0x04a0  MsRPC - ok
00:09:58.0650 0x04a0  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
00:09:58.0682 0x04a0  mssmbios - ok
00:09:58.0713 0x04a0  [ 72D66A05E0F99F2528F6C6204FD22AA1, B14D433BC5795F1DC4C672302285E665DC012693E75574F60664AAD8874DE562 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
00:09:58.0728 0x04a0  MSTEE - ok
00:09:58.0760 0x04a0  [ 8AAAE399FC255FA105D4158CBA289001, 2F55C02605B4A3406B289FF9D46C76260B9138E3DE96AFAEA0E0522E5A2A746C ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
00:09:58.0775 0x04a0  MTConfig - ok
00:09:58.0775 0x04a0  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A, 00D33A4AB3E7C5F65F59C63F8E2FD27EF38D5484595F785D5632E9414E29352C ] Mup             C:\Windows\system32\Drivers\mup.sys
00:09:58.0791 0x04a0  Mup - ok
00:09:58.0807 0x04a0  [ 3A1E095277BBD406CEA8EA6B76950664, 47838F307A6354E77C19A7B1F3F3E22726EF60403B611F358AD6FFE81D7214E7 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
00:09:58.0853 0x04a0  mvumis - ok
00:09:58.0885 0x04a0  [ 4B18840511D720BA118D3017E8165875, 724458A69269A5AE57E8DAB74FF3C198A79B6F7A9602BF38A70B4A40543ED167 ] napagent        C:\Windows\system32\qagentRT.dll
00:09:58.0963 0x04a0  napagent - ok
00:09:58.0978 0x04a0  [ 43D7388A90A4C6EA346A4D6FF0377479, DFDCFA448B49C8A577056070AF516F08CD2E452706A3CF9173195ABA4256F35D ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
00:09:59.0041 0x04a0  NativeWifiP - ok
00:09:59.0072 0x04a0  [ 6A0C3996DA7DAE6D6939676D786EEEC4, 6E8A4C6234FD3040BC889E92016A4D5AC7BCAF5059521E50C733966163A546A0 ] NcaSvc          C:\Windows\System32\ncasvc.dll
00:09:59.0088 0x04a0  NcaSvc - ok
00:09:59.0119 0x04a0  [ C982FE4CC91DECE2259F494FCEB4030F, 4C285407E6F9FBBA92180F4063AEFB736ED142D802F0151002F0CC20AB7BB4E5 ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
00:09:59.0150 0x04a0  NcdAutoSetup - ok
00:09:59.0213 0x04a0  [ A10E176F3B2BF83EDE7B5C4658C93B66, 42F2FAEB4A29BBC6727D7E159D3E7E2E66D33785E5C98496EEB44D281601A23E ] NDIS            C:\Windows\system32\drivers\ndis.sys
00:09:59.0400 0x04a0  NDIS - ok
00:09:59.0432 0x04a0  [ 39C8A1D9D46F5E83A016BCAB72455284, 80DBED610E0818C2C7122FBC5BC8C15BCE981538AE48DC48F464A86389AF3F68 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
00:09:59.0447 0x04a0  NdisCap - ok
00:09:59.0463 0x04a0  [ 762941932B7E4C588E48A577BA9D6440, 71FA1870E398CB848D8294FEF6C60E0499CAB9A16EC3F487564C41072590E4F3 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
00:09:59.0494 0x04a0  NdisImPlatform - ok
00:09:59.0541 0x04a0  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
00:09:59.0557 0x04a0  NdisTapi - ok
00:09:59.0572 0x04a0  [ 79AB68BB3FFF974AD4F41FA559F4EC67, 1745EC6520B48E325C56D98A1F4DB9CE135FE3E097B3D66E6598791132CAD7BD ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
00:09:59.0603 0x04a0  Ndisuio - ok
00:09:59.0603 0x04a0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:59.0635 0x04a0  NdisWan - ok
00:09:59.0635 0x04a0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
00:09:59.0666 0x04a0  NDISWANLEGACY - ok
00:09:59.0697 0x04a0  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
00:09:59.0713 0x04a0  NDProxy - ok
00:09:59.0713 0x04a0  [ D3F60A4345FCA9C1BE68AD7D0D6DE770, 214AF09F4B021C2F8655FBC8AC8C801E89CD9115CDE690FAEBDA69D63D660EDD ] Ndu             C:\Windows\system32\drivers\Ndu.sys
00:09:59.0744 0x04a0  Ndu - ok
00:09:59.0744 0x04a0  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
00:09:59.0775 0x04a0  NetBIOS - ok
00:09:59.0791 0x04a0  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
00:09:59.0853 0x04a0  NetBT - ok
00:09:59.0869 0x04a0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] Netlogon        C:\Windows\system32\lsass.exe
00:09:59.0900 0x04a0  Netlogon - ok
00:09:59.0916 0x04a0  [ 89519D29CBEC2121CA65CC29C4D345E0, F3BA7BCAFEC8DD8B29837458D1B2B1DEE748AEAAAE0575FD3AAE65CFC72A04CD ] Netman          C:\Windows\System32\netman.dll
00:09:59.0947 0x04a0  Netman - ok
00:09:59.0994 0x04a0  [ 79FA9393C67EBBF92A56923592CF7A7C, A8AB8A6346B97B68810CC632F425085BE9E63ACAED0F119A7BFD03F2DA4AA5F6 ] netprofm        C:\Windows\System32\netprofmsvc.dll
00:10:00.0057 0x04a0  netprofm - ok
00:10:00.0166 0x04a0  [ 080417AC9E51B2B29656EC26B62E87F1, F85B0F301396913427CA410AEA302119BBDC625AFDB560D9B7A08E9E622AEB8E ] netr28x         C:\Windows\system32\DRIVERS\netr28x.sys
00:10:00.0338 0x04a0  netr28x - ok
00:10:00.0385 0x04a0  [ 5243CFC2E7161C91C2B355240035B9E4, CFD77485A9D7BC47F3A9C53D73B2AE2D5D04B90ED38628F3124EA569F4DE969E ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:10:00.0416 0x04a0  NetTcpPortSharing - ok
00:10:00.0447 0x04a0  [ 12DD2800E4EEA37DC9AE256AD62423B4, 34740469EEA8740CBACD881CB232C9ABB9AB180DE5F45336BC6DBE154259F29B ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
00:10:00.0463 0x04a0  nfrd960 - ok
00:10:00.0525 0x04a0  [ 80ABCD4C2DE9FD832477303AE0CA3BE5, 98F3958E650CEB1006D92980503E1B176D2CA55D2A6742C1C27CDE829D137DA9 ] NlaSvc          C:\Windows\System32\nlasvc.dll
00:10:00.0604 0x04a0  NlaSvc - ok
00:10:00.0635 0x04a0  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
00:10:00.0682 0x04a0  Npfs - ok
00:10:00.0682 0x04a0  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
00:10:00.0713 0x04a0  npsvctrig - ok
00:10:00.0744 0x04a0  [ 832B5FDF0B5577713FD7F2465FCD0ACE, 4A551CDBACED47DD781EC59F8B59A13D66EFD85DCF636BCFCBACFE5972A78E93 ] nsi             C:\Windows\system32\nsisvc.dll
00:10:00.0760 0x04a0  nsi - ok
00:10:00.0760 0x04a0  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
00:10:00.0791 0x04a0  nsiproxy - ok
00:10:00.0900 0x04a0  [ 76929F4A69E425911A63B407E26C2589, 17896DB6EDEF2637D159432DB61E8B5FA2F4F54B5F50BCD6215827C321ED2C2A ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
00:10:01.0119 0x04a0  Ntfs - ok
00:10:01.0135 0x04a0  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] Null            C:\Windows\system32\drivers\Null.sys
00:10:01.0166 0x04a0  Null - ok
00:10:01.0182 0x04a0  [ D6D34118263412D3AAA8348A9572B7F2, 66106A25BC5A4CA7697A23ED67CEDB5C0BF678EA70FD967A405D2DF76F4CA3A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
00:10:01.0213 0x04a0  nvraid - ok
00:10:01.0213 0x04a0  [ 27AFC428D1D32ABD04A86763A4EDDEA9, 0920866013A8C8CFEE00E6AECDD41736F5501C49837E2D785998734F087F6B98 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
00:10:01.0244 0x04a0  nvstor - ok
00:10:01.0260 0x04a0  [ 051CFB5107BAAE510419BDC41F8C4036, 9990906F17A3886EF301D2AA6556263B52A1C0554C6BD18331AF44ECECAEE4B5 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
00:10:01.0275 0x04a0  nv_agp - ok
00:10:01.0307 0x04a0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
00:10:01.0338 0x04a0  p2pimsvc - ok
00:10:01.0369 0x04a0  [ 4319FD931DCD796435ECB5DB4A04FBA5, 20185B2F359EEC202B37019A4E4F5B914ADCF78B97AF0CBD91EECED2259FC6DE ] p2psvc          C:\Windows\system32\p2psvc.dll
00:10:01.0432 0x04a0  p2psvc - ok
00:10:01.0463 0x04a0  [ 4563DAF8C6A740AD7F501E219BD10766, 7A1212DDAE2D66A9C2041262796904E36036CDC4C5B75C2F66B8DF9D89F7C25D ] Parport         C:\Windows\System32\drivers\parport.sys
00:10:01.0510 0x04a0  Parport - ok
00:10:01.0541 0x04a0  [ D6ACCF9F2EEEEA711C14EFD976E573F3, 60D2A81832A8D24F91C3EF134440D5026354917F59462BACBCE7A01D84767D91 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
00:10:01.0557 0x04a0  partmgr - ok
00:10:01.0588 0x04a0  [ 4811D9EC53649105A5A8BEA661B0F936, C77907E03D0561500FCFEAFAC323E9679E66297329901A0CA2BD7E919419A8E8 ] PcaSvc          C:\Windows\System32\pcasvc.dll
00:10:01.0682 0x04a0  PcaSvc - ok
00:10:01.0697 0x04a0  [ 4A003E8F718C1E6A2050CA98CD53E3E2, BCC3BE1EC3FA4967353371D85094D096940A7B5944A6FFCA31E8FBE83D92CC6C ] pci             C:\Windows\system32\drivers\pci.sys
00:10:01.0744 0x04a0  pci - ok
00:10:01.0760 0x04a0  [ F9908D274D458220F91E89B54D78D837, 1E89ABFA6B375383E0297CEE5AF66E37F90E16DD21ABA5C91777A86CDF013B4D ] pciide          C:\Windows\system32\drivers\pciide.sys
00:10:01.0807 0x04a0  pciide - ok
00:10:01.0838 0x04a0  [ 84D19CB6102627932DCB5DFDF89FE269, 2F9C47E076645B35877D9ACA77968EFFCDA8794D76265CD9A4AAA239C4B33C5F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
00:10:01.0885 0x04a0  pcmcia - ok
00:10:01.0900 0x04a0  [ CEBBAD5391C2644560C55628A40BFD27, 8AAA6EBD8D89FC91AECCCF1452F53C5650A1A17027FF4E64D224371404CE4C8B ] pcw             C:\Windows\system32\drivers\pcw.sys
00:10:01.0916 0x04a0  pcw - ok
00:10:01.0947 0x04a0  [ 0698DEDEAD6A00AD0D468C687D830FBF, B9DCA1A61F2EF80DB26380F390F2E9A17114D33129D61CF465B949B6A7916CAA ] pdc             C:\Windows\system32\drivers\pdc.sys
00:10:01.0979 0x04a0  pdc - ok
00:10:02.0041 0x04a0  [ 61FE70659CD43E07F94DA4DC31DEC493, 3739B6670B440173FD81DE3D47B0B90FAF296802AD4F57C05BF5CF191BF16022 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
00:10:02.0119 0x04a0  PEAUTH - ok
00:10:02.0182 0x04a0  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A, 459CF99D5243C4ACAA38C7B426ADC52F1044C759D06A925D475DF6213AEB85CD ] PerfHost        C:\Windows\SysWow64\perfhost.exe
00:10:02.0229 0x04a0  PerfHost - ok
00:10:02.0244 0x04a0  pfc - ok
00:10:02.0275 0x04a0  [ 6E84BFF58F7643499277F29DFA2F8C8D, 401CCF137F35D9690C7B56B2BFEDB2DB72709EBE38626D787904B67640EF6F14 ] pla             C:\Windows\system32\pla.dll
00:10:02.0369 0x04a0  pla - ok
00:10:02.0400 0x04a0  [ 799BE46D45D486704CE0F37CA5385262, BB78DEE83B9DB613B1C083D55FAA458BE3E394AED80EB91B599185A7272F33B3 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
00:10:02.0447 0x04a0  PlugPlay - ok
00:10:02.0447 0x04a0  PnkBstrA - ok
00:10:02.0463 0x04a0  [ 8E2414E818C26C4A9C70CB2B8567F04F, A16B22AE143BA070C562FBE5DEF32F7E228F50B302B66E46B46C44C0F50A4461 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
00:10:02.0494 0x04a0  PNRPAutoReg - ok
00:10:02.0525 0x04a0  [ AB76700D764A342D7475FB8F47CAB18C, ECDF705D3E69EF6E7044C98A462A7281D0E7D0D85769C0815555D934B0B69C8D ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
00:10:02.0557 0x04a0  PNRPsvc - ok
00:10:02.0604 0x04a0  [ 0108C8E5176D590F242701EF5A62CC26, 3A72F5D4402663B7445F6B3C55F01E83A619B6192F7D3CC2DE3C57F9F50D5A2D ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
00:10:02.0713 0x04a0  PolicyAgent - ok
00:10:02.0744 0x04a0  [ F1E067F56373F11EA4B785CAE823740A, 69BD30E64DA17595FF29C9C9FF9AD4F2F4BE29B688FBAC9DABB2FA9D13A47FF0 ] Power           C:\Windows\system32\umpo.dll
00:10:02.0791 0x04a0  Power - ok
00:10:02.0822 0x04a0  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
00:10:02.0838 0x04a0  PptpMiniport - ok
00:10:02.0963 0x04a0  [ C2D3B3D0060619D5E03E696BD56FF59F, 155954F16B6F9B51BA16F43F1AE6F977B1EC4DE77862C6F6C722293189BE0DD2 ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
00:10:03.0135 0x04a0  PrintNotify - ok
00:10:03.0166 0x04a0  [ DD979EB6A7212F60E4AFBE96EDC7AE6D, BC681D64C5B8F08FD4613D71111853FCD5B05E4BD127D2C6258BAED7627105BE ] Processor       C:\Windows\System32\drivers\processr.sys
00:10:03.0197 0x04a0  Processor - ok
00:10:03.0229 0x04a0  [ 429E8502AD2227CF88F8840FC5BD590D, A186DA46C083580ACEDE9C7E3156865034302CD803140EEEC8E1DE16DA4BC99B ] ProfSvc         C:\Windows\system32\profsvc.dll
00:10:03.0276 0x04a0  ProfSvc - ok
00:10:03.0307 0x04a0  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
00:10:03.0338 0x04a0  Psched - ok
00:10:03.0369 0x04a0  [ 0AFBF333B6F87A2F598EAB379AF100B8, D11F3A4D7E4463B62E2DBDE5FC61425B1FDFB07DD1A19BC001D479CA1F554510 ] QWAVE           C:\Windows\system32\qwave.dll
00:10:03.0416 0x04a0  QWAVE - ok
00:10:03.0447 0x04a0  [ 13D47BB0CCA2FC51BD15F8E85C6A078E, EA832A9511007C9E8599C3066E1FA66BE869E8A27886D9A9AC590BD4DFBD1A15 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys




 

Link to post
Share on other sites

10:03.0463 0x04a0  QWAVEdrv - ok
00:10:03.0619 0x04a0  [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] RapportCerberus_59849 C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
00:10:03.0744 0x04a0  RapportCerberus_59849 - ok
00:10:03.0838 0x04a0  [ EBA3D20E285D7461C2177AD2E64DA7EF, C24D0CBB030F632325C77CAD2982BB9E1B2A259FEA6EAF261F988547CFBBA2EC ] RapportEI64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
00:10:03.0901 0x04a0  RapportEI64 - ok
00:10:03.0932 0x04a0  [ 6F8512C8B25445860A07B5103394FB3D, 228DE7AFD20AAF58CE9F0BFDE6CF0422048D137B0398094D05CF042A37552893 ] RapportHades64  C:\Windows\system32\Drivers\RapportHades64.sys
00:10:03.0979 0x04a0  RapportHades64 - ok
00:10:03.0994 0x04a0  [ 7252FEA79A5EE99C6F7A432090978852, D9BCA7CC4FFE615335D224155BB3F9D4EFE45F985EE8FD1474C5CC70476C3C58 ] RapportKE64     C:\Windows\system32\Drivers\RapportKE64.sys
00:10:04.0057 0x04a0  RapportKE64 - ok
00:10:04.0135 0x04a0  [ E0A588F701D3F89592B59C4B37037F52, 8A1CCC2485EEE45120090BD0EF5B865E5E085A5CF1DA3069AEE9300A99E1EFD0 ] RapportMgmtService C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
00:10:04.0713 0x04a0  RapportMgmtService - ok
00:10:04.0744 0x04a0  [ E36D2CEC679CEDC1A298C36BCDAF8E23, B6F01940963C89B70732D89E59F3020D2EE60246CC0CB1B73CC4C13288B634C3 ] RapportPG64     C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
00:10:04.0822 0x04a0  RapportPG64 - ok
00:10:04.0838 0x04a0  [ 873C60F8178100557740A832FCE10B5F, 400EF60CB2C98E2AFE122AF3D01CCE56A1548AF865345EE2194AB74DBCBF4C48 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
00:10:04.0869 0x04a0  RasAcd - ok
00:10:04.0901 0x04a0  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
00:10:04.0947 0x04a0  RasAgileVpn - ok
00:10:04.0979 0x04a0  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0, 2F3C90A04964D4D906238BD557D90F7AC05DF86FE9729C4378B39431F54DDAE3 ] RasAuto         C:\Windows\System32\rasauto.dll
00:10:05.0026 0x04a0  RasAuto - ok
00:10:05.0057 0x04a0  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:05.0088 0x04a0  Rasl2tp - ok
00:10:05.0104 0x04a0  [ C923C785A2DE0B396AD6D13ACAFF2DE9, 4F950DA776FBABEC7D546983D6F3018733F61268A4BF95C01D4836AD000BD073 ] RasMan          C:\Windows\System32\rasmans.dll
00:10:05.0166 0x04a0  RasMan - ok
00:10:05.0198 0x04a0  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:05.0229 0x04a0  RasPppoe - ok
00:10:05.0229 0x04a0  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
00:10:05.0260 0x04a0  RasSstp - ok
00:10:05.0307 0x04a0  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
00:10:05.0385 0x04a0  rdbss - ok
00:10:05.0401 0x04a0  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
00:10:05.0432 0x04a0  rdpbus - ok
00:10:05.0463 0x04a0  [ B2A3AD74FF2E2FFA73AF2567108231B3, DF8CEA6215F75C634D56F6B8AE11ECCEEB5F8CBC091AC3D6D9F7DE214B00A439 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
00:10:05.0510 0x04a0  RDPDR - ok
00:10:05.0541 0x04a0  [ 57F4787E4602A3FCA719C0A33137C6DA, D03AE59A184EB5D126F8EAB9D36EE406ABB8B9ED834F2D2496DDB1349FF56F89 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
00:10:05.0573 0x04a0  RdpVideoMiniport - ok
00:10:05.0604 0x04a0  [ B3CB0721E81E30419CE7D837EF4EA151, EC9410818661BF77E4A19694E3A3030E1D983B36F49C72E27F92A1424E0729C2 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
00:10:05.0666 0x04a0  RDPWD - ok
00:10:05.0682 0x04a0  [ 62C1F8A0685FE07E998AA296C4F697C4, C636AB2D0F139003A6AD7A12E9DC13EE4485A62F30DA59AF842FF02FE07442EE ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
00:10:05.0713 0x04a0  rdyboost - ok
00:10:05.0744 0x04a0  [ 3663CCF243EE0C04E9F6F91ED1737273, 31D06445996F99A7F6B32004D1BA63A21C61DE125373F860BA9A9DE5278E8293 ] RemoteAccess    C:\Windows\System32\mprdim.dll
00:10:05.0791 0x04a0  RemoteAccess - ok
00:10:05.0823 0x04a0  [ E80DD61E52EDFFF9DA1ED7260A68855B, 97909F42AE35E28B8F98C01A1D8BAD80A949CDCA0C88FB4ACF0A655DC7C10E45 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
00:10:05.0854 0x04a0  RemoteRegistry - ok
00:10:05.0885 0x04a0  [ 73F2E030B5C24E4E41401B5F0D59E6FD, FAA8B5E3159684E0836900C6EAF63857B445F7F180169B56D5790F097EDAA38B ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
00:10:05.0901 0x04a0  RpcEptMapper - ok
00:10:05.0932 0x04a0  [ 10B21284B3D964AB3DC45490E57D422E, 12D5E3A7785F21C99C5EAD14A88EB7A86A058E26C091991339356D99D196CC13 ] RpcLocator      C:\Windows\system32\locator.exe
00:10:05.0963 0x04a0  RpcLocator - ok
00:10:05.0994 0x04a0  [ 1EC6E533C954BDDF2A37E7851A7E58FD, C25936A7465B6A2B3D05D2FCB09D91ACC07CFE038A5E968C99CFA9D9F2967DD4 ] RpcSs           C:\Windows\system32\rpcss.dll
00:10:06.0073 0x04a0  RpcSs - ok
00:10:06.0088 0x04a0  [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] RSP2STOR        C:\Windows\system32\DRIVERS\RtsP2Stor.sys
00:10:06.0119 0x04a0  RSP2STOR - ok
00:10:06.0151 0x04a0  [ E04E770DD198B9399640717145E79EBF, 2F9BECB7E4B0A522C6370FD39CFD7DFD3FB5D0A779AECCED2EE855629FA3C952 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
00:10:06.0182 0x04a0  rspndr - ok
00:10:06.0229 0x04a0  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
00:10:06.0385 0x04a0  RTL8168 - ok
00:10:06.0401 0x04a0  [ 752EC7DCD2F96871A3857EEE6AFE965A, 1D0640966B9147A06ED0E733711773E6B4AB8AC6D962D5B369ECB04170D18AD8 ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
00:10:06.0448 0x04a0  s3cap - ok
00:10:06.0479 0x04a0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] SamSs           C:\Windows\system32\lsass.exe
00:10:06.0526 0x04a0  SamSs - ok
00:10:06.0541 0x04a0  [ 9C7B28CE0D136DB226E24DB3BC817F92, E9DE55D6432ADD08EC75F99F2B5D2BD1F553F4EE55991B1767B1578351EE0BF2 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
00:10:06.0557 0x04a0  sbp2port - ok
00:10:06.0619 0x04a0  [ 14316954FCE79C9DE5A0AFF9D42C83AA, B60FB1FAC0299F9560761411711E86EDFA2F8D27B58230E2E4BB37736FAB2287 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
00:10:06.0666 0x04a0  SCardSvr - ok
00:10:06.0698 0x04a0  [ 5D7733A12756B267FCA021672B26BC9E, 01CE5B5F49914B9E099BD909A66296F3A40644AE47BA1D5EBFFB30CD33C70A4A ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
00:10:06.0729 0x04a0  scfilter - ok
00:10:06.0838 0x04a0  [ ED40ED9A65F3E79A8C43DD50C5FDADBF, 2323BFAB1BC3D661A376650B7AC14C7780C92BA575DA048F3C7611CDB3F7F04A ] Schedule        C:\Windows\system32\schedsvc.dll
00:10:07.0026 0x04a0  Schedule - ok
00:10:07.0057 0x04a0  [ BAF8F0F55BC300E5F882E521F054E345, FB228DB18F2FA55D8BA35A7E6778EE5D2EB0C29D384F1A0A868F90AE706188D7 ] SCPolicySvc     C:\Windows\System32\certprop.dll
00:10:07.0088 0x04a0  SCPolicySvc - ok
00:10:07.0135 0x04a0  [ F58B030A0664385C707B8C1C63682041, E46AADAA2CD687B9A4B564DC5B002493C8480542588E660BC3DF89EAF9DB0427 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
00:10:07.0166 0x04a0  sdbus - ok
00:10:07.0213 0x04a0  [ 92968277ED491E4B3DDA361E3952361E, 71C50853BB2126A34C7CD014EE44D4B8B39F589E2E8E8E8F4C982E07498E3899 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
00:10:07.0244 0x04a0  SDRSVC - ok
00:10:07.0291 0x04a0  [ BB107AA9980B0DA4E19A3A90C3BD4460, BCB4CF0FFF1FD57302557B68044A88C8EEAAE57C2FEAE8EAD1F410F960298B6D ] sdstor          C:\Windows\System32\drivers\sdstor.sys
00:10:07.0323 0x04a0  sdstor - ok
00:10:07.0354 0x04a0  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
00:10:07.0401 0x04a0  secdrv - ok
00:10:07.0432 0x04a0  [ CD282626738B6BC92B6E7CD0AAE95B63, 1A56567C781786C85C63E24E79186EE5C82D3EB2679061B21BA0571A3A6CB7F5 ] seclogon        C:\Windows\system32\seclogon.dll
00:10:07.0463 0x04a0  seclogon - ok
00:10:07.0479 0x04a0  [ 9C51620998F0763039DFA6BF68E475ED, 9E496ADE7CE9A446BE8A2C2FC61B462D966778A94A4C147AABBD25C4821C2BCE ] SENS            C:\Windows\system32\sens.dll
00:10:07.0510 0x04a0  SENS - ok
00:10:07.0541 0x04a0  [ 0D50B4B860DAB65241628D04CD33ACAE, 2AA897C3F9ED076AB9244A32745D18489B076F3ED28A35B868C472131C5B5B46 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
00:10:07.0573 0x04a0  SensrSvc - ok
00:10:07.0588 0x04a0  [ 87C46B239A7EEF30FDFDD5E9BD46130C, F36FB5B20AC58FBD31F7E636059D2D865B751E178E51A03B94ABE0BBD1AB1EC9 ] SerCx           C:\Windows\system32\drivers\SerCx.sys
00:10:07.0604 0x04a0  SerCx - ok
00:10:07.0620 0x04a0  [ 7A1F9347C85FD55E39B8A76B3A25C5AD, 03AF3B23285278A38F4CBEAB7FD326A48FA1EC7F8D044C059CE5403C6D225639 ] Serenum         C:\Windows\System32\drivers\serenum.sys
00:10:07.0666 0x04a0  Serenum - ok
00:10:07.0682 0x04a0  [ F640A0A218BBF857F1D04A15D7D939F6, 948C13886281FE7947E10FB7B34D5CCFE512FB632F1132B6062AC85149F79950 ] Serial          C:\Windows\System32\drivers\serial.sys
00:10:07.0713 0x04a0  Serial - ok
00:10:07.0713 0x04a0  [ F1A5F56B2620B862CC28FF96A0A6DAAB, E5367212B2CADF3820D657CFC27CD961547E28DAB950C68E1380CF97FB68F3F4 ] sermouse        C:\Windows\System32\drivers\sermouse.sys
00:10:07.0760 0x04a0  sermouse - ok
00:10:07.0791 0x04a0  [ CB60A60340788C8D6DE2A269D28086AB, 2D8948E59BB9B00E16D20E425F80E7B862957DBAC9A4D1484E5191FAF333B60D ] SessionEnv      C:\Windows\system32\sessenv.dll
00:10:07.0807 0x04a0  SessionEnv - ok
00:10:07.0823 0x04a0  [ 7EE65419B29302C795714FF8073969A1, E28D89A5423E3A5062030EB2418E9435DD5D8B9D16570046E782D3FCFDA2E79A ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
00:10:07.0854 0x04a0  sfloppy - ok
00:10:07.0885 0x04a0  [ 090AE16F79C8EAD04E6031F863DA85F3, 3F27BE46DF602B53940414A6E9FEB23B36CFFB8E9A7F41440C3315B8E27D0029 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
00:10:07.0963 0x04a0  SharedAccess - ok
00:10:08.0041 0x04a0  [ A77F3ABE13FCC698511E5DEC7ACEBD5F, 78A43FDA9F770FD8BA107605DB44BC71D8B89D7E75560DA783AA6356C1873C15 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:10:08.0151 0x04a0  ShellHWDetection - ok
00:10:08.0182 0x04a0  [ 2560721D6F16D5B611C36A3A9D28C1B2, 15C30404902654ABA5DB5367FC5BD31343B12A3FC22B4BC5A26B09016447B5ED ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
00:10:08.0307 0x04a0  SiSRaid2 - ok
00:10:08.0323 0x04a0  [ 3AA8FDE1DBF65BB8B88B053529554A0D, 8060D946344D043D336F4735363C23C37C91A6DB3F81E575C267B2EC2BECB0EC ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
00:10:08.0416 0x04a0  SiSRaid4 - ok
00:10:08.0463 0x04a0  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
00:10:08.0541 0x04a0  SkypeUpdate - ok
00:10:08.0557 0x04a0  [ AF5CC3F9B88F140D78FC967ABF0F4EC7, 7CE3AB7B0A36635CF00E35E84C14B8661FAF794ABCFA61AE45A0E5E8EA996A3B ] SmbDrv          C:\Windows\System32\drivers\Smb_driver_AMDASF.sys
00:10:08.0588 0x04a0  SmbDrv - ok
00:10:08.0620 0x04a0  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
00:10:08.0635 0x04a0  SmbDrvI - ok
00:10:08.0666 0x04a0  [ E660156A4588A84305CB772FD2C0DB21, 9492EB6578D4A689945E1FC2440EFA77D461049CDB2D00A645969A71B7DA68E1 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
00:10:08.0682 0x04a0  SNMPTRAP - ok
00:10:08.0776 0x04a0  [ 3A4F2C0BB87A0895ABEBA341AA1E341B, 4DADEEF3C5D181502D6F4A00FBBF3B001FA626E49569FB330D7AE2955CC7DE08 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
00:10:08.0807 0x04a0  Sony PC Companion - ok
00:10:08.0838 0x04a0  [ 9110193D93960E38B8692E4519C75D72, 789381B4CCC056EE431E78E2339AC9802264A1CE4B378DDA9769649664C9A7A0 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
00:10:08.0932 0x04a0  spaceport - ok
00:10:08.0963 0x04a0  [ 3D8679C8DF52EB26EB7583A4E0A29202, DCD9B69299275857712AB200C014AE820C8A9F7E53C4A335A84518FBE4BB56BB ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
00:10:09.0010 0x04a0  SpbCx - ok
00:10:09.0073 0x04a0  [ 3F215BF2D4D8D6756298B25B579772C2, 744192D1635E5D296BFD399E870B70592202CEAF95C31C2D2B226A868D33A3FD ] Spooler         C:\Windows\System32\spoolsv.exe
00:10:09.0213 0x04a0  Spooler - ok
00:10:09.0573 0x04a0  [ 061A977C920FBE4BF71FF47C966DDDCA, 746516396B72E4ADB05D978C819CD45FE44EE194756F6DA50121D755439CA590 ] sppsvc          C:\Windows\system32\sppsvc.exe
00:10:09.0870 0x04a0  sppsvc - ok
00:10:09.0963 0x04a0  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6, 61EEB1349489CB85204F1B4E398BE24EDC01FB914120C9DD0487F8EE1EDA055E ] srv             C:\Windows\system32\DRIVERS\srv.sys
00:10:10.0057 0x04a0  srv - ok
00:10:10.0135 0x04a0  [ 56218A571ECF8D55E0CDFF8DF2546CF1, 44B34722108EDDC8757A0B7C939A854457BB7EBC92A83C4284DFFAECFC2E3619 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
00:10:10.0276 0x04a0  srv2 - ok
00:10:10.0323 0x04a0  [ 14FC338B80CFF7E04215133B568D15C4, 1F437BE0EC887097F0C3409D4198A20981FC325FDF915532AB85070D337DEF2B ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
00:10:10.0370 0x04a0  srvnet - ok
00:10:10.0385 0x04a0  [ 7A20882D76D4A78240A5AC9F2C2EBA21, ACA05211EE542999A118BBD2CD051038A7DC8C40C4B8971DC6514BA90E90EC61 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
00:10:10.0432 0x04a0  SSDPSRV - ok
00:10:10.0432 0x04a0  [ D233B16999A8E626F6004BD7814C57EC, 5BBFE5DDF1269617ABD1BDBED85A79D99BB52EA29C2BB3A8F4A1827BFAA1A747 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
00:10:10.0448 0x04a0  SstpSvc - ok
00:10:10.0479 0x04a0  [ EA8F41484CCC5BA6A1455C2AD3D1BE3C, B206AA8F4BA7C1E15561B4F2011FA483C5401B0300914F747804A116CCE972BF ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
00:10:10.0510 0x04a0  ssudmdm - ok
00:10:10.0635 0x04a0  [ F452B51D895D894BF5487057E11D44CF, 4B4F54646B1069EA27D4A4F17CB85A66FF7B36A6087F3D07F12221B29DFBF8F2 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
00:10:10.0760 0x04a0  STacSV - detected UnsignedFile.Multi.Generic ( 1 )
00:10:13.0135 0x04a0  Detect skipped due to KSN trusted
00:10:13.0135 0x04a0  STacSV - ok
00:10:13.0245 0x04a0  [ 2F3B5A3567FFB343D8867C3D34C687F1, D01971412506746B2EA1CBB0ACF9472889ABBC23318C1332BEC9C8256011183E ] Steam Client Service C:\Program Files (x86)\Common Files\Steam\SteamService.exe
00:10:13.0464 0x04a0  Steam Client Service - ok
00:10:13.0479 0x04a0  [ 4E85355B94CFCB67C135F6521A4895A7, AC4FC65C1E62A54B3834E7FE0A2B1ECC48A2AA563AE5BD508326EE68FFFBBEEE ] stexstor        C:\Windows\system32\drivers\stexstor.sys
00:10:13.0510 0x04a0  stexstor - ok
00:10:13.0542 0x04a0  [ B05AEC4014FFDC1793B5CCB6D9BD28D1, ED9CC2B5954BDB12868357703B451D8A086FC9DDA0A8F0EA486E3834B0854EE6 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
00:10:13.0667 0x04a0  STHDA - ok
00:10:13.0714 0x04a0  [ BAC8A721736AECC55A4F71523AEAB65F, B52E1303B13A961A5FC190829E55B6F28ACA409A6EEF44B358D1D210558FE1D8 ] stisvc          C:\Windows\System32\wiaservc.dll
00:10:13.0792 0x04a0  stisvc - ok
00:10:13.0807 0x04a0  [ B240874B2CA0CD02E8CD11E140B14C57, 0FDBEE3DB644175A30065CAF020F375703ADC45A33221788C010F3111707FC25 ] storahci        C:\Windows\system32\drivers\storahci.sys
00:10:13.0839 0x04a0  storahci - ok
00:10:13.0854 0x04a0  [ F74DBC95A57B1EE866D3732EB5F79BE2, E4FE9D5CD0A385ACB60D5D5E8D969F26C3A6BC0C08FF0838DBE9CA106229C8DE ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
00:10:13.0885 0x04a0  storflt - ok
00:10:13.0901 0x04a0  [ 5337E138B49ED1F44CCBA4073BC35C20, 2B296973215E3865A56C46DC3D27F1460D96BC321558CE7A911B05B0E7BF397F ] StorSvc         C:\Windows\system32\storsvc.dll
00:10:13.0932 0x04a0  StorSvc - ok
00:10:13.0948 0x04a0  [ 543CD3CC0E05B8D8815E0D4F040B6F59, 4B57C9534E94A0A67FC82DBD4FAECACA180BEC281FB477550A37C0A04777E09E ] storvsc         C:\Windows\system32\drivers\storvsc.sys
00:10:13.0964 0x04a0  storvsc - ok
00:10:13.0995 0x04a0  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A, 82CC77030D23013572B4A64A64B6156789F253BF56268B790093CE3D345410A0 ] svsvc           C:\Windows\system32\svsvc.dll
00:10:14.0026 0x04a0  svsvc - ok
00:10:14.0042 0x04a0  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] swenum          C:\Windows\System32\drivers\swenum.sys
00:10:14.0073 0x04a0  swenum - ok
00:10:14.0104 0x04a0  [ 502F9488540051F3E6C39889ECFA76BB, 22ABD681BE4CF8A1F484C6363C1334B1EF7A6C074D837B0121DE1896887B84C6 ] swprv           C:\Windows\System32\swprv.dll
00:10:14.0214 0x04a0  swprv - ok
00:10:14.0245 0x04a0  [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
00:10:14.0323 0x04a0  SynTP - ok
00:10:14.0370 0x04a0  [ A06CB9269D29EE3D0F3F5630ABB660B8, 519A01FC7D9414B26CCBC23E7FB1CEAF1C91CD173B4F4A4025F8316B7460C584 ] SysMain         C:\Windows\system32\sysmain.dll
00:10:14.0589 0x04a0  SysMain - ok
00:10:14.0636 0x04a0  [ 6FB88606C4A71E1BFAF97D63A676C673, D72F93A482E989ACA50F9647B7AD699A4656AEAACF377BB2B8CEBB094B748852 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
00:10:14.0667 0x04a0  SystemEventsBroker - ok
00:10:14.0698 0x04a0  [ A6C06C45C44AD06C70AF8899AEC15BDC, AC2CCCDBA6B94BA85A6D41B47343193D175786D4ECF71AE9C7766ADD63A1273F ] TabletInputService C:\Windows\System32\TabSvc.dll
00:10:14.0745 0x04a0  TabletInputService - ok
00:10:14.0761 0x04a0  [ 88B7721AB551C4325036B25A34A2BF7B, 2817CC6294542524EC373A674535F913440736BEBE81233CA91D5ECD93620B02 ] TapiSrv         C:\Windows\System32\tapisrv.dll
00:10:14.0792 0x04a0  TapiSrv - ok
00:10:15.0057 0x04a0  [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
00:10:15.0386 0x04a0  Tcpip - ok
00:10:15.0464 0x04a0  [ DD4249F03598043DED6FA540EB14898A, 7015BD1A692F75D54B0F96E5EDC5C4DF41B0C831E85D0F6EF0AFBEFCA2F6DA83 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
00:10:15.0698 0x04a0  TCPIP6 - ok
00:10:15.0714 0x04a0  [ 8F2A13A5DF99D72FDDE87F502A66F989, 2228C62ACDB4CBBFDD2BE705E604E0B9A8AEA7146F65F2D8B9B2A2FB49ACFAE1 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
00:10:15.0792 0x04a0  tcpipreg - ok
00:10:15.0807 0x04a0  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
00:10:15.0839 0x04a0  tdx - ok
00:10:15.0854 0x04a0  [ F7C8AB5D8AFFAA318D6A21093D139BF4, 0A35052EF7DC8615783A23897358D8C579BE694363615C9563FF629E7B719991 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
00:10:15.0886 0x04a0  terminpt - ok
00:10:15.0917 0x04a0  [ 541EE228D0DEF392F7B2DFD885DD021B, 594D6538FA4DB5EF4D130007D7C29051EC2EDCA39EBB119695B58E9CBB0EB728 ] TermService     C:\Windows\System32\termsrv.dll
00:10:15.0995 0x04a0  TermService - ok
00:10:16.0042 0x04a0  [ 519A6F672FFF56B7D8EE8C730CEC8ECD, 2B36F10C0AE16A261DC0887B1050808BA1F0568F3879E4ABC3D370F08C3FADB7 ] Themes          C:\Windows\system32\themeservice.dll
00:10:16.0073 0x04a0  Themes - ok
00:10:16.0104 0x04a0  [ EEE908BE7143FCA48CF0CB87214E2AB8, 4F9BD299F559DD36DBD93489CFAA753F236FBB70946E034D2E2260059AE20962 ] THREADORDER     C:\Windows\system32\mmcss.dll
00:10:16.0120 0x04a0  THREADORDER - ok
00:10:16.0182 0x04a0  [ 4515B9E4140F04FB3907692DF89FCA87, F68EC56524BDA877646E987BE7414C1D622BD9FF05A5AEADCA39030FDC2B0115 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
00:10:16.0245 0x04a0  TimeBroker - ok
00:10:16.0276 0x04a0  [ E94F7A7B48C7638D1F3F8089344C97B7, 276CDE59614D563A52529BCC4BFC726E5F5BE131C9C4142558A644D79328C810 ] TPM             C:\Windows\system32\drivers\tpm.sys
00:10:16.0323 0x04a0  TPM - ok
00:10:16.0339 0x04a0  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA, A6846478B9E7B0A509E5A28C6C7B66ED39F0247F9AFF01E3C3CADC0DBEF3CA00 ] TrkWks          C:\Windows\System32\trkwks.dll
00:10:16.0354 0x04a0  TrkWks - ok
00:10:16.0401 0x04a0  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C, 4C78FE2A4A25A758D5191C4EDB2A6FE691FF82E7C16C0F146DC96DAD87D4F64E ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:10:16.0448 0x04a0  TrustedInstaller - ok
00:10:16.0479 0x04a0  [ 4E7C5FB10A50435523DE0CAA37DE2BD3, D6206DF61950F2541FB754E57C4D9EF9FA0CC1EDD6F6FA4E45F02B47958493F7 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
00:10:16.0511 0x04a0  TsUsbFlt - ok
00:10:16.0526 0x04a0  [ 16D684A820872EE54F6370703AC0B513, 795E20484358424CE9FA766937DD99413025A8AF967D03490392E8E02A382D0B ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
00:10:16.0557 0x04a0  TsUsbGD - ok
00:10:16.0573 0x04a0  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
00:10:16.0589 0x04a0  tunnel - ok
00:10:16.0604 0x04a0  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A, AA7DA2207C0236F47859A4791F9D7301E7ADB50A59D831DC859ECC7CA70D3E1D ] uagp35          C:\Windows\system32\drivers\uagp35.sys
00:10:16.0620 0x04a0  uagp35 - ok
00:10:16.0651 0x04a0  [ 6FD6D03B7752C78712E5CFF29A305026, F09C5188AAFCF4C77B05BA1E604F9912782A9F1371F72F959288EBC2725407ED ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
00:10:16.0682 0x04a0  UASPStor - ok
00:10:16.0729 0x04a0  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
00:10:16.0761 0x04a0  UCX01000 - ok
00:10:16.0792 0x04a0  [ 25C50F4EDF70D0A831E0566BD181CCF2, F2F9E86FB5617C16077D2073EC0AA747F76F1EB5148BA110347A84F3C3569F83 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
00:10:16.0886 0x04a0  udfs - ok
00:10:16.0901 0x04a0  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D, 16DE6E0894C356A58AF12BEC2FE9B188F147DD4B16CB2414DE600CE4127F929D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
00:10:16.0979 0x04a0  UI0Detect - ok
00:10:17.0011 0x04a0  [ 07FEBCDF24FABA0D47B635D85A0FFB7A, 452C04B14681EBCE8B1B25B75A1B7CC978722B7DDE54D624E17841B14ACCF65D ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
00:10:17.0026 0x04a0  uliagpkx - ok
00:10:17.0042 0x04a0  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] umbus           C:\Windows\System32\drivers\umbus.sys
00:10:17.0058 0x04a0  umbus - ok
00:10:17.0089 0x04a0  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09, 30AAD7D18FF5962CEC7180359D148EED5A1BF193DDB2B34508897FC3EBA692C3 ] UmPass          C:\Windows\System32\drivers\umpass.sys
00:10:17.0104 0x04a0  UmPass - ok
00:10:17.0136 0x04a0  [ 43FEFB040A0CC30F795FBF544169594D, F2A730C0F7C883321C378D4564120A40428D7F8E393F02C8D6A08934795A35C7 ] UmRdpService    C:\Windows\System32\umrdp.dll
00:10:17.0183 0x04a0  UmRdpService - ok
00:10:17.0308 0x04a0  [ DBE2E6388379D5CC78099650541E9566, 1914BC929F109A49FB18ED31F239A9813A010B0A3914BC8CD0D6A94A67A072D7 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:10:17.0401 0x04a0  UNS - ok
00:10:17.0433 0x04a0  [ 14D22C411854AA2560AFC94CD2D5E61F, BB376734733671C02319E6DB1800D41212694446FD65465498C92D4ECBFE7458 ] upnphost        C:\Windows\System32\upnphost.dll
00:10:17.0558 0x04a0  upnphost - ok
00:10:17.0589 0x04a0  [ C976C4306F9AE133D6BBD47FDFC3BF92, 820413D92D6A89055A7F26523BF5CC4B668610C4A06E8B0D163FBF929B1DFA9A ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
00:10:17.0620 0x04a0  usbccgp - ok
00:10:17.0651 0x04a0  [ 427B6DB8C05A5A977E8C3525370A2595, C67222CA9123AE12D953995326B3B582C146CEA89594B7209DB0B1F628A0118D ] usbcir          C:\Windows\System32\drivers\usbcir.sys
00:10:17.0729 0x04a0  usbcir - ok
00:10:17.0776 0x04a0  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
00:10:17.0839 0x04a0  usbehci - ok
00:10:17.0901 0x04a0  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] usbhub          C:\Windows\System32\drivers\usbhub.sys
00:10:18.0011 0x04a0  usbhub - ok
00:10:18.0042 0x04a0  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
00:10:18.0136 0x04a0  USBHUB3 - ok
00:10:18.0151 0x04a0  [ 325F6179009B5A7F6118951A5BA422AB, 756CB2893530485E8C3ACFF5A40F4C6EB446E72B2296E8772058E407A5E066DE ] usbohci         C:\Windows\System32\drivers\usbohci.sys
00:10:18.0245 0x04a0  usbohci - ok
00:10:18.0276 0x04a0  [ 9FDBA6982582A6F2354144980F641E7B, 054A65412CB22C5BE970FD3A266E140110D869B614B9F9894628D553CE82C991 ] usbprint        C:\Windows\System32\drivers\usbprint.sys
00:10:18.0323 0x04a0  usbprint - ok
00:10:18.0354 0x04a0  [ AD91D1BBE5D3CF4501887DC1C09384FD, ED9E27CD1D52401087427EC20E389FBE2497193483C2E53E8DE5D70DACF5D928 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
00:10:18.0386 0x04a0  usbscan - ok
00:10:18.0417 0x04a0  [ BFC7FE4AAEB61317A921871B4085EF4B, CBC3FBAEAD6C82A437CC87A97007EF807C64053AB8FA5C3233C2A0CF6FC8D019 ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
00:10:18.0479 0x04a0  USBSTOR - ok
00:10:18.0495 0x04a0  [ 1ABF657259DB57F7E5558E4DF1357C0C, 34EAF5DEA3293CFA96BA81B036305FD90ABAE05B9CB73D4F54FB236448C1978C ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
00:10:18.0526 0x04a0  usbuhci - ok
00:10:18.0573 0x04a0  [ 9EF7C01D3ACCBC243B5CB1A95865B2FF, 367A7640B4992E68EB3E1BBD78D3014742F4CC4056750E389048C653251DAD33 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
00:10:18.0604 0x04a0  usbvideo - ok
00:10:18.0667 0x04a0  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
00:10:18.0729 0x04a0  USBXHCI - ok
00:10:18.0745 0x04a0  [ F702AB6181513303AB0FC8D59E52708B, D46939B9F672269E65C98606A573C849C4AF5A26E4E75D3A8FE56A65B3A6EA08 ] VaultSvc        C:\Windows\system32\lsass.exe
00:10:18.0776 0x04a0  VaultSvc - ok
00:10:18.0792 0x04a0  [ BACECBFF9C97F7627A60B0E0F1FE7EE8, DC82F767D066B93A48A090DC7146EBCCDC54B43C6CD9DF29A160E09E3A531DC8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
00:10:18.0808 0x04a0  vdrvroot - ok
00:10:18.0854 0x04a0  [ 1B4488988E5E7512E6C5CD1255E9E973, B82C26E767A8895CFFD76C11D07D5C945C38E1BD32CC27D20A6C0FA7F6064FC5 ] vds             C:\Windows\System32\vds.exe
00:10:18.0980 0x04a0  vds - ok
00:10:19.0011 0x04a0  [ 74FA2D4368DE6F6CE14393EDF1F342BE, C5CE4164B2C3D583A7FB8687ADEADCDB08D36A5AB1965E5FC6949AEED15881C8 ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
00:10:19.0042 0x04a0  VerifierExt - ok
00:10:19.0073 0x04a0  [ 500BE6B2E49883720D0AE8BB859ED7A3, 4606B02A3E8123510676E554635EB5ECF9DC5F2B83928710C8563787C52CC102 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
00:10:19.0198 0x04a0  vhdmp - ok
00:10:19.0230 0x04a0  [ F5B4A14B00E89250C50982AC762DDD1D, 581CD97DD42E74A82F06BFB827DFC82618B4A8667ACA7E93C628BB0D056CE8F0 ] viaide          C:\Windows\system32\drivers\viaide.sys
00:10:19.0276 0x04a0  viaide - ok
00:10:19.0292 0x04a0  [ 78DB50F7329F6D1311658DABFFFC8BE0, 8CB0C831608033C4BC1D2DA7FAA7D429333A3654E76A989F7AF85BFC5F086BE9 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
00:10:19.0339 0x04a0  vmbus - ok
00:10:19.0355 0x04a0  [ ECFEE2F2BA3932C7880D1A8F67D68F91, 57DCD55A518A9FBDEF72B511C643B1062C3F7BD339F4B0FC19E9D84C615B968D ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
00:10:19.0401 0x04a0  VMBusHID - ok
00:10:19.0464 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
00:10:19.0542 0x04a0  vmicheartbeat - ok
00:10:19.0558 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmickvpexchange C:\Windows\System32\ICSvc.dll
00:10:19.0573 0x04a0  vmickvpexchange - ok
00:10:19.0589 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicrdv         C:\Windows\System32\ICSvc.dll
00:10:19.0620 0x04a0  vmicrdv - ok
00:10:19.0620 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicshutdown    C:\Windows\System32\ICSvc.dll
00:10:19.0651 0x04a0  vmicshutdown - ok
00:10:19.0651 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmictimesync    C:\Windows\System32\ICSvc.dll
00:10:19.0683 0x04a0  vmictimesync - ok
00:10:19.0698 0x04a0  [ B8FF4248103E6EA47B9D85C55673ABA3, 4337FA0F0FB5C45BFC42FF17DFAA5DCA394C74BA8283851504AD79F47B69CB0D ] vmicvss         C:\Windows\System32\ICSvc.dll
00:10:19.0730 0x04a0  vmicvss - ok
00:10:19.0761 0x04a0  [ CB60FAAED8B49B812EBBF77EB87D9B18, ADA7C68D4C4981555ED48981E8B7ACBEEF5C39F902EB98782FC3DFF495FE0C33 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
00:10:19.0792 0x04a0  volmgr - ok
00:10:19.0792 0x04a0  [ A74101DA9809251BCD0E5A26BAE0F824, 15A3A7CC31A13C5882812C344D0937A8A4503D12DB07B9F7F2A8191B739CDBF7 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
00:10:19.0855 0x04a0  volmgrx - ok
00:10:19.0886 0x04a0  [ 78A5BBA3819FFFC62FFEC3E2220D102D, A95797B97D576374C2CDA8A09E6C51A89BADE428AAA89D5093579C85062E5874 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
00:10:19.0964 0x04a0  volsnap - ok
00:10:19.0995 0x04a0  [ A8DA1C1B52ECEA3726DEBED4FF1B700D, 75C024EC3858DF24FB82FE105BDD1E37900D53EFE9D72F42CDDFFD0742525586 ] vpci            C:\Windows\System32\drivers\vpci.sys
00:10:20.0042 0x04a0  vpci - ok
00:10:20.0058 0x04a0  [ 38A60CD9C009C55C6D3B5586F8E6A353, 7F7E2AE39F1A0A5245650911E310E0948BC22A18262A16FA76B44A042D66312D ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
00:10:20.0089 0x04a0  vsmraid - ok
00:10:20.0261 0x04a0  [ D0C69E44BC1E1D4AD290FD84104623D8, 4C86760EA4BD2A64FFD42D89284EC3E5048CB2F0F6F3B80D017B41C0D2456A90 ] VSS             C:\Windows\system32\vssvc.exe
00:10:20.0417 0x04a0  VSS - ok
00:10:20.0448 0x04a0  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC, AC2F3C70EDCA0AFBB2606267DFE6D3E8E7B0772140153BAD6B0A9EDE6A1D2F29 ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
00:10:20.0542 0x04a0  VSTXRAID - ok
00:10:20.0558 0x04a0  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
00:10:20.0589 0x04a0  vwifibus - ok
00:10:20.0605 0x04a0  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
00:10:20.0651 0x04a0  vwififlt - ok
00:10:20.0667 0x04a0  [ 73FA1A41A97A5C34ADC03B3577FF1A86, CBA4BC0DA837C163587BBB4BF2AC1549C72440307C984D3CDF8995023718136C ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
00:10:20.0683 0x04a0  vwifimp - ok
00:10:20.0730 0x04a0  [ F690B6EEAA94576727B24376D7ED3601, A61EE96024C8FC4058481DFB1E7F0AD746565368672FA3B6BA8F9E23D0F47E4C ] W32Time         C:\Windows\system32\w32time.dll
00:10:20.0808 0x04a0  W32Time - ok
00:10:20.0839 0x04a0  [ 6B806E893714019969E2B50D7EF6A4D9, 38FE2B01082DC4C2A0C11A292016A727F48C3DF1293DC3A0216B2254A452263F ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
00:10:20.0901 0x04a0  WacomPen - ok
00:10:20.0933 0x04a0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
00:10:20.0964 0x04a0  Wanarp - ok
00:10:20.0964 0x04a0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
00:10:20.0995 0x04a0  Wanarpv6 - ok
00:10:21.0105 0x04a0  [ 901CC968412F8155B08D7ABE0171166A, D05A8E3D4D159546394E902C618D0583FE497B51C8F1C86D8E3B9E046819DD53 ] WAS             C:\Windows\system32\inetsrv\iisw3adm.dll
00:10:21.0198 0x04a0  WAS - ok
00:10:21.0292 0x04a0  [ 42DF22F8C448E7CD219F6D63743505E2, 063F4280C7BD20CE1360436B76A17DFE17FF611F75337A47373D098CC6C263BF ] wbengine        C:\Windows\system32\wbengine.exe
00:10:21.0448 0x04a0  wbengine - ok
00:10:21.0480 0x04a0  [ 31D37B2F6069C631EF0557D322924812, 6E18A1060F3C8F4BF220E286C44327866A8F9109E74928AA2D8C2DA9C452038B ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
00:10:21.0542 0x04a0  WbioSrvc - ok
00:10:21.0573 0x04a0  [ AF1349386D4C6786EF4E34FACEF15042, 6B33778409BC54C1955B92508ADDEBAFD629141961B71C94A91DC4CFE8391A13 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
00:10:21.0636 0x04a0  Wcmsvc - ok
00:10:21.0667 0x04a0  [ 5B5FEAB51172F5513C2CF7B39CFA6A01, 4FDAC5168E00D44781C6F5D98ECD4977A12663C5CE6FFDFF9DBC89A28D6212D8 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
00:10:21.0745 0x04a0  wcncsvc - ok
00:10:21.0761 0x04a0  [ E19556D414332E2BEBA1F368229006B4, AB3454EC85D7B6E62D44C4510C1547AE7F736558588E54B0E265F7B3A5810E15 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:10:21.0792 0x04a0  WcsPlugInService - ok
00:10:21.0823 0x04a0  [ B3A4D918DAB90505B6BC7B70632913CB, ECC19DCD7902C29D0682C70B9546CF8B82477A32147EE30EB6750D8499605B46 ] Wd              C:\Windows\system32\drivers\wd.sys
00:10:21.0839 0x04a0  Wd - ok
00:10:21.0870 0x04a0  [ 07D19A55CD27B330534D2DDEA60D5FC6, 9C9441EA6943481838F61FD929F88FE25DC60BB8513A2C01CB4712918A883E3F ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
00:10:21.0886 0x04a0  WdBoot - ok
00:10:21.0948 0x04a0  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
00:10:22.0073 0x04a0  Wdf01000 - ok
00:10:22.0120 0x04a0  [ CEBD9CDAADA11FAECCA82E4C06BCDD8E, 6D6E4BF0EB97004F9C07327923C9BD2B451FDDA567FAF39556595302EE5A1A54 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
00:10:22.0167 0x04a0  WdFilter - ok
00:10:22.0198 0x04a0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiServiceHost  C:\Windows\system32\wdi.dll
00:10:22.0245 0x04a0  WdiServiceHost - ok
00:10:22.0245 0x04a0  [ 240FC332484572227CD1DF82407F33E5, 5210549EC519DD3BCA6BBC995F01E1E3E0988580797E4BD1433F429E0CB30412 ] WdiSystemHost   C:\Windows\system32\wdi.dll
00:10:22.0277 0x04a0  WdiSystemHost - ok
00:10:22.0323 0x04a0  [ 9B1384CE8E681D2D77BB3524B8E86311, BDEF9D0A79A7C26A88088A306F91632F300E587736CDD2C64717EC54DD6E89FF ] WebClient       C:\Windows\System32\webclnt.dll
00:10:22.0370 0x04a0  WebClient - ok
00:10:22.0402 0x04a0  [ 35FD720943D4FCD75C3275BF062FF140, 9D8345E6DE1AE23F93AD0B52D27D1CCFD69EF7EE50654F92CA999BEC4570A773 ] Wecsvc          C:\Windows\system32\wecsvc.dll
00:10:22.0448 0x04a0  Wecsvc - ok
00:10:22.0480 0x04a0  [ 4D2612E3C462B68F499D840B1133263E, 4DDAEB4480AEC31A8184838588E0D3DFA31CE6D2FA6E906926860C75F52DC7B7 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
00:10:22.0542 0x04a0  wercplsupport - ok
00:10:22.0589 0x04a0  [ 5F70EBFC1F75B487DE79501E3CCBDB54, 2FCA57BF60A43B03BB42FBF22BBFC19AD2266FBBD818494AD114125E6E433321 ] WerSvc          C:\Windows\System32\WerSvc.dll
00:10:22.0636 0x04a0  WerSvc - ok
00:10:22.0683 0x04a0  [ 44BB9C31E6242C4BD1CE7C2B440C2533, E603BB001028918B687818E930340008C752679B133037367A8A8E41DA559FFE ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
00:10:22.0730 0x04a0  WFPLWFS - ok
00:10:22.0745 0x04a0  [ 60E0C220593DA4F7C289CB909D2DBAE0, 057CA7727F748600CC155043081AB9E3244763CF4913F317D13226A515F6FDB6 ] WiaRpc          C:\Windows\System32\wiarpc.dll
00:10:22.0777 0x04a0  WiaRpc - ok
00:10:22.0792 0x04a0  [ A3C7624A42A3447EF5EDD1ED37FE4E60, BD8BDF0A571873FA8277878AF7AED11196CFF1B4DF1EA6BA13BD4887D7B63B94 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
00:10:22.0823 0x04a0  WIMMount - ok
00:10:22.0839 0x04a0  WinDefend - ok
00:10:22.0964 0x04a0  [ 7911470B6018059A880469A63B65700A, 4B6131491A028FBCA54AC261112D183EFD42E98160545C8E8DFBDA01C87B3FB5 ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
00:10:23.0120 0x04a0  WinHttpAutoProxySvc - ok
00:10:23.0167 0x04a0  [ 3D6B518B71C75C8FA4115A33615C107A, ED7A266013D29D3B1A462464735C3632BEA121D1B32553907AEAA0B00595C3DF ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
00:10:23.0245 0x04a0  Winmgmt - ok
00:10:23.0480 0x04a0  [ 8E212A627F33F6FC3B5F3BB47212F66E, 9BBFE26ABFA14F346FE3711D13D959523EEA23608A33C16F3D750D66CA511911 ] WinRM           C:\Windows\system32\WsmSvc.dll
00:10:23.0761 0x04a0  WinRM - ok
00:10:23.0777 0x04a0  [ BB20956C424531003F7FA6CD36F11D5D, 2C55F1C7553A527A7C4C34E730BE943269AE23928731C64D3DC945E07AE1771E ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
00:10:23.0823 0x04a0  WinUsb - ok
00:10:23.0870 0x04a0  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] WirelessButtonDriver C:\Windows\System32\drivers\WirelessButtonDriver64.sys
00:10:23.0902 0x04a0  WirelessButtonDriver - ok
00:10:23.0995 0x04a0  [ 6351724B8FA0255C2DBD970297F00B93, A02F274479F9F32E30C75A5BD991B008B3CCB47D380D5870563EF918DAC5730E ] WlanSvc         C:\Windows\System32\wlansvc.dll
00:10:24.0074 0x04a0  WlanSvc - ok
00:10:24.0152 0x04a0  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B, B76226808406D8B38DE2D3A8CCE633BB507022C8BAAA6C3DAD34204CC6CE1284 ] wlidsvc         C:\Windows\system32\wlidsvc.dll
00:10:24.0339 0x04a0  wlidsvc - ok
00:10:24.0370 0x04a0  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
00:10:24.0402 0x04a0  WmiAcpi - ok
00:10:24.0449 0x04a0  [ D113499052C5E541906B727779F0F959, 05FB51086C0A0CE3812A7E6098C5A454ECCFE8553669CFA715153564F2226DB0 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
00:10:24.0495 0x04a0  wmiApSrv - ok

Link to post
Share on other sites

10:24.0527 0x04a0  WMPNetworkSvc - ok
00:10:24.0542 0x04a0  [ C6FF953D5D6F2EAE3B8883474D5076B3, 001CBB7FBC30209C892869258E5ABD3F0932886E156ECB10DCA599F6D32648BE ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
00:10:24.0574 0x04a0  wpcfltr - ok
00:10:24.0605 0x04a0  [ A6ED163169876BFD2437E872FE2F1509, C13E8676800EEEF690F51C4DEA660B36C8734AE2CCAAC48054E10D74B98949B8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
00:10:24.0652 0x04a0  WPCSvc - ok
00:10:24.0683 0x04a0  [ 3013658A4D327854BEEC4A08D9655194, C4CF5AA6A47CC55E7037B0BFE20AE0A6442ADDC5DEB89D6861C98C61851FA821 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
00:10:24.0714 0x04a0  WPDBusEnum - ok
00:10:24.0730 0x04a0  [ 0346CAFC181C91C6E2330332EB332ED6, D46F44C339399CAAE13CD71C53A169E95065208E07E5420DE00A4509D6CB056F ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
00:10:24.0777 0x04a0  WpdUpFltr - ok
00:10:24.0808 0x04a0  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
00:10:24.0902 0x04a0  ws2ifsl - ok
00:10:24.0933 0x04a0  [ 012CFE7F0F95266F554EE3B91EE2128A, 866312F6BF7369BE686F1BA9F01311C99E95E268C6E63BE37C841F54F5AA0DB8 ] wscsvc          C:\Windows\system32\wscsvc.dll
00:10:24.0980 0x04a0  wscsvc - ok
00:10:25.0011 0x04a0  [ 74EFDA0526862C3D8D01A776182798EA, 7C9AD6118CB344C63B60A8BA5FA8C85ADED30933821ABD1427857E826EFC2952 ] WSDPrintDevice  C:\Windows\System32\drivers\WSDPrint.sys
00:10:25.0074 0x04a0  WSDPrintDevice - ok
00:10:25.0089 0x04a0  [ FA07DF46070F0826139709EF4D31FB71, 8F46A55D5C4336536E7974C9CEAFED55E7E9E9BF133D2AD0F6A55174F70B2F03 ] WSDScan         C:\Windows\System32\drivers\WSDScan.sys
00:10:25.0136 0x04a0  WSDScan - ok
00:10:25.0152 0x04a0  WSearch - ok
00:10:25.0292 0x04a0  [ D4D04839F3DFAF09D94BAB1016F7A297, 944A41D251F522EE87189C1D01CF7EEE2C70BF4353BA4005C44F03DB485F843F ] WSService       C:\Windows\System32\WSService.dll
00:10:25.0449 0x04a0  WSService - ok
00:10:25.0839 0x04a0  [ 311E5E1976E0BD9110A88B93158055D5, F1AA738D6AD74C33785EEFE1FBE8A869AAB62417B7D079389293AB1209A849C1 ] wuauserv        C:\Windows\system32\wuaueng.dll
00:10:26.0214 0x04a0  wuauserv - ok
00:10:26.0246 0x04a0  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
00:10:26.0277 0x04a0  WudfPf - ok
00:10:26.0308 0x04a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
00:10:26.0355 0x04a0  WUDFRd - ok
00:10:26.0355 0x04a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFSensorLP    C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:26.0386 0x04a0  WUDFSensorLP - ok
00:10:26.0417 0x04a0  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
00:10:26.0464 0x04a0  wudfsvc - ok
00:10:26.0496 0x04a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:26.0527 0x04a0  WUDFWpdFs - ok
00:10:26.0542 0x04a0  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:26.0589 0x04a0  WUDFWpdMtp - ok
00:10:26.0652 0x04a0  [ 6D9E07436B6646EC8F7EFFD39B6BA288, 82C1CEA93ECEF17D221AD0F87C5BD96F3FD8143841C16BD9608BD4D58D90B8E0 ] WwanSvc         C:\Windows\System32\wwansvc.dll
00:10:26.0730 0x04a0  WwanSvc - ok
00:10:26.0746 0x04a0  ================ Scan global ===============================
00:10:26.0792 0x04a0  [ DDC1AFBF9DDF880CE9BD3896114D8DED, E2406231EA4D2689A5EDFA9BD1A1BC064359D8D23B37F113A18B5EAE3E2D4050 ] C:\Windows\system32\basesrv.dll
00:10:26.0839 0x04a0  [ E9343076AE704D20BB0D01F3AF3EFFEF, FF2CE4146945976F9480690505CECD3C7C719BAF0F633E6192C8272C75EF295D ] C:\Windows\system32\winsrv.dll
00:10:26.0886 0x04a0  [ BD7C6949984D19AAA609896B675E7357, 5B46538B27BC70F5A3805AA63F6AACDC780C7168468FB535F2D35CF26B9DEE06 ] C:\Windows\system32\sxssrv.dll
00:10:26.0980 0x04a0  [ 8F226143046435C75C033B0C52E90FFE, 54FA316485B57D7B8104FE621F5F40DEC35E3D57C3DF46B5F7EACF57445FE7CA ] C:\Windows\system32\services.exe
00:10:26.0996 0x04a0  [ Global ] - ok
00:10:26.0996 0x04a0  ================ Scan MBR ==================================
00:10:26.0996 0x04a0  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
00:10:28.0277 0x04a0  \Device\Harddisk0\DR0 - ok
00:10:28.0277 0x04a0  ================ Scan VBR ==================================
00:10:28.0292 0x04a0  [ E107C461E61970F7F80FE2FAB9D2776F ] \Device\Harddisk0\DR0\Partition1
00:10:28.0386 0x04a0  \Device\Harddisk0\DR0\Partition1 - ok
00:10:28.0417 0x04a0  [ F41DBC41C27B567FF305116D233588FC ] \Device\Harddisk0\DR0\Partition2
00:10:28.0480 0x04a0  \Device\Harddisk0\DR0\Partition2 - ok
00:10:28.0511 0x04a0  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition3
00:10:28.0511 0x04a0  \Device\Harddisk0\DR0\Partition3 - ok
00:10:28.0543 0x04a0  [ 64355BED7BAC0428493FF34BFD82477E ] \Device\Harddisk0\DR0\Partition4
00:10:28.0668 0x04a0  \Device\Harddisk0\DR0\Partition4 - ok
00:10:28.0714 0x04a0  [ 083DF7149AB6B929054E39D0EF5862AB ] \Device\Harddisk0\DR0\Partition5
00:10:28.0808 0x04a0  \Device\Harddisk0\DR0\Partition5 - ok
00:10:28.0808 0x04a0  ================ Scan active images ========================
00:10:28.0824 0x04a0  [ 07C872F13ACC81A5F10DEC6CF37BF9A8, F017F30879F4231C13A5E3DBE8072BA7D0C84F6596667E5335C155A1C5B628DD ] C:\Windows\System32\Drivers\crashdmp.sys
00:10:28.0824 0x04a0  C:\Windows\System32\Drivers\crashdmp.sys - ok
00:10:28.0824 0x04a0  [ AAF40EB125BED7271F05289873EC4EDB, 4FD912F0BEFD5A16270686BF56BDD8F12A9CAB5E3636E2A3860815B1CA6DD8B3 ] C:\Windows\System32\Drivers\Diskdump.sys
00:10:28.0824 0x04a0  C:\Windows\System32\Drivers\Diskdump.sys - ok
00:10:28.0824 0x04a0  [ 050F2539E14F9D5E90A4B61738EC29BD, 0E65468B9F452FA7DB6DF2C1B2B2E9439C79031E27054FBDBDFE28A9F98721D7 ] C:\Windows\System32\Drivers\iaStorA.sys
00:10:28.0824 0x04a0  C:\Windows\System32\Drivers\iaStorA.sys - ok
00:10:28.0839 0x04a0  [ CB9EAD11F3312C77CE9B7F29B59C3A39, E71B768CD85068A5D22697BC1670EBE70885740AC347F52E604CFA8C481995D0 ] C:\Windows\System32\Drivers\dumpfve.sys
00:10:28.0839 0x04a0  C:\Windows\System32\Drivers\dumpfve.sys - ok
00:10:28.0839 0x04a0  [ 339BFF85D788268752DA8C9644B188EE, C2279F1A39AED39865A5027D2FD087F8E82F3ED8C94BA4D922855B98E792AFC5 ] C:\Windows\System32\Drivers\cdrom.sys
00:10:28.0839 0x04a0  C:\Windows\System32\Drivers\cdrom.sys - ok
00:10:28.0839 0x04a0  [ E36D2CEC679CEDC1A298C36BCDAF8E23, B6F01940963C89B70732D89E59F3020D2EE60246CC0CB1B73CC4C13288B634C3 ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys
00:10:28.0839 0x04a0  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys - ok
00:10:28.0855 0x04a0  [ 000D82CC258E2D341605A6F350C4D1E6, 59EC5BA95D8B9EC739BC7D0BBE0E244CA2AE2DF01A8B65BFF7741DFBE38C2940 ] C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys
00:10:28.0855 0x04a0  C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys - ok
00:10:28.0855 0x04a0  [ 5EC68164E14D25675C98BBB5F09E8606, 1D7EDB21C87039FC5F39F46460AD852BC4EC6B179B1C205D189DD3C397343435 ] C:\Windows\System32\Drivers\BasicRender.sys
00:10:28.0855 0x04a0  C:\Windows\System32\Drivers\BasicRender.sys - ok
00:10:28.0855 0x04a0  [ 9E7AEA59776D904607985AFFE7E5E183, C3DB745A9F4DA7CB9628A7913DD52B2444B14FEB9D588FF6558CF52CEB8955EB ] C:\Windows\System32\Drivers\beep.sys
00:10:28.0855 0x04a0  C:\Windows\System32\Drivers\beep.sys - ok
00:10:28.0855 0x04a0  [ 4163ADE07DB51843AE31F65B94F5398D, 4349E7EF1EE1E71E1F436BA42F5B58871D82B987D513BA2D6E1CEB8A21BD1B20 ] C:\Windows\System32\Drivers\null.sys
00:10:28.0855 0x04a0  C:\Windows\System32\Drivers\null.sys - ok
00:10:28.0855 0x04a0  [ E6AF4DF1817953D73C519B17CF849756, 26A90EB368A3F572086F223ABED87B8FC6F998AE401C9E52BEB5EE76AB052702 ] C:\Windows\System32\Drivers\dxgkrnl.sys
00:10:28.0855 0x04a0  C:\Windows\System32\Drivers\dxgkrnl.sys - ok
00:10:28.0871 0x04a0  [ B9FF5E13079ADB858ED5C0B1E4CAB225, 56D58A7622618B53E8384AD4A2D62370E0E4368E35BFAD344B2C37FF9ACAE9EE ] C:\Windows\System32\Drivers\watchdog.sys
00:10:28.0871 0x04a0  C:\Windows\System32\Drivers\watchdog.sys - ok
00:10:28.0871 0x04a0  [ 28619B6E5A37F71AE1145643949CFA60, 3F987B3932733067D8752C3E204718CC17199EDCE2D0AB792B5AEF23F8A44131 ] C:\Windows\System32\Drivers\dxgmms1.sys
00:10:28.0871 0x04a0  C:\Windows\System32\Drivers\dxgmms1.sys - ok
00:10:28.0871 0x04a0  [ 81703BC5D68DEDBB086C2368FBE7B334, CFD4A55C8045C482F8D410514F3211AEFA00097AB395F5A04BFE983ED6254F6B ] C:\Windows\System32\Drivers\BasicDisplay.sys
00:10:28.0871 0x04a0  C:\Windows\System32\Drivers\BasicDisplay.sys - ok
00:10:28.0871 0x04a0  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2, ECCA22985838A914EDC866C491DEB64B9FF5110EFA9BEE541F634AC5EC3081F9 ] C:\Windows\System32\Drivers\msfs.sys
00:10:28.0871 0x04a0  C:\Windows\System32\Drivers\msfs.sys - ok
00:10:28.0871 0x04a0  [ 17E19A742FB30C002F8B43575451DBE1, 59D226A4A5B5281C399BE96C694915E38EEAF335D31F346B0C65D8F469D7C9C3 ] C:\Windows\System32\Drivers\npfs.sys
00:10:28.0871 0x04a0  C:\Windows\System32\Drivers\npfs.sys - ok
00:10:28.0886 0x04a0  [ 749AFA28C01233E93F59BD31B2B088B1, 38D4E4DAFE79F28F67CAED64243689CCD9C9D79E4E9B8D76F6F0C8D36EFA13C7 ] C:\Windows\System32\Drivers\tdi.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\tdi.sys - ok
00:10:28.0886 0x04a0  [ 73DC722CE5DF26D7638CE2446F2655C7, 9B8E6F6DEA5E0C2AEAC24A31897D2E73F86EF44F1C25FEF82D2C860353793817 ] C:\Windows\System32\Drivers\tdx.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\tdx.sys - ok
00:10:28.0886 0x04a0  [ BC8B5CB336E63BB25EAD1CE8EDD34B81, A42759956EDCCC6D0688240AA4F833FB9CA132D42D2D901CDCBB24DCE1788C1D ] C:\Windows\System32\Drivers\ws2ifsl.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\ws2ifsl.sys - ok
00:10:28.0886 0x04a0  [ 7CEC25C682D319D484630B3952C31A11, 025C46B367E0570E9E3F9DF1564C3E47B1524E9E9A180BBDF0E9C684838F5E42 ] C:\Windows\System32\Drivers\netbt.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\netbt.sys - ok
00:10:28.0886 0x04a0  [ 7C0E0EDF18D6CC565D7BFBB451709FA5, 47C21CD9D87B5C1B5EB14F6166B5E3349B1A6F10501E63CCED8D52A9FE22765D ] C:\Windows\System32\Drivers\afd.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\afd.sys - ok
00:10:28.0886 0x04a0  [ EB8034147D4820CD31BFCB11A2A652DF, B10B5E16B7A05D2DB2D5D1945B6146DE15EEDE2C778772A59F104706B5145E46 ] C:\Windows\System32\Drivers\pacer.sys
00:10:28.0886 0x04a0  C:\Windows\System32\Drivers\pacer.sys - ok
00:10:28.0902 0x04a0  [ 7C203A76394F9AE68F69EEE5F9612C4A, 2222654915913BDC9367A2075714906A10CF22C047A7494CD59CB71834ED1B62 ] C:\Windows\System32\Drivers\netbios.sys
00:10:28.0902 0x04a0  C:\Windows\System32\Drivers\netbios.sys - ok
00:10:28.0902 0x04a0  [ 095E943D27025E4D588AF0A72CC2318F, 3CE406A202F93EF8C4BC7317621A672670D734C69166393CA7256D5E5E667041 ] C:\Windows\System32\Drivers\vwififlt.sys
00:10:28.0902 0x04a0  C:\Windows\System32\Drivers\vwififlt.sys - ok
00:10:28.0902 0x04a0  [ CA03D642ACE58E1BA54E4B383F91CD69, 39BB942603801CF11FBEA28E24F8C8D1EF2AF615D1FABF951683A015D6A6EF37 ] C:\Windows\System32\Drivers\rdbss.sys
00:10:28.0902 0x04a0  C:\Windows\System32\Drivers\rdbss.sys - ok
00:10:28.0902 0x04a0  [ 61F6972FF9AC9A8D0B4D62076DC30051, 5A028036461534CA53CB2D6C1D720783D408A9F17FD77AB1ECDD75FBAD9F2381 ] C:\Windows\System32\Drivers\wanarp.sys
00:10:28.0902 0x04a0  C:\Windows\System32\Drivers\wanarp.sys - ok
00:10:28.0902 0x04a0  [ EBA3D20E285D7461C2177AD2E64DA7EF, C24D0CBB030F632325C77CAD2982BB9E1B2A259FEA6EAF261F988547CFBBA2EC ] C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys
00:10:28.0902 0x04a0  C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys - ok
00:10:28.0902 0x04a0  [ B5AECF12F09DEE97C9FCAA5BA016CE1E, F5305C4CE6C93A3A3481BD13BE0C23FE26571E11029ACFFE75FB78913681FCFC ] C:\Windows\System32\Drivers\mssmbios.sys
00:10:28.0902 0x04a0  C:\Windows\System32\Drivers\mssmbios.sys - ok
00:10:28.0918 0x04a0  [ 8ED299C30792544264E558BEA79F0947, 8A03FDA9AADB79ECBCBCDC988B7D8CF0672689C9DF673A2ECFE0D2D88A9C6A6B ] C:\Windows\System32\Drivers\npsvctrig.sys
00:10:28.0918 0x04a0  C:\Windows\System32\Drivers\npsvctrig.sys - ok
00:10:28.0918 0x04a0  [ 689B3B1E95C70ABF7AFF29F9406EF1E0, 8B62D8AE53E1B3218158FADC0075682AB06D18998CF5DE82C920A9CD91C0652F ] C:\Windows\System32\Drivers\nsiproxy.sys
00:10:28.0918 0x04a0  C:\Windows\System32\Drivers\nsiproxy.sys - ok
00:10:28.0918 0x04a0  [ 339E52896B03045FC2A738F9997FA38D, A5EDCF14BBA63DC1F855E799E671AD210734A462D41154B44551D525272DB502 ] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys
00:10:28.0918 0x04a0  C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\Anti-Virus\minifilter\fsvista.sys - ok
00:10:28.0918 0x04a0  [ A71D66253EC610626AE80C7DBC0EC15E, 892C2661818B8D2ECFC6CBFD977B0DDD05D55EB9A2C73E07B745AEB448B9EC12 ] C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys
00:10:28.0918 0x04a0  C:\Program Files (x86)\TalkTalk\Security\apps\ComputerSecurity\HIPS\drivers\fshs.sys - ok
00:10:28.0918 0x04a0  [ 09D9EB9E7898F8E6561473A20CC808B9, 0F511593D36084843E5138AF6D55FE08D77803968AE12A236A02368DB364347E ] C:\Windows\System32\Drivers\dfsc.sys
00:10:28.0918 0x04a0  C:\Windows\System32\Drivers\dfsc.sys - ok
00:10:28.0933 0x04a0  [ 3C736FAE17BA6F91BA37594AAB139CD0, 34304A194105B19E7ADD80108DC85C3B7AA9E942C84A7EF93C475CE1D9AE4615 ] C:\Windows\System32\Drivers\discache.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\discache.sys - ok
00:10:28.0933 0x04a0  [ FAEF4C245BE832DB41B15DAAC336AFB7, 1F8C98AB0DF4327FCB01FE0356025488E19B48A45FFFA50576B49A8587FAC42B ] C:\Windows\System32\Drivers\dam.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\dam.sys - ok
00:10:28.0933 0x04a0  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7, D902AE15194A9F8A2198914FC76184FE7E2B589747275952A04A52853128FDB8 ] C:\Windows\System32\Drivers\ndistapi.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\ndistapi.sys - ok
00:10:28.0933 0x04a0  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8, D51FEF198F74FDF583826E259E4736F51CD49908194104677889FD135EEC2EBC ] C:\Windows\System32\Drivers\ndiswan.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\ndiswan.sys - ok
00:10:28.0933 0x04a0  [ 69B93F623B130976243ECA3D84CC99CA, F27617E651EADFAEE479619AAB01CDAA98111BA63E204D5C44A1256732CB0100 ] C:\Windows\System32\Drivers\agilevpn.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\agilevpn.sys - ok
00:10:28.0933 0x04a0  [ 0E5B1E9E7122EDAAF1F6CE047965CA92, 803E585B92D1E2E5B6BF67BE511E88DC2629A12407C3E30F7AEFB544D390A9B8 ] C:\Windows\System32\Drivers\CompositeBus.sys
00:10:28.0933 0x04a0  C:\Windows\System32\Drivers\CompositeBus.sys - ok
00:10:28.0949 0x04a0  [ A7F24D8CD1956B0A1FDCB86CC5114DE4, 30489D235362DF62B105378597168B13F4BAC74A8EDDBDA25237E3C017B69FEE ] C:\Windows\System32\Drivers\rassstp.sys
00:10:28.0949 0x04a0  C:\Windows\System32\Drivers\rassstp.sys - ok
00:10:28.0949 0x04a0  [ 78C9EE193AC2B4CBDBC48B620314D740, 41523E47D321BFF5778F5E453545B928C0A469C3BBA51578E74D6721D7DF9273 ] C:\Windows\System32\Drivers\tunnel.sys
00:10:28.0949 0x04a0  C:\Windows\System32\Drivers\tunnel.sys - ok
00:10:28.0949 0x04a0  [ 08F850FEBDBDE7C89017B6B0CA0D1CD2, 04B671CF2F269A12B996633E83B397F2924EBBAC425919D74E2BBC3013A238B5 ] C:\Windows\System32\smss.exe
00:10:28.0949 0x04a0  C:\Windows\System32\smss.exe - ok
00:10:28.0949 0x04a0  [ FB6C185092E18011EF49989425C2AA87, 043524409E0A764201DD221C48B7DEEA0D161945EB37D4B88313BAB2299949DF ] C:\Windows\System32\Drivers\kdnic.sys
00:10:28.0949 0x04a0  C:\Windows\System32\Drivers\kdnic.sys - ok
00:10:28.0949 0x04a0  [ 02CEB3FE6152668A7BA420B93B664860, 613F27540FD1EFE2442E326F507DACD5A25691C8481937022B7E1104F3E6E9E2 ] C:\Windows\System32\Drivers\umbus.sys
00:10:28.0949 0x04a0  C:\Windows\System32\Drivers\umbus.sys - ok
00:10:28.0949 0x04a0  [ A05BA2FE3B3FFE1920F383E3E321D9A2, 4AF9852622346852FC078501D49C84702D3285A059FA16F61A548A2978851ED3 ] C:\Windows\System32\ntdll.dll
00:10:28.0949 0x04a0  C:\Windows\System32\ntdll.dll - ok
00:10:28.0964 0x04a0  [ E47235E8DF26CA48DA189ACFD756329C, C1E8D7B2C9C434376359172B10D5162A54E937DA359FB41E76F84C68DEDE9473 ] C:\Windows\System32\autochk.exe
00:10:28.0964 0x04a0  C:\Windows\System32\autochk.exe - ok
00:10:28.0964 0x04a0  [ 04F5D7396FE6414150FEEDB60FDAC670, 502871E61CE2B5A84FF9A58E33348C9CDDF5CD68E27582C3F8332C6619E2AE03 ] C:\Windows\System32\Drivers\battc.sys
00:10:28.0964 0x04a0  C:\Windows\System32\Drivers\battc.sys - ok
00:10:28.0964 0x04a0  [ 2DC8538A2260647484A6C921CA837313, 094059DD66B0C50A1CAE288F920107B0B6AD1AA5758284E35B92C131EDEA30EA ] C:\Windows\System32\Drivers\CmBatt.sys
00:10:28.0964 0x04a0  C:\Windows\System32\Drivers\CmBatt.sys - ok
00:10:28.0964 0x04a0  [ 11A31FC2481BFE69B0507ED8C80215F4, 8A1E90611F749E8F04B6D86E835E981CAC16D0841305CADB19E58682DA006698 ] C:\Windows\System32\Drivers\igdkmd64.sys
00:10:28.0964 0x04a0  C:\Windows\System32\Drivers\igdkmd64.sys - ok
00:10:28.0964 0x04a0  [ 60996602A7111FD2D086E803F33E4282, E62A91C90F8542990BEA4E6A5D9DD3D070F4EB23B4C13414C5DA2B0219509749 ] C:\Windows\System32\Drivers\fastfat.sys
00:10:28.0964 0x04a0  C:\Windows\System32\Drivers\fastfat.sys - ok
00:10:28.0964 0x04a0  [ 061BA3EE0D2BE17944990544008CF190, C9236D368EC2281B545E8C008BC2801F21A9716ED3D4DAEDB0751A5008346E81 ] C:\Windows\System32\Drivers\UCX01000.SYS
00:10:28.0964 0x04a0  C:\Windows\System32\Drivers\UCX01000.SYS - ok
00:10:28.0980 0x04a0  [ 8DC398D7B8E02C929A2096E74A170970, 87B3CE84D05F50C33935B28F0AFF1CB15DAA4530768BA1FB25C311609CD4B0A5 ] C:\Windows\System32\Drivers\USBXHCI.SYS
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\USBXHCI.SYS - ok
00:10:28.0980 0x04a0  [ 772A1DEEDFDBC244183B5C805D1B7D85, 7D821B8DF1F174E5414FFDEAB5207DB687740E9842F7203600AEBA086945AFC9 ] C:\Windows\System32\Drivers\HECIx64.sys
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\HECIx64.sys - ok
00:10:28.0980 0x04a0  [ B24FDEB1B18496F1B463782235AA3AF1, 3F5036F36987C8007D03DAFC3EC30615515BE96D9A1DF879BCD4EB0E66CD50B1 ] C:\Windows\System32\Drivers\usbehci.sys
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\usbehci.sys - ok
00:10:28.0980 0x04a0  [ 7CB7E04259F323D051A10515B8863564, 30A506AAAE4999C2C171C3FB3DCE46EF9CAB4B94A59B3EB70AB650EE7A1028D2 ] C:\Windows\System32\Drivers\usbport.sys
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\usbport.sys - ok
00:10:28.0980 0x04a0  [ 7D87B5B6C7188D553E11B59DC7F0B111, FC633DB71E1D72E8AD8F89BBB54324CC6ED17F5594EF55DD0BDB58EE1F601FF5 ] C:\Windows\System32\Drivers\hdaudbus.sys
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\hdaudbus.sys - ok
00:10:28.0980 0x04a0  [ 080417AC9E51B2B29656EC26B62E87F1, F85B0F301396913427CA410AEA302119BBDC625AFDB560D9B7A08E9E622AEB8E ] C:\Windows\System32\Drivers\netr28x.sys
00:10:28.0980 0x04a0  C:\Windows\System32\Drivers\netr28x.sys - ok
00:10:28.0996 0x04a0  [ 62460A45435A26A334907E3F2EA45611, FEF86E05117CC0AAB8211CA1542776EB620BD4699BD590D91F16621ED35B9824 ] C:\Windows\System32\Drivers\vwifibus.sys
00:10:28.0996 0x04a0  C:\Windows\System32\Drivers\vwifibus.sys - ok
00:10:28.0996 0x04a0  [ 34DA0D14F5C3F1883A331AFB975AB434, BB5D580C1DCAE59CC1DB75C411A5A4DDF435931469E7EBFF5DFDADBFE07ADEBF ] C:\Windows\System32\Drivers\Rt630x64.sys
00:10:28.0996 0x04a0  C:\Windows\System32\Drivers\Rt630x64.sys - ok
00:10:28.0996 0x04a0  [ D38250F459BF60D6F4B69B79DCD948CC, E68C864C1A4C9352EA939062F28789ADE9F0672E8CB3F3909D2891786C76F06F ] C:\Windows\System32\Drivers\RtsP2Stor.sys
00:10:28.0996 0x04a0  C:\Windows\System32\Drivers\RtsP2Stor.sys - ok
00:10:28.0996 0x04a0  [ C9E9CBF73AFFBFE3E801EFB516787BA3, 1A850D614BDA6AA4195CC657702BC6242BA51B90131717743182AA160F65E72C ] C:\Windows\System32\Drivers\i8042prt.sys
00:10:28.0996 0x04a0  C:\Windows\System32\Drivers\i8042prt.sys - ok
00:10:28.0996 0x04a0  [ 3F45C3FE208CA5E68832B65C597A35A6, EACE9AAFC01C2BA52F4DA129AEF7BFA3CF7F10146E4F4330CD344BFC39DC959C ] C:\Windows\System32\Drivers\SynTP.sys
00:10:28.0996 0x04a0  C:\Windows\System32\Drivers\SynTP.sys - ok
00:10:29.0011 0x04a0  [ 9F83642C3709D1A4DD49EEE9F48F839D, 65C795FFB5F399D575FDD44D90087429FA99CC04AD469D8805C3C11DD59C1887 ] C:\Windows\System32\Drivers\usbd.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\usbd.sys - ok
00:10:29.0011 0x04a0  [ 8FBD94B69D6423E20ABCD59D86368B21, 218EF992095E365EC917413749856A64D55D8129D77098E24D670843233377F4 ] C:\Windows\System32\Drivers\kbdclass.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\kbdclass.sys - ok
00:10:29.0011 0x04a0  [ 618446B98C79776654340CE27C73485E, EFE7169FDD545933B5949DA2D09266971C0C3E6894E7BD8AFE29E41567C72B16 ] C:\Windows\System32\Drivers\mouclass.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\mouclass.sys - ok
00:10:29.0011 0x04a0  [ 19555D03CB179BED8B8AAA239A36BDA4, 7B975821D52ABE077496B3CFC010B33D478CD2C36E6A74D8F72D2BF582B8C84A ] C:\Windows\System32\Drivers\Smb_driver_Intel.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\Smb_driver_Intel.sys - ok
00:10:29.0011 0x04a0  [ 899B7E724BF19F17978B6A37B864A277, F7D166DC5F7642D4B834B1E0D956929BA94F3E4D402989FC1A681A08FA1F86B6 ] C:\Windows\System32\Drivers\Accelerometer.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\Accelerometer.sys - ok
00:10:29.0011 0x04a0  [ 961A45CC15514178E511BBF1384CE0B8, 3DD66CB079B797736CE0B55579EC4E6B770E4DBC4C117AB9D45C3902FD1D444D ] C:\Windows\System32\Drivers\hidclass.sys
00:10:29.0011 0x04a0  C:\Windows\System32\Drivers\hidclass.sys - ok
00:10:29.0027 0x04a0  [ 346DEF1A9DB0B4133CE0FA38AAF565C0, 5C7190EF5F8C14AD165CB2FEC1261BEF861427F2F4758A48516AD3CFAE3A1DDC ] C:\Windows\System32\Drivers\hidparse.sys
00:10:29.0027 0x04a0  C:\Windows\System32\Drivers\hidparse.sys - ok
00:10:29.0027 0x04a0  [ E15CDF68DD73423F15D4AC404793AF0D, E2D0136AF68D1A73EB3A63C83284B4661222CB0A4AFACCF276CB57CBD4850287 ] C:\Windows\System32\Drivers\intelppm.sys
00:10:29.0027 0x04a0  C:\Windows\System32\Drivers\intelppm.sys - ok
00:10:29.0027 0x04a0  [ 362D47E5B4D67270DE4B8606036F4ADD, 716E229C68D91AEA5B5629F60133D5CBDC0C95ABA54D9DC6264E923CAF4DC6C0 ] C:\Windows\System32\Drivers\raspptp.sys
00:10:29.0027 0x04a0  C:\Windows\System32\Drivers\raspptp.sys - ok
00:10:29.0027 0x04a0  [ 4F2A80D65AE6F845776E2F06AE6782ED, 2455537C048115435D9EDE4B18F9F54C43912076AEF36BDEFEC35AF2140B8B2E ] C:\Windows\System32\Drivers\WirelessButtonDriver64.sys
00:10:29.0027 0x04a0  C:\Windows\System32\Drivers\WirelessButtonDriver64.sys - ok
00:10:29.0027 0x04a0  [ E2A596CACFC6504306CDB7B593B90084, DF89CF57249553CE922C841F18B99A213185FA1099C053B9BB8C0F6E5BC3FEC0 ] C:\Windows\System32\Drivers\wmiacpi.sys
00:10:29.0027 0x04a0  C:\Windows\System32\Drivers\wmiacpi.sys - ok
00:10:29.0043 0x04a0  [ A14D625C5AEE5FFE0F47D1A1D419FAAE, 1229B81C23340AD5B436B1FD227876EB41715CE6BD270BA367F18879D26B8F04 ] C:\Windows\System32\Drivers\rasl2tp.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\rasl2tp.sys - ok
00:10:29.0043 0x04a0  [ 00695B9C2DB6111064499C529E90C042, 3CD4DF4D8001C2BBF52EEEB1F0D587209878BEAC339D268892477AD840D490F1 ] C:\Windows\System32\Drivers\raspppoe.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\raspppoe.sys - ok
00:10:29.0043 0x04a0  [ 36C27EA76685391BC5CAA1FA25E29FBF, 413FFEA5D9E1CBA24E5B0DA62B59FA39AE31787762057AFF8AFD2B59C8EBFB08 ] C:\Windows\System32\Drivers\ks.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\ks.sys - ok
00:10:29.0043 0x04a0  [ 3730942D7DB2F8BB5F84542B7FF6F650, 89C9D7D7305205BDB304CE6DA7D1A57EDE86A9D77429698802A39D75EB78CAAB ] C:\Windows\System32\Drivers\ndproxy.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\ndproxy.sys - ok
00:10:29.0043 0x04a0  [ CA7DF5EC95D8DE0DD24BE7FF97369F68, 153E6F716CA935DBCACB8FF1BB8DE5F5551CE3D18878225470E45893CA69BDB8 ] C:\Windows\System32\Drivers\rdpbus.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\rdpbus.sys - ok
00:10:29.0043 0x04a0  [ 4AFD66AAE74FFB5986BC240744DC5FC9, 0C9347614E3FD3B4D3B29FA4A5DA23FF6EE4CD9A1FFC378B855B8DE61B2876CF ] C:\Windows\System32\Drivers\swenum.sys
00:10:29.0043 0x04a0  C:\Windows\System32\Drivers\swenum.sys - ok
00:10:29.0058 0x04a0  [ F8C2A832DF9403F5EA8080CBDBDA95FB, 50E9455465672BC13EB945BEC132D2F30BA2EB25C68928D2B4C256F2DB292A83 ] C:\Windows\System32\Drivers\usbhub.sys
00:10:29.0058 0x04a0  C:\Windows\System32\Drivers\usbhub.sys - ok
00:10:29.0058 0x04a0  [ 2E3EDE81672653E0C759F0A1135F704F, DD670B8F3997D5C9B36968CD1E1EDCD5292E3EA553C2EAFCA8A0D5F88964D7A6 ] C:\Windows\System32\clbcatq.dll
00:10:29.0058 0x04a0  C:\Windows\System32\clbcatq.dll - ok
00:10:29.0058 0x04a0  [ 7653DB77F0DB2A50392F015321E42E37, C53F7A8C36CDEFF0322A74EEE203490E7F821BEDAC68A9A416B2EAC9A3EA314B ] C:\Windows\System32\setupapi.dll
00:10:29.0058 0x04a0  C:\Windows\System32\setupapi.dll - ok
00:10:29.0058 0x04a0  [ F85D33830D2655FB2916667579D45725, 71E81E2EFC09A845BA1F5A2EC0B50EF71601ADD8EBA8C6FB9554D0D6A44DADF9 ] C:\Windows\System32\msctf.dll
00:10:29.0058 0x04a0  C:\Windows\System32\msctf.dll - ok
00:10:29.0058 0x04a0  [ 7D3FD710460FC0155C0F6A877AE46A48, 7A8A86DC18F0163AF9C04E09B6B9A2CFB5298A4E77A18B2184EFA858E4F93F88 ] C:\Windows\System32\urlmon.dll
00:10:29.0058 0x04a0  C:\Windows\System32\urlmon.dll - ok
00:10:29.0058 0x04a0  [ CC81790E0A18535853C33BABBFF15D56, 03D086F691038A1291EF4F517C36B231AC6002A08ABD3C8258E430C6F1F289E8 ] C:\Windows\System32\lpk.dll
00:10:29.0058 0x04a0  C:\Windows\System32\lpk.dll - ok
00:10:29.0074 0x04a0  [ 2299D30B0C3F41687127DDAC5B3CAC32, FCE9322707F415144D4DF5417142CE475AB0360C16B8B2930AC12BE4781275B0 ] C:\Windows\System32\gdi32.dll
00:10:29.0074 0x04a0  C:\Windows\System32\gdi32.dll - ok
00:10:29.0074 0x04a0  [ 2AE813F005223E5B39E0C4D7B8314732, 3F24D78F2F0B61B9ED24A06D6792CF7732E3A17B94A8F71ACB29D04A8918113F ] C:\Windows\System32\wow64win.dll
00:10:29.0074 0x04a0  C:\Windows\System32\wow64win.dll - ok
00:10:29.0074 0x04a0  [ 8D06EB11925D312D276C672CF5E8EE9C, 44032C8E573A326CAE5A2037035DFC41E5BAC5E324282A3D4826A5C554216A8B ] C:\Windows\System32\iertutil.dll
00:10:29.0074 0x04a0  C:\Windows\System32\iertutil.dll - ok
00:10:29.0074 0x04a0  [ 2AFD6F0E07EDE3E7B31C3EE2DA6C403C, F5C8E8AA5559AF4E7BA4EAF9CE2381C80A9E316808D672EF5DFAA9AB5A7FFC79 ] C:\Windows\System32\shell32.dll
00:10:29.0074 0x04a0  C:\Windows\System32\shell32.dll - ok
00:10:29.0074 0x04a0  [ DA66D6D4A0B77D57F5CF449B1231010F, 4F590109EC31F8761FDFD5C4149165B36B2A93C423F577FEF85B221DE8CE47C2 ] C:\Windows\System32\imm32.dll
00:10:29.0074 0x04a0  C:\Windows\System32\imm32.dll - ok
00:10:29.0074 0x04a0  [ AECED95ACFDCF96757EDD8D0CFFE34B8, A76487C0572BC588BA0B87A15B1341674EA54C55AE95565086927007FF1EDFB6 ] C:\Windows\System32\msvcrt.dll
00:10:29.0074 0x04a0  C:\Windows\System32\msvcrt.dll - ok
00:10:29.0089 0x04a0  [ 75CB0458521FFA420E4230A931E4517B, 319B06970F31528A81C86BD965BE901D602158CA9822F6EAE7C3A51BE68EAD2E ] C:\Windows\System32\normaliz.dll
00:10:29.0089 0x04a0  C:\Windows\System32\normaliz.dll - ok
00:10:29.0089 0x04a0  [ 6BDCC68E85A386414E4E028DEB768350, 3D8BE9951B23EB3724D2DBA58138484CA0D42296F6E7668463CA049982FF67C9 ] C:\Windows\System32\rpcrt4.dll
00:10:29.0089 0x04a0  C:\Windows\System32\rpcrt4.dll - ok
00:10:29.0089 0x04a0  [ BB1B37C53D09CA41E2A55DD9D6C1B32E, 7620EC9436EF154FE66368385EBA4C6335AC3ECF4F7E7F72356C60E3614BA4F0 ] C:\Windows\System32\oleaut32.dll
00:10:29.0089 0x04a0  C:\Windows\System32\oleaut32.dll - ok
00:10:29.0089 0x04a0  [ 544A2EB9629532C6C8D4FE7DB9181FA4, FC3780AC14ED98AF194E4EC09346EEB03C8673DDAD59AFBFDEACD23395552727 ] C:\Windows\System32\imagehlp.dll
00:10:29.0089 0x04a0  C:\Windows\System32\imagehlp.dll - ok
00:10:29.0089 0x04a0  [ 79EDF01FA13D886F8E1B655D542011FB, 52453D60D76720668CEEC9C103C0EFBD09173EDC4F0BFF5F76DD65223EA4F1BD ] C:\Windows\System32\wininet.dll
00:10:29.0089 0x04a0  C:\Windows\System32\wininet.dll - ok
00:10:29.0089 0x04a0  [ 1D2731630A5437C54217CDE1C4830F81, 153E04E449A05B902CF956F0C48490C7279158757C484550AD725DEB45998620 ] C:\Windows\System32\ole32.dll
00:10:29.0105 0x04a0  C:\Windows\System32\ole32.dll - ok
00:10:29.0105 0x04a0  [ 0341C9184C252000D1AD396C71CFD860, 910155B34763EDA22EC7D63625B4177B00F8B3AA2F68B807E26B10BCB0540547 ] C:\Windows\System32\combase.dll
00:10:29.0105 0x04a0  C:\Windows\System32\combase.dll - ok
00:10:29.0105 0x04a0  [ 2E5B349ACDA36C20612795754DB93312, 323A623FEF29F20E364528B58CF5C188B550F2CD38E9ED64B34071C74B9BC391 ] C:\Windows\System32\ws2_32.dll
00:10:29.0105 0x04a0  C:\Windows\System32\ws2_32.dll - ok
00:10:29.0105 0x04a0  [ 8542BEA78795403D705A21B83ABD589F, 73FBD20662212323CBE6EB091994E89BFF86538C073EBA7C9C1AC321EF25B888 ] C:\Windows\System32\GdiPlus.dll
00:10:29.0105 0x04a0  C:\Windows\System32\GdiPlus.dll - ok
00:10:29.0105 0x04a0  [ B74C50954E234506548CBBF3933AF391, 50A1C0704069AAD9E7158689C521442CE8F29F47F247A6E3FCBCBB107E665ADA ] C:\Windows\System32\wow64.dll
00:10:29.0105 0x04a0  C:\Windows\System32\wow64.dll - ok
00:10:29.0105 0x04a0  [ 6B3F1596000CB33F73E14B6F7D5CFF82, 4DA1A14B39413F19D507B8371C99F9265E3FC17DC7F0842057B254C9D5ADD69D ] C:\Windows\System32\difxapi.dll
00:10:29.0105 0x04a0  C:\Windows\System32\difxapi.dll - ok
00:10:29.0105 0x04a0  [ 85B5B3797315F714A62AC986FFB2B17E, DF6590235BA33AFF42F7153646DA70C600EC607C1E01BBB58C468A54E0E795EF ] C:\Windows\System32\sechost.dll
00:10:29.0105 0x04a0  C:\Windows\System32\sechost.dll - ok
00:10:29.0121 0x04a0  [ 3A30E09AAA2BB060D39C8FA5E20D4FA3, F172A0F7194D73AD4A11A4B1C12459385C64F334E471C25E3471B8B57EED6E5C ] C:\Windows\System32\advapi32.dll
00:10:29.0121 0x04a0  C:\Windows\System32\advapi32.dll - ok
00:10:29.0121 0x04a0  [ 46501A8D9CF0383A104120810E1BABA6, 8062AB1FC35F61448D08E26919FD7DA3F91D807C912E41321918F24C4ADBBA1D ] C:\Windows\System32\shlwapi.dll
00:10:29.0121 0x04a0  C:\Windows\System32\shlwapi.dll - ok
00:10:29.0121 0x04a0  [ A99AD14F26BDA7D7F27F76BC91B7EED7, 98491CFA2524A9650367BEF87814A58B198F467335C6AB7A446004A9D0320EC6 ] C:\Windows\System32\user32.dll
00:10:29.0121 0x04a0  C:\Windows\System32\user32.dll - ok
00:10:29.0121 0x04a0  [ E5F7328B1D29BCE791862CD3C0DD382A, E520D75CA6E4EDB06F576D97FB6B7CFD46A3EF3A3AC881537DE3BB8C862FE8C3 ] C:\Windows\System32\Drivers\USBHUB3.SYS
00:10:29.0121 0x04a0  C:\Windows\System32\Drivers\US