Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with ZeroAccess Rootkit, repeated scanning has not eliminated it


  • Please log in to reply
12 replies to this topic

#1 Avee1977

Avee1977

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 October 2013 - 03:04 PM

Dear Bleeping Computers team,

 

a few days ago, I became aware that my laptop has been infected with the Zero Access rootkit (shows up as Google Update.exe). I read through various forums etc., scanned my computer with different programs, and told them whenever they found it, to remove it. So far, this has not helped; another rootkit malware removal program was also not successful.

 

My system is Windows 8.

 

Could you please help me remove it? I think it's already acting in the background, my ISP threatened to cut me off today, because they claim that viruses/trojans/etc. are being sent from my IP address.

 

Thank you for your help!

 

Best wishes,

 

Anke



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 October 2013 - 03:18 PM

Hello Anke,
 
Lets do this one if you haven't
 

Download Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

Edited by boopme, 02 October 2013 - 03:22 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 October 2013 - 03:29 PM

Hi,

 

here is the log file from rkill:

 

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/02/2013 10:27:32 PM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * ALERT: ZEROACCESS rootkit symptoms found!

     * C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\ﯹ๛\ [ZA Dir]
     * C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\ [ZA Dir]
     * C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\ [ZA Dir]
     * C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\ [ZA Dir]
     * C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
     * C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
     * C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\ [ZA Dir]

Checking Windows Service Integrity:

 * PcaSvc [Missing Service]
 * PolicyAgent [Missing Service]
 * RemoteAccess [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/02/2013 10:28:13 PM
Execution time: 0 hours(s), 0 minute(s), and 41 seconds(s)
 



#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 October 2013 - 03:33 PM

OK, lets see what MBAR -- Malwarebytes Anti-Rootkit does.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 October 2013 - 03:41 PM

Here it goes...

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.09.28.06

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Anke :: ANKE-LAPTOP [limited]

02.10.2013 22:29:55
mbam-log-2013-10-02 (22-29-55).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 224708
Time elapsed: 7 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

 

(Although I have to add that I already scanned my computer twice with Malwarebytes today; first time it found PUP.Optional.Installrex, second time it found nothing).

 

Already gotta say thanks for your willingness to help! :)



#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 October 2013 - 03:43 PM

No no... Not Mbam but MBAR Anti-Rootkit ... see post 2.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 October 2013 - 03:45 PM

Oh, sorry. Will do that and get back to you.



#8 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 02 October 2013 - 04:40 PM

mbar-log says:

Malwarebytes Anti-Rootkit BETA 1.07.0.1005
www.malwarebytes.org

Database version: v2013.10.02.11

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16688
Anke :: ANKE-LAPTOP [administrator]

02.10.2013 23:10:03
mbar-log-2013-10-02 (23-10-03).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 251479
Time elapsed: 27 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 14
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙ (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨ (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U (Trojan.0Access) -> Delete on reboot.
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\    (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \... (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛ (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\l (Trojan.0Access) -> Delete on reboot.
c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\u (Trojan.0Access) -> Delete on reboot.
C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} (Trojan.0Access) -> Delete on reboot.

Files Detected: 7
C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\@ (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\@ (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L\00000004.@ (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L\76603ac3 (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\00000004.@ (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\00000008.@ (Trojan.0Access) -> Delete on reboot.
c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\000000cb.@ (Trojan.0Access) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)
 

 

 

System log says:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Non-administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4239679488, free: 1639297024

Downloaded database version: v2013.10.02.11
Downloaded database version: v2013.09.30.01
=======================================
Initializing...
------------ Kernel report ------------
     10/02/2013 22:46:33
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\hitmanpro37.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\SFEP.sys
\SystemRoot\System32\drivers\sows.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_vdp.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800606a060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c20060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800606a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800606ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800606a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c20c30, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004c20060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 39BCC613

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1281925613
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid ebb41adb-d85a-44c6-8536-8591d9e6ac21
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 616149231
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid a4eaa24a-71ca-49ff-ba2e-9dda637ac0ef
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type f4019732-66e-4e12-8273-346c5641494f
    Partition ID fe979ce2-3a89-4b5c-8d38-939cdd7a2c6
    FirstLBA 2048  Last LBA 534527
    Attributes 1
    Partition Name                 EFI system partition

    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e3cfaa59-175-4733-8320-8c4267ff3cf5
    FirstLBA 534528  Last LBA 3553279
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 991f7db4-fc44-4a4f-8d7f-a29aea116341
    FirstLBA 3553280  Last LBA 4085759
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 2 is bootable
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9614d6a4-98b1-4309-9310-ae4f738d5952
    FirstLBA 4085760  Last LBA 4347903
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 496539a1-80be-49e6-96c9-f553a0fc216b
    FirstLBA 4347904  Last LBA 918505471
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e401e67f-433c-439d-bb3d-79a34a68787a
    FirstLBA 918505472  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1005

© Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16688

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.395000 GHz
Memory total: 4239679488, free: 2941001728

Downloaded database version: v2013.10.02.11
Downloaded database version: v2013.09.30.01
=======================================
Initializing...
------------ Kernel report ------------
     10/02/2013 23:09:47
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\hitmanpro37.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\wd.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\aswSnx.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\Drivers\aswTdi.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\Drivers\aswrdr2.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\Drivers\ElbyCDIO.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\SystemRoot\System32\Drivers\aswSP.SYS
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\System32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\RtsPStor.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\SFEP.sys
\SystemRoot\System32\drivers\sows.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\system32\DRIVERS\VClone.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\system32\drivers\AtihdW86.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\mouhid.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_vdp.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\System32\Drivers\aswFsBlk.SYS
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800606b060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000036\
Lower Device Object: 0xfffffa8004c1c060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800606b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800606bb10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800606b060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8004c1ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004c1c060, DeviceName: \Device\00000036\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 39BCC613

GPT Protective MBR Partition information:

    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

GPT Partition information:

    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 1281925613
    GPT Header CurrentLba = 1 BackupLba 976773167
    GPT Header FirstUsableLba 34  LastUsableLba 976773134
    GPT Header Guid ebb41adb-d85a-44c6-8536-8591d9e6ac21
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128

    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 616149231
    Backup GPT header CurrentLba = 976773167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134
    Backup GPT header Guid a4eaa24a-71ca-49ff-ba2e-9dda637ac0ef
    Backup GPT header Contains 128 partition entries starting at LBA 976773135
    Backup GPT header Partition entry size = 128

    Partition 0 Type f4019732-66e-4e12-8273-346c5641494f
    Partition ID fe979ce2-3a89-4b5c-8d38-939cdd7a2c6
    FirstLBA 2048  Last LBA 534527
    Attributes 1
    Partition Name                 EFI system partition

    Partition 1 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e3cfaa59-175-4733-8320-8c4267ff3cf5
    FirstLBA 534528  Last LBA 3553279
    Attributes 1
    Partition Name                 Basic data partition

    Partition 2 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID 991f7db4-fc44-4a4f-8d7f-a29aea116341
    FirstLBA 3553280  Last LBA 4085759
    Attributes 0
    Partition Name                 EFI system partition

    GPT Partition 2 is bootable
    Partition 3 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID 9614d6a4-98b1-4309-9310-ae4f738d5952
    FirstLBA 4085760  Last LBA 4347903
    Attributes 0
    Partition Name         Microsoft reserved partition

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 496539a1-80be-49e6-96c9-f553a0fc216b
    FirstLBA 4347904  Last LBA 918505471
    Attributes 0
    Partition Name                 Basic data partition

    Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID e401e67f-433c-439d-bb3d-79a34a68787a
    FirstLBA 918505472  Last LBA 976773119
    Attributes 1
    Partition Name                 Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\@ --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U --> [Trojan.0Access]
Infected: C:\Users\Anke\AppData\Local\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\@ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\l --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\u --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\00000008.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\   \...\‮ﯹ๛\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1}\U\000000cb.@ --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{497a3aaa-e673-eaf8-b830-a716d4e1e6e1} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
 



#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 02 October 2013 - 07:07 PM

Ahhh that's much better..

PLease do these next so we know it is clean.

REBOOT the machine to complete that removal..

Please download MiniToolBox, save it to your desktop and run it.
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


    Rerun RKIll,post the log.



    Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  • .
    .
    .
    ADW Cleaner

    Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
  • Last run ESET.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 03 October 2013 - 05:23 AM

Here's the log from Minitool box:

MiniToolBox by Farbar  Version: 13-07-2013
Ran by Anke (administrator) on 03-10-2013 at 07:39:05
Running from "C:\Users\Anke\Downloads"
Microsoft Windows 8  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Qualcomm Atheros AR9485WB-EG Wireless Network Adapter = WiFi (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
Bluetooth-Gerät (PAN) = Bluetooth-Netzwerkverbindung (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="LAN-Verbindung* 9" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="WiFi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="LAN-Verbindung* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth-Netzwerkverbindung" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="other_1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : Anke-Laptop
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : Speedport_W_723V_1_28_000

Ethernet adapter Bluetooth-Netzwerkverbindung:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth-Ger„t (PAN)
   Physical Address. . . . . . . . . : A4-17-31-C6-0C-EC
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter LAN-Verbindung* 1:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Virtueller Microsoft-Adapter fr direktes WiFi
   Physical Address. . . . . . . . . : 16-17-31-C6-0C-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : elisa-laajakaista.fi
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 30-F9-ED-C6-EC-42
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . : Speedport_W_723V_1_28_000
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
   Physical Address. . . . . . . . . : A4-17-31-C6-0C-EB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f582:e852:592b:6912%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.2.103(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Mittwoch, 2. Oktober 2013 23:43:48
   Lease Expires . . . . . . . . . . : Sonntag, 9. November 2149 14:07:27
   Default Gateway . . . . . . . . . : 192.168.2.1
   DHCP Server . . . . . . . . . . . : 192.168.2.1
   DHCPv6 IAID . . . . . . . . . . . : 262412081
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-1B-02-27-A4-17-31-C6-0C-EB
   DNS Servers . . . . . . . . . . . : fe80::1%12
                                       192.168.2.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Speedport_W_723V_1_28_000:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : Speedport_W_723V_1_28_000
   Description . . . . . . . . . . . : Microsoft-ISATAP-Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:78cf:57:22ac:3f57:fd98(Preferred)
   Link-local IPv6 Address . . . . . : fe80::57:22ac:3f57:fd98%18(Preferred)
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  UnKnown
Address:  fe80::1

Name:    google.com
Addresses:  2a00:1450:4001:804::1009
      173.194.70.102
      173.194.70.101
      173.194.70.138
      173.194.70.100
      173.194.70.139
      173.194.70.113


Pinging google.com [173.194.70.102] with 32 bytes of data:
Reply from 173.194.70.102: bytes=32 time=23ms TTL=50
Reply from 173.194.70.102: bytes=32 time=23ms TTL=50

Ping statistics for 173.194.70.102:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 23ms, Maximum = 23ms, Average = 23ms
Server:  UnKnown
Address:  fe80::1

Name:    yahoo.com
Addresses:  98.139.183.24
      98.138.253.109
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=140ms TTL=53
Reply from 98.139.183.24: bytes=32 time=153ms TTL=53

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 140ms, Maximum = 153ms, Average = 146ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 17...a4 17 31 c6 0c ec ......Bluetooth-Ger„t (PAN)
 14...16 17 31 c6 0c eb ......Virtueller Microsoft-Adapter fr direktes WiFi
 13...30 f9 ed c6 ec 42 ......Realtek PCIe GBE Family Controller
 12...a4 17 31 c6 0c eb ......Qualcomm Atheros AR9485WB-EG Wireless Network Adapter
  1...........................Software Loopback Interface 1
 20...00 00 00 00 00 00 00 e0 Microsoft-ISATAP-Adapter
 18...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.2.1    192.168.2.103     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.2.0    255.255.255.0         On-link     192.168.2.103    281
    192.168.2.103  255.255.255.255         On-link     192.168.2.103    281
    192.168.2.255  255.255.255.255         On-link     192.168.2.103    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.2.103    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.2.103    281
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 18    306 ::/0                     On-link
  1    306 ::1/128                  On-link
 18    306 2001::/32                On-link
 18    306 2001:0:9d38:78cf:57:22ac:3f57:fd98/128
                                    On-link
 12    281 fe80::/64                On-link
 18    306 fe80::/64                On-link
 18    306 fe80::57:22ac:3f57:fd98/128
                                    On-link
 12    281 fe80::f582:e852:592b:6912/128
                                    On-link
  1    306 ff00::/8                 On-link
 18    306 ff00::/8                 On-link
 12    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [67584] (Microsoft Corporation)
Catalog5 04 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [21504] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [289280] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"

x64-Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"

x64-Catalog5 06 C:\Windows\System32\winrnr.dll [53760] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [64000] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [355328] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (10/02/2013 11:13:57 PM) (Source: Application Hang) (User: )
Description: The program firefox.exe version 23.0.1.4974 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 740

Start Time: 01cebfb406e4a8a7

Termination Time: 4

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 893b00c1-2ba7-11e3-be8b-a41731c60cec

Faulting package full name:

Faulting package-relative application ID:

Error: (10/02/2013 11:10:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2013 09:40:52 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2013 05:10:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2013 05:07:32 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/02/2013 05:05:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Anke-Laptop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2013 05:05:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Anke-Laptop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2013 05:05:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Anke-Laptop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2013 05:05:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Anke-Laptop)
Description: Activation of app windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/02/2013 05:05:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Anke-Laptop)
Description: App windows.immersivecontrolpanel_cw5n1h2txyewy!microsoft.windows.immersivecontrolpanel did not launch within its allotted time.


System errors:
=============
Error: (10/02/2013 11:45:10 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume5\Program Files\AVAST Software\Avast\AvastSvc.exe

Error: (10/02/2013 11:45:07 PM) (Source: mbamchameleon) (User: )
Description: \Device\HarddiskVolume5\PROGRAM FILES\AVAST SOFTWARE\AVAST\AVASTSVC.EXE

Error: (10/02/2013 11:43:54 PM) (Source: Service Control Manager) (User: )
Description: The McAfee OOBE Service2 service failed to start due to the following error:
%%2

Error: (10/02/2013 11:43:52 PM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (10/02/2013 11:43:37 PM) (Source: Service Control Manager) (User: )
Description: Detected circular dependencies auto-starting services. Check the service dependency tree.

Error: (10/02/2013 11:43:37 PM) (Source: Service Control Manager) (User: )
Description: The EsgScanner service depends on a service in a group which starts later. Change the order in the service dependency tree to ensure that all services required to start this service are starting before this service is started.

Error: (10/02/2013 11:43:14 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT-AUTORITÄT)
Description: 0xc000014d0

Error: (10/02/2013 11:42:52 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (10/02/2013 11:42:52 PM) (Source: mbamchameleon) (User: )
Description: C01C0005

Error: (10/02/2013 11:42:28 PM) (Source: Service Control Manager) (User: )
Description: The Windows Update service did not shut down properly after receiving a preshutdown control.


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

µTorrent (Version: 2.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Digital Editions 2.0 (Version: 2.0)
Adobe Dreamweaver CS6 (Version: 12)
Adobe Flash Player 11 Plugin (Version: 11.8.800.168)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Reader X (10.1.7) MUI (Version: 10.1.7)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Agatha Christie - Death on the Nile (Version: 2.2.0.98)
Aloha TriPeaks (Version: 2.2.0.98)
Amazon Kindle
AMD APP SDK Runtime (Version: 10.0.938.2)
AMD Catalyst Install Manager (Version: 8.0.881.0)
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Photo Optimizer 4 v.4.0.3 (Version: 4.0.3)
Ashampoo Slideshow Studio 2012 v.1.0.2 (Version: 1.0.2)
avast! Free Antivirus (Version: 8.0.1497.0)
Bahire Hasab 2008
Bejeweled 3 (Version: 2.2.0.98)
BibleWorks 8 (Version: 1.00.000)
Bing Bar (Version: 7.3.107.0)
Bonjour (Version: 1.0.106)
BYOJeopardy .NET (Version: 1.3.4.0)
Canon MG5100 series MP Drivers
Canon MP Navigator EX 4.0
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center (Version: 2012.0806.1156.19437)
Catalyst Control Center Graphics Previews Common (Version: 2012.0806.1156.19437)
Catalyst Control Center InstallProxy (Version: 2012.0806.1156.19437)
Catalyst Control Center Localization All (Version: 2012.0806.1156.19437)
CCC Help Chinese Standard (Version: 2012.0806.1155.19437)
CCC Help Chinese Traditional (Version: 2012.0806.1155.19437)
CCC Help Czech (Version: 2012.0806.1155.19437)
CCC Help Danish (Version: 2012.0806.1155.19437)
CCC Help Dutch (Version: 2012.0806.1155.19437)
CCC Help English (Version: 2012.0806.1155.19437)
CCC Help Finnish (Version: 2012.0806.1155.19437)
CCC Help French (Version: 2012.0806.1155.19437)
CCC Help German (Version: 2012.0806.1155.19437)
CCC Help Greek (Version: 2012.0806.1155.19437)
CCC Help Hungarian (Version: 2012.0806.1155.19437)
CCC Help Italian (Version: 2012.0806.1155.19437)
CCC Help Japanese (Version: 2012.0806.1155.19437)
CCC Help Korean (Version: 2012.0806.1155.19437)
CCC Help Norwegian (Version: 2012.0806.1155.19437)
CCC Help Polish (Version: 2012.0806.1155.19437)
CCC Help Portuguese (Version: 2012.0806.1155.19437)
CCC Help Russian (Version: 2012.0806.1155.19437)
CCC Help Spanish (Version: 2012.0806.1155.19437)
CCC Help Swedish (Version: 2012.0806.1155.19437)
CCC Help Thai (Version: 2012.0806.1155.19437)
CCC Help Turkish (Version: 2012.0806.1155.19437)
ccc-utility64 (Version: 2012.0806.1156.19437)
Chuzzle Deluxe (Version: 2.2.0.95)
Cooking Academy 3 Recipe for Success 1.00
Cradle Of Egypt Collector's Edition (Version: 2.2.0.110)
CyberLink Power2Go 8 (Version: 8.0.0.1923)
CyberLink PowerDVD (Version: 9.0.5601.52)
DjVuLibre DjView  3.5.25.4+4.9.2 (Version: 3.5.25.4+4.9.2)
Dropbox (Version: 2.0.26)
FATE (Version: 2.2.0.97)
FDUx86 (Version: 1.0.0)
GameHouse Games Collection: Academy of Magic
GameHouse Games Collection: Adventure Inlay
GameHouse Games Collection: Adventure Inlay - Safari Edition
GameHouse Games Collection: Air Strike 3D
GameHouse Games Collection: Alien Sky
GameHouse Games Collection: Aloha Solitaire
GameHouse Games Collection: Aloha TriPeaks
GameHouse Games Collection: Ancient Tri-Jong
GameHouse Games Collection: Ancient Tripeaks
GameHouse Games Collection: Astrobatics
GameHouse Games Collection: Atlantis
GameHouse Games Collection: Atomaders
GameHouse Games Collection: Bejeweled 2
GameHouse Games Collection: Bewitched
GameHouse Games Collection: Big Kahuna Reef
GameHouse Games Collection: Boggle Supreme
GameHouse Games Collection: Bounce Out Blitz
GameHouse Games Collection: Casino Island To Go
GameHouse Games Collection: Chainz
GameHouse Games Collection: Chainz 2 - Relinked
GameHouse Games Collection: Charm Solitaire
GameHouse Games Collection: Charm Tale
GameHouse Games Collection: Chicktionary
GameHouse Games Collection: Chuzzle Deluxe
GameHouse Games Collection: Collapse! Crunch
GameHouse Games Collection: Combo Chaos!
GameHouse Games Collection: Crystal Path
GameHouse Games Collection: Cubis Gold 2
GameHouse Games Collection: Digby's Donuts
GameHouse Games Collection: Diner Dash
GameHouse Games Collection: Feeding Frenzy
GameHouse Games Collection: Fiber Twig
GameHouse Games Collection: Five Card Deluxe
GameHouse Games Collection: Flip Words
GameHouse Games Collection: Flying Leo
GameHouse Games Collection: Fortune Tiles Gold
GameHouse Games Collection: Fresco Wizard
GameHouse Games Collection: GameHouse Sudoku
GameHouse Games Collection: Gearz
GameHouse Games Collection: Granny in Paradise
GameHouse Games Collection: Gutterball
GameHouse Games Collection: Gutterball 2
GameHouse Games Collection: Hamsterball
GameHouse Games Collection: Hello!
GameHouse Games Collection: Holiday Express
GameHouse Games Collection: Iggle Pop!
GameHouse Games Collection: Incadia
GameHouse Games Collection: Incredible Ink
GameHouse Games Collection: Insaniquarium Deluxe
GameHouse Games Collection: Inspector Parker
GameHouse Games Collection: Invadazoid
GameHouse Games Collection: Jewel Quest
GameHouse Games Collection: Lemonade Tycoon
GameHouse Games Collection: Luxor
GameHouse Games Collection: Mad Caps
GameHouse Games Collection: Magic Ball 2
GameHouse Games Collection: Magic Ball 2 - New Worlds
GameHouse Games Collection: Magic Inlay
GameHouse Games Collection: Magic Vines
GameHouse Games Collection: Mah Jong Adventures
GameHouse Games Collection: Mah Jong Medley
GameHouse Games Collection: Mah Jong Quest
GameHouse Games Collection: Mahjong Garden To Go
GameHouse Games Collection: Mahjong Towers Eternity
GameHouse Games Collection: Maui Wowee
GameHouse Games Collection: Phlinx To Go
GameHouse Games Collection: Pin High Country Club Golf
GameHouse Games Collection: Pizza Frenzy
GameHouse Games Collection: Platypus
GameHouse Games Collection: Poker Superstars
GameHouse Games Collection: Puzzle Express
GameHouse Games Collection: Puzzle Inlay
GameHouse Games Collection: Puzzle Solitaire
GameHouse Games Collection: QBz
GameHouse Games Collection: Reader's Digest Super Word Power
GameHouse Games Collection: Ricochet
GameHouse Games Collection: Ricochet Lost Worlds
GameHouse Games Collection: Ricochet Lost Worlds - Recharged
GameHouse Games Collection: Roller Rush
GameHouse Games Collection: Saints & Sinners Bingo
GameHouse Games Collection: SCRABBLE
GameHouse Games Collection: Shape Shifter
GameHouse Games Collection: Slingo Deluxe
GameHouse Games Collection: Spelvin
GameHouse Games Collection: Splash
GameHouse Games Collection: Spring Sprang Sprung
GameHouse Games Collection: Super 5-Line Slots
GameHouse Games Collection: Super Blackjack!
GameHouse Games Collection: Super Bounce Out!
GameHouse Games Collection: Super Candy Cruncher
GameHouse Games Collection: Super Collapse!
GameHouse Games Collection: Super Collapse! II
GameHouse Games Collection: Super Collapse! II Platinum
GameHouse Games Collection: Super Fruit Frolic
GameHouse Games Collection: Super GameHouse Solitaire Vol. 1
GameHouse Games Collection: Super GameHouse Solitaire Vol. 2
GameHouse Games Collection: Super GameHouse Solitaire Vol. 3
GameHouse Games Collection: Super Gem Drop
GameHouse Games Collection: Super Glinx!
GameHouse Games Collection: Super Letter Linker
GameHouse Games Collection: Super Mah Jong Solitaire
GameHouse Games Collection: Super Nisqually
GameHouse Games Collection: Super PileUp!
GameHouse Games Collection: Super Pool
GameHouse Games Collection: Super Pop & Drop!
GameHouse Games Collection: Super Rumble Cube
GameHouse Games Collection: Super SpongeBob Collapse!
GameHouse Games Collection: Super TextTwist
GameHouse Games Collection: Super WHATword
GameHouse Games Collection: Super Wild Wild Words
GameHouse Games Collection: Tap a Jam
GameHouse Games Collection: Ten Pin Championship Bowling Pro
GameHouse Games Collection: Tennis Titans
GameHouse Games Collection: Tradewinds 2
GameHouse Games Collection: Trivia Machine
GameHouse Games Collection: Tropical Swaps
GameHouse Games Collection: Tumblebugs
GameHouse Games Collection: Turtle Bay
GameHouse Games Collection: Twistingo
GameHouse Games Collection: Ultimate Dominoes
GameHouse Games Collection: Varmintz Deluxe
GameHouse Games Collection: Walls of Jericho, The
GameHouse Games Collection: Wheel of Fortune
GameHouse Games Collection: Word Jolt
GameHouse Games Collection: Word Slinger
GameHouse Games Collection: WordJong To Go
GameHouse Games Collection: Zuma Deluxe
Google Chrome (Version: 29.0.1547.76)
Heroes of Hellas 3: Athens (Version: 2.2.0.110)
Intel® Management Engine Components (Version: 8.1.0.1252)
Intel® Rapid Storage Technology (Version: 11.5.3.1004)
Intel® Trusted Connect Service Client (Version: 1.24.388.1)
InterVideo DeviceService (Version: 1.0.0)
iTunes (Version: 9.0.2.25)
Java Auto Updater (Version: 2.1.6.0)
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Java™ 7 Update 5 (Version: 7.0.50)
Jpg2Pdf version 1.2 (Version: 1.2)
KUx86 (Version: 1.0.0)
Luxor HD (Version: 2.2.0.110)
Magic ISO Maker v5.5 (build 0281)
MAGIX Slideshow Maker 2 (Version: 2.0.0.8)
Mahjongg Artifacts (Version: 2.2.0.110)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft Office (Version: 14.0.6120.5004)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 23.0.1 (x86 en-US) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
MyFreeCodec
MyTomTom 3.2.0.1220 (Version: 3.2.0.1220)
Paltalk Messenger  11.1 (Version: 11.1.0)
PDF Settings CS6 (Version: 11.0)
PDFCreator (Version: 0.9.9)
pdfforge Toolbar v7.6 (Version: 7.6)
PdfMerge (Version: 1.22.0)
Photo Story 3 for Windows (Version: 3.0.1115.11)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.98)
Polar Bowler (Version: 2.2.0.97)
Power Ge'ez 2009 (Version: 8.0)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206)
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.3)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.3)
Realtek High Definition Audio Driver (Version: 6.0.1.6695)
Realtek PCIE Card Reader (Version: 6.1.8400.28121)
RealUpgrade 1.1 (Version: 1.1.0)
Restore (Version: 1.0.0)
Samsung Kies (Version: 2.6.0.13064_2)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.27.0)
Sandlot Games Client Services
Shared C Run-time for x64 (Version: 10.0.0)
Skype™ 6.6 (Version: 6.6.106)
Spotify (Version: 0.9.4.169.gc0399df6)
SpyHunter (Version: 4.15.1.4270)
SSLx64 (Version: 1.0.0)
SSLx86 (Version: 1.0.0)
Start8 (Version: 1.03)
SWFPlayer 2.6.2.0 (Version: 2.6.2.0)
Synaptics Pointing Device Driver (Version: 16.2.10.5)
Ulead VideoStudio 11 (Version: 11.0.0.0000)
VAIO - Xperia Link (Version: 1.0.0.08170)
VAIO Care (Version: 8.0.0.08150)
VAIO Control Center (Version: 6.0.0.08200)
VAIO Data Restore Tool (Version: 1.10.0.07270)
VAIO Easy Connect (Version: 1.2.0.08150)
VAIO Gate (Version: 3.0.0.08140)
VAIO Gate Default (Version: 3.0.0.08060)
VAIO Gesture Control (Version: 2.0.0.08240)
VAIO Image Optimizer (Version: 3.0.00.08170)
VAIO Improvement (Version: 2.0.0.08090)
VAIO Media Server Settings (Version: 1.0.0.08240)
VAIO Movie Creator Template Data (Version: 4.0.00.08170)
VAIO Update (Version: 6.0.0.08170)
VAIO CPU-Lüfterdiagnose (Version: 1.1.0.09200)
VAIO-Handbuch (Version: 3.0.0.08100)
VAIO-Support für Übertragungen (Version: 1.8.0.08212)
VCCx64 (Version: 1.0.0)
VCCx86 (Version: 1.0.0)
VGClientX64 (Version: 1.0.0)
VHD (Version: 1.0.0)
VideoStudio (Version: 11.0.0.0000)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.98)
VirtualCloneDrive
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VIx64 (Version: 1.0.0)
VIx86 (Version: 1.0.0)
VMLx86 (Version: 1.0.0)
VoipGain (Version: 4.13 build 735)
VPMx64 (Version: 1.0.0)
VSSTx64 (Version: 1.0.0)
VSSTx86 (Version: 1.0.0)
VU5x64 (Version: 1.0.0)
VU5x86 (Version: 1.0.0)
VUx64 (Version: 1.0.0)
VUx86 (Version: 1.0.0)
VWSTx86 (Version: 1.0.0)
WildTangent-Spiele (Version: 1.0.3.0)
WinRAR 4.20 (32-Bit) (Version: 4.20.0)
XperiaLinkx86 (Version: 1.0.0)

========================= Memory info: ===================================

Percentage of memory in use: 30%
Total physical RAM: 4043.27 MB
Available physical RAM: 2820.04 MB
Total Pagefile: 4939.27 MB
Available Pagefile: 3564.18 MB
Total Virtual: 4095.88 MB
Available Virtual: 3969.71 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:435.9 GB) (Free:126.98 GB) NTFS

========================= Users: ========================================

User accounts for \\ANKE-LAPTOP

Administrator            Anke                     Gast                     


**** End of log ****
 

 

The log from the re-run of Rkill:

Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/03/2013 07:41:27 AM in x64 mode.
Windows Version: Windows 8

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * PcaSvc [Missing Service]
 * PolicyAgent [Missing Service]
 * RemoteAccess [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 10/03/2013 07:43:50 AM
Execution time: 0 hours(s), 2 minute(s), and 23 seconds(s)

 

Here the log of TDSS Killer:

07:45:39.0429 5684  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
07:45:39.0429 5684  UEFI system
07:45:39.0660 5684  ============================================================
07:45:39.0660 5684  Current date / time: 2013/10/03 07:45:39.0660
07:45:39.0660 5684  SystemInfo:
07:45:39.0660 5684  
07:45:39.0660 5684  OS Version: 6.2.9200 ServicePack: 0.0
07:45:39.0660 5684  Product type: Workstation
07:45:39.0660 5684  ComputerName: ANKE-LAPTOP
07:45:39.0660 5684  UserName: Anke
07:45:39.0660 5684  Windows directory: C:\Windows
07:45:39.0660 5684  System windows directory: C:\Windows
07:45:39.0660 5684  Running under WOW64
07:45:39.0660 5684  Processor architecture: Intel x64
07:45:39.0660 5684  Number of processors: 2
07:45:39.0660 5684  Page size: 0x1000
07:45:39.0660 5684  Boot type: Normal boot
07:45:39.0660 5684  ============================================================
07:45:40.0545 5684  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:45:40.0547 5684  ============================================================
07:45:40.0547 5684  \Device\Harddisk0\DR0:
07:45:40.0548 5684  GPT partitions:
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {F4019732-066E-4E12-8273-346C5641494F}, UniqueGUID: {FE979CE2-3A89-4B5C-8D38-939CDD7A2C06}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x82000
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E3CFAA59-0175-4733-8320-8C4267FF3CF5}, Name: Basic data partition, StartLBA 0x82800, BlocksNum 0x2E1000
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {991F7DB4-FC44-4A4F-8D7F-A29AEA116341}, Name: EFI system partition, StartLBA 0x363800, BlocksNum 0x82000
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {9614D6A4-98B1-4309-9310-AE4F738D5952}, Name: Microsoft reserved partition, StartLBA 0x3E5800, BlocksNum 0x40000
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {496539A1-80BE-49E6-96C9-F553A0FC216B}, Name: Basic data partition, StartLBA 0x425800, BlocksNum 0x367CF000
07:45:40.0549 5684  \Device\Harddisk0\DR0\Partition6: GPT, TypeGUID: {DE94BBA4-06D1-4D40-A16A-BFD50179D6AC}, UniqueGUID: {E401E67F-433C-439D-BB3D-79A34A68787A}, Name: Basic data partition, StartLBA 0x36BF4800, BlocksNum 0x3791800
07:45:40.0549 5684  MBR partitions:
07:45:40.0549 5684  ============================================================
07:45:40.0596 5684  C: <-> \Device\Harddisk0\DR0\Partition5
07:45:40.0596 5684  ============================================================
07:45:40.0596 5684  Initialize success
07:45:40.0596 5684  ============================================================
07:45:42.0300 3276  ============================================================
07:45:42.0301 3276  Scan started
07:45:42.0302 3276  Mode: Manual;
07:45:42.0302 3276  ============================================================
07:45:44.0740 3276  ================ Scan system memory ========================
07:45:44.0740 3276  System memory - ok
07:45:44.0741 3276  ================ Scan services =============================
07:45:44.0886 3276  [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci        C:\Windows\System32\drivers\1394ohci.sys
07:45:44.0889 3276  1394ohci - ok
07:45:44.0894 3276  [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware           C:\Windows\system32\drivers\3ware.sys
07:45:44.0896 3276  3ware - ok
07:45:44.0960 3276  [ 975AABEB243B800C23626D6B652C5A9C ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:45:44.0962 3276  ACPI - ok
07:45:44.0990 3276  [ DC968C37822117E576B933F34A2D130C ] acpiex          C:\Windows\system32\Drivers\acpiex.sys
07:45:44.0993 3276  acpiex - ok
07:45:45.0074 3276  [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr        C:\Windows\System32\drivers\acpipagr.sys
07:45:45.0076 3276  acpipagr - ok
07:45:45.0082 3276  [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi         C:\Windows\System32\drivers\acpipmi.sys
07:45:45.0083 3276  AcpiPmi - ok
07:45:45.0089 3276  [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime        C:\Windows\System32\drivers\acpitime.sys
07:45:45.0090 3276  acpitime - ok
07:45:45.0313 3276  [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:45:45.0315 3276  AdobeARMservice - ok
07:45:45.0441 3276  [ 3109B16A0939BA11696EEB04F345D099 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:45:45.0449 3276  AdobeFlashPlayerUpdateSvc - ok
07:45:45.0484 3276  [ 93C6388592B99925C1D1576E465BC80F ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:45:45.0489 3276  adp94xx - ok
07:45:45.0502 3276  [ D27763E0247292654E7F7D16444C7C72 ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:45:45.0507 3276  adpahci - ok
07:45:45.0592 3276  [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:45:45.0595 3276  adpu320 - ok
07:45:45.0675 3276  [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:45:45.0678 3276  AeLookupSvc - ok
07:45:45.0745 3276  [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD             C:\Windows\system32\drivers\afd.sys
07:45:45.0749 3276  AFD - ok
07:45:45.0770 3276  [ 01590377A5AB19E792528C628A2A68F9 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:45:45.0771 3276  agp440 - ok
07:45:45.0800 3276  [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG             C:\Windows\System32\alg.exe
07:45:45.0802 3276  ALG - ok
07:45:45.0905 3276  [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
07:45:45.0908 3276  AllUserInstallAgent - ok
07:45:45.0936 3276  [ 1F500945F87AA517BD2F049256B304DD ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:45:45.0942 3276  AMD External Events Utility - ok
07:45:45.0986 3276  [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8           C:\Windows\System32\drivers\amdk8.sys
07:45:45.0988 3276  AmdK8 - ok
07:45:46.0244 3276  [ 2A831A7F9031B5BBA6EF189381D65228 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:45:46.0430 3276  amdkmdag - ok
07:45:46.0455 3276  [ B9ACB2AA40709E060CDC34F13F1C9C8F ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:45:46.0459 3276  amdkmdap - ok
07:45:46.0518 3276  [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM          C:\Windows\System32\drivers\amdppm.sys
07:45:46.0520 3276  AmdPPM - ok
07:45:46.0552 3276  [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:45:46.0554 3276  amdsata - ok
07:45:46.0636 3276  [ 00452671904F5EE94B50BF0219C97164 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:45:46.0644 3276  amdsbs - ok
07:45:46.0649 3276  [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:45:46.0650 3276  amdxata - ok
07:45:46.0654 3276  [ 83B3682CE922FB0F415734B26D9D6233 ] AppID           C:\Windows\system32\drivers\appid.sys
07:45:46.0656 3276  AppID - ok
07:45:46.0677 3276  [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:45:46.0679 3276  AppIDSvc - ok
07:45:46.0726 3276  [ 4F750B7EFCB6520AE01E01D082D7D476 ] Appinfo         C:\Windows\System32\appinfo.dll
07:45:46.0729 3276  Appinfo - ok
07:45:46.0737 3276  [ E933401B392387F4BE34DE8BAF1722A7 ] arc             C:\Windows\system32\drivers\arc.sys
07:45:46.0739 3276  arc - ok
07:45:46.0763 3276  [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:45:46.0766 3276  arcsas - ok
07:45:46.0808 3276  [ A83C9C15680BB9E270ACF7172068E287 ] aswFsBlk        C:\Windows\system32\drivers\aswFsBlk.sys
07:45:46.0809 3276  aswFsBlk - ok
07:45:46.0866 3276  [ 5C40B8D77EBEE1DE0E7A8CDD0CD75773 ] aswMonFlt       C:\Windows\system32\drivers\aswMonFlt.sys
07:45:46.0867 3276  aswMonFlt - ok
07:45:46.0953 3276  [ 997F6977294B9ACB7F400431DF8E3A4A ] aswRdr          C:\Windows\System32\Drivers\aswrdr2.sys
07:45:46.0955 3276  aswRdr - ok
07:45:46.0984 3276  [ 286193DC28CFB4CEB8D378E20A0850A9 ] aswRvrt         C:\Windows\system32\drivers\aswRvrt.sys
07:45:46.0986 3276  aswRvrt - ok
07:45:47.0031 3276  [ 58B93BA20D4693D0800D2B0A62B8059D ] aswSnx          C:\Windows\system32\drivers\aswSnx.sys
07:45:47.0041 3276  aswSnx - ok
07:45:47.0095 3276  [ EC7148DB4D126C81426A67602822E62C ] aswSP           C:\Windows\system32\drivers\aswSP.sys
07:45:47.0099 3276  aswSP - ok
07:45:47.0194 3276  [ 0E422E9CB7CD9C0AA6D4DFEAFA086EAA ] aswTdi          C:\Windows\system32\drivers\aswTdi.sys
07:45:47.0201 3276  aswTdi - ok
07:45:47.0248 3276  [ 9FE455C916C656144B004E3EB48507CE ] aswVmm          C:\Windows\system32\drivers\aswVmm.sys
07:45:47.0251 3276  aswVmm - ok
07:45:47.0262 3276  [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:45:47.0263 3276  AsyncMac - ok
07:45:47.0280 3276  [ A721FF570C2387E383BDDEA9632863C9 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:45:47.0280 3276  atapi - ok
07:45:47.0314 3276  [ 4885C14A6AB6969B5773A42DA0BA3DA4 ] AthBTPort       C:\Windows\system32\DRIVERS\btath_flt.sys
07:45:47.0316 3276  AthBTPort - ok
07:45:47.0374 3276  [ 8F60017273DCD46CDCC9A0AD881F7B32 ] AtherosSvc      C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
07:45:47.0376 3276  AtherosSvc - ok
07:45:47.0439 3276  [ F17ABC4AA1FE4989E812858261414FE5 ] athr            C:\Windows\system32\DRIVERS\athw8x.sys
07:45:47.0479 3276  athr - ok
07:45:47.0515 3276  [ 506907D2E7F3A5B67DBD39C00A788B7C ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW86.sys
07:45:47.0518 3276  AtiHDAudioService - ok
07:45:47.0548 3276  [ BCD7A47EF587DC00DD61D12D9C2D1E44 ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
07:45:47.0551 3276  AudioEndpointBuilder - ok
07:45:47.0600 3276  [ 599B3F685A263A114FFAF3BE29C49C75 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
07:45:47.0614 3276  Audiosrv - ok
07:45:47.0721 3276  [ 9330941C8F6DF417F6DBBE998DB6687E ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
07:45:47.0724 3276  avast! Antivirus - ok
07:45:47.0763 3276  [ 89491EF71D5EA011127832C588002853 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:45:47.0765 3276  AxInstSV - ok
07:45:47.0866 3276  [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:45:47.0873 3276  b06bdrv - ok
07:45:47.0911 3276  [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay    C:\Windows\System32\drivers\BasicDisplay.sys
07:45:47.0912 3276  BasicDisplay - ok
07:45:47.0916 3276  [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender     C:\Windows\System32\drivers\BasicRender.sys
07:45:47.0918 3276  BasicRender - ok
07:45:48.0015 3276  [ AC9585B420C7FF0A25B078EBB7642AE9 ] BBSvc           C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\BBSvc.exe
07:45:48.0018 3276  BBSvc - ok
07:45:48.0032 3276  [ D829E0575EE424F77E78340D362B3664 ] BBUpdate        C:\Program Files (x86)\Microsoft\BingBar\7.3.107.0\SeaPort.exe
07:45:48.0035 3276  BBUpdate - ok
07:45:48.0098 3276  [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:45:48.0103 3276  BDESVC - ok
07:45:48.0122 3276  [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:45:48.0123 3276  Beep - ok
07:45:48.0207 3276  [ 73133A0C0CA63817BFF2CB9DE65B64E7 ] BFE             C:\Windows\System32\bfe.dll
07:45:48.0214 3276  BFE - ok
07:45:48.0266 3276  [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS            C:\Windows\System32\qmgr.dll
07:45:48.0274 3276  BITS - ok
07:45:48.0323 3276  [ B17AC10B47C7FCB44D22A1F06415840E ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:45:48.0325 3276  bowser - ok
07:45:48.0395 3276  [ 038FA1B55531E7020DB705B42FCCE373 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
07:45:48.0398 3276  BrokerInfrastructure - ok
07:45:48.0428 3276  [ 310068BDA80B1D55C36580FD8A873FAF ] Browser         C:\Windows\System32\browser.dll
07:45:48.0430 3276  Browser - ok
07:45:48.0455 3276  [ 942F3F6286056D6BBB5B02ED2B7088BD ] BTATH_A2DP      C:\Windows\system32\drivers\btath_a2dp.sys
07:45:48.0458 3276  BTATH_A2DP - ok
07:45:48.0486 3276  [ 43C965027229D9FF6E52E4C71C03B09E ] btath_avdt      C:\Windows\system32\drivers\btath_avdt.sys
07:45:48.0488 3276  btath_avdt - ok
07:45:48.0500 3276  [ 23CEDCD7527A26B222732A158F76EB24 ] BTATH_BUS       C:\Windows\System32\drivers\btath_bus.sys
07:45:48.0501 3276  BTATH_BUS - ok
07:45:48.0508 3276  [ 3DD64966A764BCAFF07C9DC064BD410E ] BTATH_HCRP      C:\Windows\System32\drivers\btath_hcrp.sys
07:45:48.0510 3276  BTATH_HCRP - ok
07:45:48.0521 3276  [ B68EE0721EAC305AB1C9C989CDF1AEFF ] BTATH_LWFLT     C:\Windows\system32\DRIVERS\btath_lwflt.sys
07:45:48.0522 3276  BTATH_LWFLT - ok
07:45:48.0535 3276  [ EC7BB341229E9E6B04349580F55218B2 ] BTATH_RCP       C:\Windows\System32\drivers\btath_rcp.sys
07:45:48.0540 3276  BTATH_RCP - ok
07:45:48.0561 3276  [ AABB87C9AE0537A6DCDAC8AE11CC1F5A ] BTATH_VDP       C:\Windows\system32\drivers\btath_vdp.sys
07:45:48.0565 3276  BTATH_VDP - ok
07:45:48.0587 3276  [ CBF4EF7E9FE86CE0CAB0A6472DE34A1C ] BtFilter        C:\Windows\system32\DRIVERS\btfilter.sys
07:45:48.0594 3276  BtFilter - ok
07:45:48.0646 3276  [ 6695200F455E251F0BCC9CE4D0978D59 ] BthAvrcpTg      C:\Windows\System32\drivers\BthAvrcpTg.sys
07:45:48.0647 3276  BthAvrcpTg - ok
07:45:48.0705 3276  [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum         C:\Windows\System32\drivers\BthEnum.sys
07:45:48.0707 3276  BthEnum - ok
07:45:48.0736 3276  [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum       C:\Windows\System32\drivers\bthhfenum.sys
07:45:48.0738 3276  BthHFEnum - ok
07:45:48.0789 3276  [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid        C:\Windows\System32\drivers\BthHFHid.sys
07:45:48.0791 3276  bthhfhid - ok
07:45:48.0797 3276  [ 42201C346F0B8C458E1E9CDE04D68A2C ] BthLEEnum       C:\Windows\system32\DRIVERS\BthLEEnum.sys
07:45:48.0800 3276  BthLEEnum - ok
07:45:48.0805 3276  [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM        C:\Windows\System32\drivers\bthmodem.sys
07:45:48.0806 3276  BTHMODEM - ok
07:45:48.0839 3276  [ 091BB978E9504D0AD14586929431A957 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:45:48.0841 3276  BthPan - ok
07:45:48.0869 3276  [ 13795CAA34239D97A7211E7F9D96E012 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
07:45:48.0880 3276  BTHPORT - ok
07:45:48.0905 3276  [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv         C:\Windows\system32\bthserv.dll
07:45:48.0907 3276  bthserv - ok
07:45:48.0921 3276  [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
07:45:48.0923 3276  BTHUSB - ok
07:45:48.0995 3276  [ 1778EBA872274C1226D869CD9486847E ] Capture Device Service C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
07:45:48.0997 3276  Capture Device Service - ok
07:45:49.0017 3276  [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:45:49.0018 3276  cdfs - ok
07:45:49.0035 3276  [ 339BFF85D788268752DA8C9644B188EE ] cdrom           C:\Windows\System32\drivers\cdrom.sys
07:45:49.0036 3276  cdrom - ok
07:45:49.0056 3276  [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:45:49.0058 3276  CertPropSvc - ok
07:45:49.0077 3276  [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass        C:\Windows\System32\drivers\circlass.sys
07:45:49.0078 3276  circlass - ok
07:45:49.0096 3276  [ 9905168708DB68849B879B5548F68AB3 ] CLFS            C:\Windows\system32\drivers\CLFS.sys
07:45:49.0101 3276  CLFS - ok
07:45:49.0172 3276  [ 075CCE75090786F124573A788C8656E6 ] CLVirtualDrive  C:\Windows\system32\DRIVERS\CLVirtualDrive.sys
07:45:49.0176 3276  CLVirtualDrive - ok
07:45:49.0182 3276  [ 2DC8538A2260647484A6C921CA837313 ] CmBatt          C:\Windows\System32\drivers\CmBatt.sys
07:45:49.0183 3276  CmBatt - ok
07:45:49.0250 3276  [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG             C:\Windows\system32\Drivers\cng.sys
07:45:49.0257 3276  CNG - ok
07:45:49.0264 3276  [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus    C:\Windows\System32\drivers\CompositeBus.sys
07:45:49.0265 3276  CompositeBus - ok
07:45:49.0269 3276  COMSysApp - ok
07:45:49.0275 3276  [ D9CB0782AF819548072AA45B70F8B22D ] condrv          C:\Windows\system32\drivers\condrv.sys
07:45:49.0276 3276  condrv - ok
07:45:49.0335 3276  [ 5CE2742F063731EC10C1B2EE386A2C08 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:45:49.0337 3276  CryptSvc - ok
07:45:49.0382 3276  [ FAEF4C245BE832DB41B15DAAC336AFB7 ] dam             C:\Windows\system32\drivers\dam.sys
07:45:49.0383 3276  dam - ok
07:45:49.0417 3276  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:45:49.0424 3276  DcomLaunch - ok
07:45:49.0450 3276  [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:45:49.0454 3276  defragsvc - ok
07:45:49.0485 3276  [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
07:45:49.0490 3276  DeviceAssociationService - ok
07:45:49.0549 3276  [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall   C:\Windows\system32\umpnpmgr.dll
07:45:49.0555 3276  DeviceInstall - ok
07:45:49.0585 3276  [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc            C:\Windows\system32\Drivers\dfsc.sys
07:45:49.0586 3276  Dfsc - ok
07:45:49.0652 3276  [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
07:45:49.0654 3276  dg_ssudbus - ok
07:45:49.0714 3276  [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:45:49.0719 3276  Dhcp - ok
07:45:49.0724 3276  [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache        C:\Windows\system32\drivers\discache.sys
07:45:49.0725 3276  discache - ok
07:45:49.0731 3276  [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk            C:\Windows\system32\drivers\disk.sys
07:45:49.0732 3276  disk - ok
07:45:49.0760 3276  [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc           C:\Windows\System32\drivers\dmvsc.sys
07:45:49.0761 3276  dmvsc - ok
07:45:49.0817 3276  [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:45:49.0821 3276  Dnscache - ok
07:45:49.0879 3276  [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc         C:\Windows\System32\dot3svc.dll
07:45:49.0882 3276  dot3svc - ok
07:45:49.0892 3276  [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS             C:\Windows\system32\dps.dll
07:45:49.0897 3276  DPS - ok
07:45:49.0956 3276  [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:45:49.0958 3276  drmkaud - ok
07:45:50.0012 3276  [ F87F4AAAF6664906248D11D5E579A53B ] DsmSvc          C:\Windows\System32\DeviceSetupManager.dll
07:45:50.0019 3276  DsmSvc - ok
07:45:50.0107 3276  [ 6D1B8A9A2C0BD4851D8AF1AB43E67AD9 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:45:50.0121 3276  DXGKrnl - ok
07:45:50.0148 3276  [ CFE0E3D5EFBF0649E5900CBFCC2B95F7 ] e1yexpress      C:\Windows\system32\DRIVERS\e1y60x64.sys
07:45:50.0152 3276  e1yexpress - ok
07:45:50.0182 3276  [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost         C:\Windows\System32\eapsvc.dll
07:45:50.0185 3276  Eaphost - ok
07:45:50.0275 3276  [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:45:50.0312 3276  ebdrv - ok
07:45:50.0370 3276  [ F702AB6181513303AB0FC8D59E52708B ] EFS             C:\Windows\System32\lsass.exe
07:45:50.0373 3276  EFS - ok
07:45:50.0390 3276  [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass     C:\Windows\system32\drivers\EhStorClass.sys
07:45:50.0391 3276  EhStorClass - ok
07:45:50.0429 3276  [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv    C:\Windows\system32\drivers\EhStorTcgDrv.sys
07:45:50.0431 3276  EhStorTcgDrv - ok
07:45:50.0480 3276  [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO        C:\Windows\system32\Drivers\ElbyCDIO.sys
07:45:50.0480 3276  ElbyCDIO - ok
07:45:50.0491 3276  [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev          C:\Windows\System32\drivers\errdev.sys
07:45:50.0492 3276  ErrDev - ok
07:45:50.0554 3276  [ 3B32CAA07D672F8A2E0DF5CB3A873F45 ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
07:45:50.0555 3276  EsgScanner - ok
07:45:50.0588 3276  [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem     C:\Windows\system32\es.dll
07:45:50.0592 3276  EventSystem - ok
07:45:50.0613 3276  [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:45:50.0617 3276  exfat - ok
07:45:50.0634 3276  [ 60996602A7111FD2D086E803F33E4282 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:45:50.0636 3276  fastfat - ok
07:45:50.0675 3276  [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax             C:\Windows\system32\fxssvc.exe
07:45:50.0683 3276  Fax - ok
07:45:50.0698 3276  [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc             C:\Windows\System32\drivers\fdc.sys
07:45:50.0698 3276  fdc - ok
07:45:50.0724 3276  [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost         C:\Windows\system32\fdPHost.dll
07:45:50.0726 3276  fdPHost - ok
07:45:50.0731 3276  [ 872506AAB591E8908DF4461475AF92DF ] FDResPub        C:\Windows\system32\fdrespub.dll
07:45:50.0734 3276  FDResPub - ok
07:45:50.0787 3276  [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc           C:\Windows\system32\fhsvc.dll
07:45:50.0791 3276  fhsvc - ok
07:45:50.0796 3276  [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:45:50.0798 3276  FileInfo - ok
07:45:50.0805 3276  [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:45:50.0806 3276  Filetrace - ok
07:45:50.0822 3276  [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk        C:\Windows\System32\drivers\flpydisk.sys
07:45:50.0823 3276  flpydisk - ok
07:45:50.0831 3276  [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:45:50.0833 3276  FltMgr - ok
07:45:50.0895 3276  [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache       C:\Windows\system32\FntCache.dll
07:45:50.0911 3276  FontCache - ok
07:45:51.0021 3276  [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:45:51.0022 3276  FontCache3.0.0.0 - ok
07:45:51.0048 3276  [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:45:51.0050 3276  FsDepends - ok
07:45:51.0054 3276  [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:45:51.0055 3276  Fs_Rec - ok
07:45:51.0123 3276  [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:45:51.0128 3276  fvevol - ok
07:45:51.0154 3276  [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM           C:\Windows\System32\drivers\fxppm.sys
07:45:51.0155 3276  FxPPM - ok
07:45:51.0194 3276  [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:45:51.0195 3276  gagp30kx - ok
07:45:51.0219 3276  [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter      C:\Windows\System32\drivers\vmgencounter.sys
07:45:51.0221 3276  gencounter - ok
07:45:51.0280 3276  [ FC2B8B06BDBD3B6457F5A3DA9AD2410E ] GPIOClx0101     C:\Windows\system32\Drivers\msgpioclx.sys
07:45:51.0283 3276  GPIOClx0101 - ok
07:45:51.0337 3276  [ 5358678C6370F2ADC5291849F6503262 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:45:51.0356 3276  gpsvc - ok
07:45:51.0406 3276  [ 630555943E5A3FE21010CE91EC7FC84F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:45:51.0410 3276  HdAudAddService - ok
07:45:51.0462 3276  [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus        C:\Windows\System32\drivers\HDAudBus.sys
07:45:51.0463 3276  HDAudBus - ok
07:45:51.0488 3276  [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt         C:\Windows\System32\drivers\HidBatt.sys
07:45:51.0489 3276  HidBatt - ok
07:45:51.0540 3276  [ 085F150D002B7F0153D3C06DDF33A143 ] HidBth          C:\Windows\System32\drivers\hidbth.sys
07:45:51.0543 3276  HidBth - ok
07:45:51.0558 3276  [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c          C:\Windows\System32\drivers\hidi2c.sys
07:45:51.0560 3276  hidi2c - ok
07:45:51.0584 3276  [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr           C:\Windows\System32\drivers\hidir.sys
07:45:51.0588 3276  HidIr - ok
07:45:51.0614 3276  [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv         C:\Windows\system32\hidserv.dll
07:45:51.0617 3276  hidserv - ok
07:45:51.0669 3276  [ 9E11EE0F2E117B2D5A835B2B91752827 ] HidUsb          C:\Windows\System32\drivers\hidusb.sys
07:45:51.0671 3276  HidUsb - ok
07:45:51.0714 3276  [ FCE2251FE4464DCAA2F4684F19A8EE9B ] hitmanpro37     C:\Windows\system32\drivers\hitmanpro37.sys
07:45:51.0715 3276  hitmanpro37 - ok
07:45:51.0740 3276  [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:45:51.0744 3276  hkmsvc - ok
07:45:51.0802 3276  [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:45:51.0812 3276  HomeGroupListener - ok
07:45:51.0854 3276  [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:45:51.0861 3276  HomeGroupProvider - ok
07:45:51.0886 3276  [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:45:51.0888 3276  HpSAMD - ok
07:45:51.0953 3276  [ F4A91D985EB9D1D2717D538F3424603C ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:45:51.0959 3276  HTTP - ok
07:45:51.0971 3276  [ 2A98301068801700906C06649860FE94 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:45:51.0972 3276  hwpolicy - ok
07:45:52.0003 3276  [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd        C:\Windows\System32\drivers\hyperkbd.sys
07:45:52.0005 3276  hyperkbd - ok
07:45:52.0013 3276  [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo      C:\Windows\system32\DRIVERS\HyperVideo.sys
07:45:52.0014 3276  HyperVideo - ok
07:45:52.0020 3276  [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt        C:\Windows\System32\drivers\i8042prt.sys
07:45:52.0022 3276  i8042prt - ok
07:45:52.0051 3276  [ F5A9FBAE160BD1837C2F1B85324A6762 ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
07:45:52.0054 3276  iaStorA - ok
07:45:52.0071 3276  [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:45:52.0077 3276  iaStorV - ok
07:45:52.0172 3276  [ 15C9BF6968A0990D8F4161A6ABEB7229 ] IconMan_R       C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
07:45:52.0186 3276  IconMan_R - ok
07:45:52.0203 3276  [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:45:52.0204 3276  iirsp - ok
07:45:52.0286 3276  [ 3884117CE4FEC35E4A1A7A62918B1F34 ] IKEEXT          C:\Windows\System32\ikeext.dll
07:45:52.0300 3276  IKEEXT - ok
07:45:52.0416 3276  [ DDC860724AEF8F8E42AC61E6585769C6 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:45:52.0563 3276  IntcAzAudAddService - ok
07:45:52.0622 3276  [ C99F8E90DE4B8F0C7FE15BB1CBCD29DC ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
07:45:52.0631 3276  Intel® Capability Licensing Service Interface - ok
07:45:52.0709 3276  [ 30E9FAC23E2537D82F2836CB81AEE186 ] Intel® ME Service C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
07:45:52.0710 3276  Intel® ME Service - ok
07:45:52.0735 3276  [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:45:52.0736 3276  intelide - ok
07:45:52.0789 3276  [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm        C:\Windows\System32\drivers\intelppm.sys
07:45:52.0790 3276  intelppm - ok
07:45:52.0796 3276  [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:45:52.0797 3276  IpFilterDriver - ok
07:45:52.0882 3276  [ C217B8D2E58C57A319B16125C3D4B69C ] IpHlpSvc        C:\Windows\System32\iphlpsvc.dll
07:45:52.0893 3276  IpHlpSvc - ok
07:45:52.0910 3276  [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV         C:\Windows\System32\drivers\IPMIDrv.sys
07:45:52.0911 3276  IPMIDRV - ok
07:45:52.0930 3276  [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:45:52.0931 3276  IPNAT - ok
07:45:52.0948 3276  [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:45:52.0949 3276  IRENUM - ok
07:45:52.0959 3276  [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:45:52.0960 3276  isapnp - ok
07:45:53.0013 3276  [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt        C:\Windows\System32\drivers\msiscsi.sys
07:45:53.0017 3276  iScsiPrt - ok
07:45:53.0059 3276  [ 3C4002D339491AF73D663FFC7F6E5ECB ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
07:45:53.0061 3276  jhi_service - ok
07:45:53.0071 3276  [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass        C:\Windows\System32\drivers\kbdclass.sys
07:45:53.0072 3276  kbdclass - ok
07:45:53.0079 3276  [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid          C:\Windows\System32\drivers\kbdhid.sys
07:45:53.0081 3276  kbdhid - ok
07:45:53.0085 3276  [ FB6C185092E18011EF49989425C2AA87 ] kdnic           C:\Windows\system32\DRIVERS\kdnic.sys
07:45:53.0086 3276  kdnic - ok
07:45:53.0100 3276  [ F702AB6181513303AB0FC8D59E52708B ] KeyIso          C:\Windows\system32\lsass.exe
07:45:53.0103 3276  KeyIso - ok
07:45:53.0167 3276  [ DFA480F6DED551464F3A5B959F437800 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:45:53.0168 3276  KSecDD - ok
07:45:53.0222 3276  [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:45:53.0225 3276  KSecPkg - ok
07:45:53.0230 3276  [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:45:53.0231 3276  ksthunk - ok
07:45:53.0264 3276  [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:45:53.0271 3276  KtmRm - ok
07:45:53.0280 3276  kzwjwpmf - ok
07:45:53.0325 3276  [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:45:53.0331 3276  LanmanServer - ok
07:45:53.0364 3276  [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:45:53.0370 3276  LanmanWorkstation - ok
07:45:53.0383 3276  [ CEEFD29FC551F289810B0B9381B321DC ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:45:53.0384 3276  lltdio - ok
07:45:53.0422 3276  [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:45:53.0427 3276  lltdsvc - ok
07:45:53.0443 3276  [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:45:53.0446 3276  lmhosts - ok
07:45:53.0479 3276  [ 4269D44BB47A6DA5D80B11F4C8536458 ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:45:53.0481 3276  LMS - ok
07:45:53.0523 3276  [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:45:53.0524 3276  LSI_SAS - ok
07:45:53.0529 3276  [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:45:53.0530 3276  LSI_SAS2 - ok
07:45:53.0538 3276  [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:45:53.0540 3276  LSI_SCSI - ok
07:45:53.0552 3276  [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS         C:\Windows\system32\drivers\lsi_sss.sys
07:45:53.0554 3276  LSI_SSS - ok
07:45:53.0614 3276  [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM             C:\Windows\System32\lsm.dll
07:45:53.0620 3276  LSM - ok
07:45:53.0633 3276  [ 2BDC5D711FA61307CE6190D47C956368 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:45:53.0635 3276  luafv - ok
07:45:53.0653 3276  McOobeSv2 - ok
07:45:53.0673 3276  [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas         C:\Windows\system32\drivers\megasas.sys
07:45:53.0674 3276  megasas - ok
07:45:53.0695 3276  [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:45:53.0724 3276  MegaSR - ok
07:45:53.0744 3276  [ 772A1DEEDFDBC244183B5C805D1B7D85 ] MEIx64          C:\Windows\System32\drivers\HECIx64.sys
07:45:53.0745 3276  MEIx64 - ok
07:45:53.0896 3276  [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
07:45:53.0897 3276  Microsoft Office Groove Audit Service - ok
07:45:53.0951 3276  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS           C:\Windows\system32\mmcss.dll
07:45:53.0954 3276  MMCSS - ok
07:45:53.0974 3276  [ 780098AD5DA8A4822E2563984C85EF7B ] Modem           C:\Windows\system32\drivers\modem.sys
07:45:53.0976 3276  Modem - ok
07:45:54.0033 3276  [ EA8EAD3F5B762F889CC7F3966625B48B ] monitor         C:\Windows\System32\drivers\monitor.sys
07:45:54.0034 3276  monitor - ok
07:45:54.0052 3276  [ 618446B98C79776654340CE27C73485E ] mouclass        C:\Windows\System32\drivers\mouclass.sys
07:45:54.0053 3276  mouclass - ok
07:45:54.0122 3276  [ C0ADEBED913295803B579ED288936CBB ] mouhid          C:\Windows\System32\drivers\mouhid.sys
07:45:54.0123 3276  mouhid - ok
07:45:54.0172 3276  [ 89D263DBF08119CE16273991C120D6DD ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:45:54.0174 3276  mountmgr - ok
07:45:54.0251 3276  [ A35576A433F4AEB0D48976A004657CB6 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:45:54.0253 3276  MozillaMaintenance - ok
07:45:54.0305 3276  [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:45:54.0307 3276  mpsdrv - ok
07:45:54.0335 3276  [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:45:54.0346 3276  MpsSvc - ok
07:45:54.0364 3276  [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:45:54.0365 3276  MRxDAV - ok
07:45:54.0399 3276  [ 93179D48066918323628CB016D8C94DC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:45:54.0402 3276  mrxsmb - ok
07:45:54.0411 3276  [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:45:54.0414 3276  mrxsmb10 - ok
07:45:54.0420 3276  [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:45:54.0423 3276  mrxsmb20 - ok
07:45:54.0437 3276  [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge        C:\Windows\system32\DRIVERS\bridge.sys
07:45:54.0438 3276  MsBridge - ok
07:45:54.0470 3276  [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC           C:\Windows\System32\msdtc.exe
07:45:54.0474 3276  MSDTC - ok
07:45:54.0482 3276  [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:45:54.0482 3276  Msfs - ok
07:45:54.0537 3276  [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32     C:\Windows\System32\drivers\msgpiowin32.sys
07:45:54.0539 3276  msgpiowin32 - ok
07:45:54.0568 3276  [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:45:54.0569 3276  mshidkmdf - ok
07:45:54.0586 3276  [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf       C:\Windows\System32\drivers\mshidumdf.sys
07:45:54.0588 3276  mshidumdf - ok
07:45:54.0592 3276  [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:45:54.0593 3276  msisadrv - ok
07:45:54.0624 3276  [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:45:54.0628 3276  MSiSCSI - ok
07:45:54.0645 3276  msiserver - ok
07:45:54.0658 3276  [ 509809566E49F4411055864EA8D437CD ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:45:54.0659 3276  MSKSSRV - ok
07:45:54.0663 3276  [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp          C:\Windows\system32\DRIVERS\mslldp.sys
07:45:54.0665 3276  MsLldp - ok
07:45:54.0681 3276  [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:45:54.0681 3276  MSPCLOCK - ok
07:45:54.0685 3276  [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:45:54.0685 3276  MSPQM - ok
07:45:54.0706 3276  [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:45:54.0710 3276  MsRPC - ok
07:45:54.0722 3276  [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios        C:\Windows\System32\drivers\mssmbios.sys
07:45:54.0723 3276  mssmbios - ok
07:45:54.0741 3276  [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:45:54.0742 3276  MSTEE - ok
07:45:54.0748 3276  [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig        C:\Windows\System32\drivers\MTConfig.sys
07:45:54.0749 3276  MTConfig - ok
07:45:54.0771 3276  [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:45:54.0772 3276  Mup - ok
07:45:54.0797 3276  [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis          C:\Windows\system32\drivers\mvumis.sys
07:45:54.0798 3276  mvumis - ok
07:45:54.0823 3276  [ 4B18840511D720BA118D3017E8165875 ] napagent        C:\Windows\system32\qagentRT.dll
07:45:54.0833 3276  napagent - ok
07:45:54.0852 3276  [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:45:54.0858 3276  NativeWifiP - ok
07:45:54.0886 3276  [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc          C:\Windows\System32\ncasvc.dll
07:45:54.0891 3276  NcaSvc - ok
07:45:54.0899 3276  [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup    C:\Windows\System32\NcdAutoSetup.dll
07:45:54.0905 3276  NcdAutoSetup - ok
07:45:54.0945 3276  [ A10E176F3B2BF83EDE7B5C4658C93B66 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:45:54.0951 3276  NDIS - ok
07:45:54.0959 3276  [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:45:54.0961 3276  NdisCap - ok
07:45:54.0981 3276  [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform  C:\Windows\system32\DRIVERS\NdisImPlatform.sys
07:45:54.0984 3276  NdisImPlatform - ok
07:45:55.0025 3276  [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:45:55.0026 3276  NdisTapi - ok
07:45:55.0031 3276  [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:45:55.0032 3276  Ndisuio - ok
07:45:55.0038 3276  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:45:55.0045 3276  NdisWan - ok
07:45:55.0064 3276  [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY   C:\Windows\system32\DRIVERS\ndiswan.sys
07:45:55.0066 3276  NDISWANLEGACY - ok
07:45:55.0129 3276  [ 3730942D7DB2F8BB5F84542B7FF6F650 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:45:55.0130 3276  NDProxy - ok
07:45:55.0143 3276  [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu             C:\Windows\system32\drivers\Ndu.sys
07:45:55.0145 3276  Ndu - ok
07:45:55.0153 3276  [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:45:55.0154 3276  NetBIOS - ok
07:45:55.0163 3276  [ 7CEC25C682D319D484630B3952C31A11 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:45:55.0166 3276  NetBT - ok
07:45:55.0186 3276  [ F702AB6181513303AB0FC8D59E52708B ] Netlogon        C:\Windows\system32\lsass.exe
07:45:55.0189 3276  Netlogon - ok
07:45:55.0233 3276  [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman          C:\Windows\System32\netman.dll
07:45:55.0238 3276  Netman - ok
07:45:55.0315 3276  [ 79FA9393C67EBBF92A56923592CF7A7C ] netprofm        C:\Windows\System32\netprofmsvc.dll
07:45:55.0323 3276  netprofm - ok
07:45:55.0369 3276  [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:45:55.0372 3276  NetTcpPortSharing - ok
07:45:55.0491 3276  [ 3E867077C0CF367FF8FCAEC64947393E ] NetworkSupport  C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe
07:45:55.0499 3276  NetworkSupport - ok
07:45:55.0526 3276  [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:45:55.0527 3276  nfrd960 - ok
07:45:55.0586 3276  [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:45:55.0593 3276  NlaSvc - ok
07:45:55.0601 3276  [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:45:55.0602 3276  Npfs - ok
07:45:55.0610 3276  [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig       C:\Windows\System32\drivers\npsvctrig.sys
07:45:55.0612 3276  npsvctrig - ok
07:45:55.0644 3276  [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi             C:\Windows\system32\nsisvc.dll
07:45:55.0647 3276  nsi - ok
07:45:55.0658 3276  [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:45:55.0659 3276  nsiproxy - ok
07:45:55.0739 3276  [ 76929F4A69E425911A63B407E26C2589 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:45:55.0753 3276  Ntfs - ok
07:45:55.0767 3276  [ 4163ADE07DB51843AE31F65B94F5398D ] Null            C:\Windows\system32\drivers\Null.sys
07:45:55.0768 3276  Null - ok
07:45:56.0008 3276  [ F648FE6BCE0AAD9E5EA63C8BE9AD90E3 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
07:45:56.0247 3276  nvlddmkm - ok
07:45:56.0278 3276  [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:45:56.0282 3276  nvraid - ok
07:45:56.0315 3276  [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:45:56.0317 3276  nvstor - ok
07:45:56.0322 3276  [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:45:56.0324 3276  nv_agp - ok
07:45:56.0454 3276  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
07:45:56.0460 3276  odserv - ok
07:45:56.0508 3276  [ 5A432A042DAE460ABE7199B758E8606C ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:45:56.0510 3276  ose - ok
07:45:56.0547 3276  [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:45:56.0553 3276  p2pimsvc - ok
07:45:56.0593 3276  [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:45:56.0601 3276  p2psvc - ok
07:45:56.0624 3276  [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport         C:\Windows\System32\drivers\parport.sys
07:45:56.0625 3276  Parport - ok
07:45:56.0678 3276  [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:45:56.0679 3276  partmgr - ok
07:45:56.0697 3276  [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci             C:\Windows\system32\drivers\pci.sys
07:45:56.0699 3276  pci - ok
07:45:56.0730 3276  [ F9908D274D458220F91E89B54D78D837 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:45:56.0731 3276  pciide - ok
07:45:56.0770 3276  [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:45:56.0773 3276  pcmcia - ok
07:45:56.0779 3276  [ CEBBAD5391C2644560C55628A40BFD27 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:45:56.0781 3276  pcw - ok
07:45:56.0839 3276  [ 0698DEDEAD6A00AD0D468C687D830FBF ] pdc             C:\Windows\system32\drivers\pdc.sys
07:45:56.0844 3276  pdc - ok
07:45:56.0934 3276  [ 61FE70659CD43E07F94DA4DC31DEC493 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:45:56.0943 3276  PEAUTH - ok
07:45:57.0022 3276  [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:45:57.0025 3276  PerfHost - ok
07:45:57.0086 3276  [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla             C:\Windows\system32\pla.dll
07:45:57.0107 3276  pla - ok
07:45:57.0158 3276  [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:45:57.0163 3276  PlugPlay - ok
07:45:57.0168 3276  [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:45:57.0173 3276  PNRPAutoReg - ok
07:45:57.0180 3276  [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:45:57.0188 3276  PNRPsvc - ok
07:45:57.0226 3276  [ F1E067F56373F11EA4B785CAE823740A ] Power           C:\Windows\system32\umpo.dll
07:45:57.0231 3276  Power - ok
07:45:57.0286 3276  [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:45:57.0288 3276  PptpMiniport - ok
07:45:57.0394 3276  [ 9D59831262CAD44E709D695FC9D5E7AB ] PrintNotify     C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
07:45:57.0425 3276  PrintNotify - ok
07:45:57.0474 3276  [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor       C:\Windows\System32\drivers\processr.sys
07:45:57.0475 3276  Processor - ok
07:45:57.0506 3276  [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc         C:\Windows\system32\profsvc.dll
07:45:57.0516 3276  ProfSvc - ok
07:45:57.0528 3276  [ EB8034147D4820CD31BFCB11A2A652DF ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:45:57.0530 3276  Psched - ok
07:45:57.0551 3276  [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE           C:\Windows\system32\qwave.dll
07:45:57.0556 3276  QWAVE - ok
07:45:57.0576 3276  [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:45:57.0578 3276  QWAVEdrv - ok
07:45:57.0597 3276  [ 873C60F8178100557740A832FCE10B5F ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:45:57.0597 3276  RasAcd - ok
07:45:57.0617 3276  [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:45:57.0618 3276  RasAgileVpn - ok
07:45:57.0629 3276  [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto         C:\Windows\System32\rasauto.dll
07:45:57.0636 3276  RasAuto - ok
07:45:57.0642 3276  [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:45:57.0643 3276  Rasl2tp - ok
07:45:57.0661 3276  [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan          C:\Windows\System32\rasmans.dll
07:45:57.0667 3276  RasMan - ok
07:45:57.0682 3276  [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:45:57.0684 3276  RasPppoe - ok
07:45:57.0695 3276  [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:45:57.0697 3276  RasSstp - ok
07:45:57.0761 3276  [ CA03D642ACE58E1BA54E4B383F91CD69 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:45:57.0765 3276  rdbss - ok
07:45:57.0788 3276  [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus          C:\Windows\System32\drivers\rdpbus.sys
07:45:57.0789 3276  rdpbus - ok
07:45:57.0795 3276  [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:45:57.0797 3276  RDPDR - ok
07:45:57.0848 3276  [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:45:57.0851 3276  RdpVideoMiniport - ok
07:45:57.0871 3276  [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:45:57.0873 3276  RDPWD - ok
07:45:57.0885 3276  [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:45:57.0888 3276  rdyboost - ok
07:45:58.0017 3276  [ 96EFEC24346A8EB1157E80523079ADDC ] RealNetworks Downloader Resolver Service C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
07:45:58.0019 3276  RealNetworks Downloader Resolver Service - ok
07:45:58.0053 3276  [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:45:58.0060 3276  RemoteRegistry - ok
07:45:58.0137 3276  [ CCBFCABDFE2BC22F0645CEAADDB36004 ] RFCOMM          C:\Windows\System32\drivers\rfcomm.sys
07:45:58.0140 3276  RFCOMM - ok
07:45:58.0195 3276  [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:45:58.0199 3276  RpcEptMapper - ok
07:45:58.0235 3276  [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator      C:\Windows\system32\locator.exe
07:45:58.0237 3276  RpcLocator - ok
07:45:58.0294 3276  [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs           C:\Windows\system32\rpcss.dll
07:45:58.0309 3276  RpcSs - ok
07:45:58.0344 3276  [ FD2F7ABB0B3C777CDC9D342CADBF0131 ] RSPCIESTOR      C:\Windows\system32\DRIVERS\RtsPStor.sys
07:45:58.0347 3276  RSPCIESTOR - ok
07:45:58.0384 3276  [ E04E770DD198B9399640717145E79EBF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:45:58.0386 3276  rspndr - ok
07:45:58.0434 3276  [ 7D9DA8EC6784A9EE213C676709D46BE6 ] RTL8168         C:\Windows\system32\DRIVERS\Rt630x64.sys
07:45:58.0443 3276  RTL8168 - ok
07:45:58.0475 3276  [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap           C:\Windows\System32\drivers\vms3cap.sys
07:45:58.0476 3276  s3cap - ok
07:45:58.0536 3276  [ F702AB6181513303AB0FC8D59E52708B ] SamSs           C:\Windows\system32\lsass.exe
07:45:58.0538 3276  SamSs - ok
07:45:58.0555 3276  [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:45:58.0557 3276  sbp2port - ok
07:45:58.0582 3276  [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:45:58.0588 3276  SCardSvr - ok
07:45:58.0600 3276  [ 5D7733A12756B267FCA021672B26BC9E ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:45:58.0602 3276  scfilter - ok
07:45:58.0690 3276  [ ED40ED9A65F3E79A8C43DD50C5FDADBF ] Schedule        C:\Windows\system32\schedsvc.dll
07:45:58.0702 3276  Schedule - ok
07:45:58.0729 3276  [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:45:58.0731 3276  SCPolicySvc - ok
07:45:58.0784 3276  [ F58B030A0664385C707B8C1C63682041 ] sdbus           C:\Windows\System32\drivers\sdbus.sys
07:45:58.0786 3276  sdbus - ok
07:45:58.0821 3276  [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:45:58.0826 3276  SDRSVC - ok
07:45:58.0884 3276  [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor          C:\Windows\System32\drivers\sdstor.sys
07:45:58.0886 3276  sdstor - ok
07:45:58.0906 3276  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:45:58.0907 3276  secdrv - ok
07:45:58.0918 3276  [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon        C:\Windows\system32\seclogon.dll
07:45:58.0922 3276  seclogon - ok
07:45:58.0926 3276  [ 9C51620998F0763039DFA6BF68E475ED ] SENS            C:\Windows\System32\sens.dll
07:45:58.0930 3276  SENS - ok
07:45:58.0945 3276  [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:45:58.0950 3276  SensrSvc - ok
07:45:58.0976 3276  [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx           C:\Windows\system32\drivers\SerCx.sys
07:45:58.0978 3276  SerCx - ok
07:45:58.0982 3276  [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum         C:\Windows\System32\drivers\serenum.sys
07:45:58.0983 3276  Serenum - ok
07:45:58.0987 3276  [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial          C:\Windows\System32\drivers\serial.sys
07:45:58.0989 3276  Serial - ok
07:45:58.0993 3276  [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse        C:\Windows\System32\drivers\sermouse.sys
07:45:58.0995 3276  sermouse - ok
07:45:59.0014 3276  [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv      C:\Windows\system32\sessenv.dll
07:45:59.0021 3276  SessionEnv - ok
07:45:59.0045 3276  [ 415B1326C40A2E1F251A3845B9C7DF31 ] SFEP            C:\Windows\System32\drivers\SFEP.sys
07:45:59.0046 3276  SFEP - ok
07:45:59.0050 3276  [ 7EE65419B29302C795714FF8073969A1 ] sfloppy         C:\Windows\System32\drivers\sfloppy.sys
07:45:59.0053 3276  sfloppy - ok
07:45:59.0084 3276  [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:45:59.0091 3276  SharedAccess - ok
07:45:59.0121 3276  [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:45:59.0128 3276  ShellHWDetection - ok
07:45:59.0132 3276  [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:45:59.0146 3276  SiSRaid2 - ok
07:45:59.0167 3276  [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:45:59.0169 3276  SiSRaid4 - ok
07:45:59.0247 3276  [ 3E587DBBDFF938DDE5D4CE4047BE9041 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
07:45:59.0249 3276  SkypeUpdate - ok
07:45:59.0277 3276  [ 4A2972573225A2DE4DEC0AD68529DF0F ] SmbDrvI         C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys
07:45:59.0279 3276  SmbDrvI - ok
07:45:59.0301 3276  [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:45:59.0308 3276  SNMPTRAP - ok
07:45:59.0451 3276  [ CC7041283CE3AEC7912636F0918B5A37 ] SOHCImp         C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
07:45:59.0454 3276  SOHCImp - ok
07:45:59.0507 3276  [ F318A96C1B42215F8A03D4325AB977AD ] SOHDms          C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
07:45:59.0515 3276  SOHDms - ok
07:45:59.0519 3276  [ 91B5B1FEC3F396A99C2AC3C37ACF84D0 ] SOHDs           C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
07:45:59.0521 3276  SOHDs - ok
07:45:59.0544 3276  [ AA0F913B69BCEC9655ECAAA2312B29D9 ] SOWS            C:\Windows\System32\drivers\sows.sys
07:45:59.0548 3276  SOWS - ok
07:45:59.0630 3276  [ FD3AF5575B99871BADB94E7699DBCE08 ] spaceport       C:\Windows\system32\drivers\spaceport.sys
07:45:59.0634 3276  spaceport - ok
07:45:59.0660 3276  [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx           C:\Windows\system32\drivers\SpbCx.sys
07:45:59.0662 3276  SpbCx - ok
07:45:59.0843 3276  [ C03E480E63A80D73FABE28D24D3B6B47 ] SpfService      C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
07:45:59.0855 3276  SpfService - ok
07:45:59.0960 3276  [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler         C:\Windows\System32\spoolsv.exe
07:45:59.0970 3276  Spooler - ok
07:46:00.0116 3276  [ 061A977C920FBE4BF71FF47C966DDDCA ] sppsvc          C:\Windows\system32\sppsvc.exe
07:46:00.0226 3276  sppsvc - ok
07:46:00.0326 3276  [ FE1F53FD3A8FCE4D26B74EDC5B6E2885 ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
07:46:00.0334 3276  SpyHunter 4 Service - ok
07:46:00.0364 3276  [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:46:00.0367 3276  srv - ok
07:46:00.0432 3276  [ 56218A571ECF8D55E0CDFF8DF2546CF1 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:46:00.0445 3276  srv2 - ok
07:46:00.0472 3276  [ 14FC338B80CFF7E04215133B568D15C4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:46:00.0486 3276  srvnet - ok
07:46:00.0529 3276  [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:46:00.0535 3276  SSDPSRV - ok
07:46:00.0543 3276  [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:46:00.0549 3276  SstpSvc - ok
07:46:00.0634 3276  [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
07:46:00.0652 3276  ssudmdm - ok
07:46:00.0737 3276  [ E82C5FB273972FC9D4F57D65746FCFA3 ] Start8          C:\Program Files (x86)\Stardock\Start8\Start8Srv.exe
07:46:00.0742 3276  Start8 - ok
07:46:00.0804 3276  [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:46:00.0805 3276  stexstor - ok
07:46:00.0877 3276  [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc          C:\Windows\System32\wiaservc.dll
07:46:00.0884 3276  stisvc - ok
07:46:00.0934 3276  [ B240874B2CA0CD02E8CD11E140B14C57 ] storahci        C:\Windows\system32\drivers\storahci.sys
07:46:00.0936 3276  storahci - ok
07:46:00.0960 3276  [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
07:46:00.0962 3276  storflt - ok
07:46:01.0029 3276  [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc         C:\Windows\system32\storsvc.dll
07:46:01.0042 3276  StorSvc - ok
07:46:01.0087 3276  [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:46:01.0088 3276  storvsc - ok
07:46:01.0141 3276  [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc           C:\Windows\system32\svsvc.dll
07:46:01.0145 3276  svsvc - ok
07:46:01.0197 3276  [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum          C:\Windows\System32\drivers\swenum.sys
07:46:01.0198 3276  swenum - ok
07:46:01.0324 3276  [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard     C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
07:46:01.0328 3276  SwitchBoard - ok
07:46:01.0357 3276  [ 502F9488540051F3E6C39889ECFA76BB ] swprv           C:\Windows\System32\swprv.dll
07:46:01.0366 3276  swprv - ok
07:46:01.0407 3276  [ 157DFCD1E83E964A5074742AE2DFA0C1 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
07:46:01.0415 3276  SynTP - ok
07:46:01.0497 3276  [ A06CB9269D29EE3D0F3F5630ABB660B8 ] SysMain         C:\Windows\system32\sysmain.dll
07:46:01.0512 3276  SysMain - ok
07:46:01.0564 3276  [ 6FB88606C4A71E1BFAF97D63A676C673 ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
07:46:01.0569 3276  SystemEventsBroker - ok
07:46:01.0587 3276  [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
07:46:01.0593 3276  TabletInputService - ok
07:46:01.0615 3276  [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:46:01.0620 3276  TapiSrv - ok
07:46:01.0710 3276  [ 1794C43A000A47D92B3304FC1E3E512A ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:46:01.0729 3276  Tcpip - ok
07:46:01.0764 3276  [ 1794C43A000A47D92B3304FC1E3E512A ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:46:01.0778 3276  TCPIP6 - ok
07:46:01.0805 3276  [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:46:01.0807 3276  tcpipreg - ok
07:46:01.0828 3276  [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:46:01.0829 3276  tdx - ok
07:46:01.0842 3276  [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt        C:\Windows\System32\drivers\terminpt.sys
07:46:01.0843 3276  terminpt - ok
07:46:01.0887 3276  [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService     C:\Windows\System32\termsrv.dll
07:46:01.0894 3276  TermService - ok
07:46:01.0919 3276  [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes          C:\Windows\system32\themeservice.dll
07:46:01.0924 3276  Themes - ok
07:46:01.0971 3276  [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER     C:\Windows\system32\mmcss.dll
07:46:01.0974 3276  THREADORDER - ok
07:46:02.0035 3276  [ 4515B9E4140F04FB3907692DF89FCA87 ] TimeBroker      C:\Windows\System32\TimeBrokerServer.dll
07:46:02.0042 3276  TimeBroker - ok
07:46:02.0108 3276  [ 6F0BFF80EE2A5BC841286A51F893CBAD ] TPM             C:\Windows\system32\drivers\tpm.sys
07:46:02.0111 3276  TPM - ok
07:46:02.0116 3276  [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks          C:\Windows\System32\trkwks.dll
07:46:02.0122 3276  TrkWks - ok
07:46:02.0229 3276  [ 8ABBB5CE0C62E0A6D28F32F44B7F865C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:46:02.0230 3276  TrustedInstaller - ok
07:46:02.0292 3276  [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:46:02.0294 3276  TsUsbFlt - ok
07:46:02.0299 3276  [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD         C:\Windows\System32\drivers\TsUsbGD.sys
07:46:02.0301 3276  TsUsbGD - ok
07:46:02.0363 3276  [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:46:02.0366 3276  tunnel - ok
07:46:02.0426 3276  [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:46:02.0430 3276  uagp35 - ok
07:46:02.0441 3276  [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor        C:\Windows\System32\drivers\uaspstor.sys
07:46:02.0445 3276  UASPStor - ok
07:46:02.0495 3276  [ 4834158B8D06A153FADAB6B85320FBBE ] UCX01000        C:\Windows\System32\drivers\ucx01000.sys
07:46:02.0498 3276  UCX01000 - ok
07:46:02.0550 3276  [ 25C50F4EDF70D0A831E0566BD181CCF2 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:46:02.0552 3276  udfs - ok
07:46:02.0610 3276  [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:46:02.0614 3276  UI0Detect - ok
07:46:02.0666 3276  [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:46:02.0668 3276  uliagpkx - ok
07:46:02.0717 3276  [ 02CEB3FE6152668A7BA420B93B664860 ] umbus           C:\Windows\System32\drivers\umbus.sys
07:46:02.0718 3276  umbus - ok
07:46:02.0724 3276  [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass          C:\Windows\System32\drivers\umpass.sys
07:46:02.0725 3276  UmPass - ok
07:46:02.0773 3276  [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService    C:\Windows\System32\umrdp.dll
07:46:02.0779 3276  UmRdpService - ok
07:46:02.0862 3276  [ DBE2E6388379D5CC78099650541E9566 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
07:46:02.0866 3276  UNS - ok
07:46:02.0882 3276  [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost        C:\Windows\System32\upnphost.dll
07:46:02.0888 3276  upnphost - ok
07:46:02.0904 3276  [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp         C:\Windows\System32\drivers\usbccgp.sys
07:46:02.0906 3276  usbccgp - ok
07:46:02.0927 3276  [ B395B62B62F28106218FA6FB17F4C797 ] usbcir          C:\Windows\System32\drivers\usbcir.sys
07:46:02.0929 3276  usbcir - ok
07:46:02.0978 3276  [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci         C:\Windows\System32\drivers\usbehci.sys
07:46:02.0980 3276  usbehci - ok
07:46:03.0028 3276  [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub          C:\Windows\System32\drivers\usbhub.sys
07:46:03.0031 3276  usbhub - ok
07:46:03.0102 3276  [ EA040D4C6C94F315A85F3D0EAA884B37 ] USBHUB3         C:\Windows\System32\drivers\UsbHub3.sys
07:46:03.0108 3276  USBHUB3 - ok
07:46:03.0127 3276  [ 325F6179009B5A7F6118951A5BA422AB ] usbohci         C:\Windows\System32\drivers\usbohci.sys
07:46:03.0128 3276  usbohci - ok
07:46:03.0150 3276  [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint        C:\Windows\System32\drivers\usbprint.sys
07:46:03.0152 3276  usbprint - ok
07:46:03.0197 3276  [ A9858597B6DB695F78A37F6755A6FF98 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:46:03.0199 3276  usbscan - ok
07:46:03.0226 3276  [ BFC7FE4AAEB61317A921871B4085EF4B ] USBSTOR         C:\Windows\System32\drivers\USBSTOR.SYS
07:46:03.0227 3276  USBSTOR - ok
07:46:03.0267 3276  [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci         C:\Windows\System32\drivers\usbuhci.sys
07:46:03.0268 3276  usbuhci - ok
07:46:03.0321 3276  [ 09799E701B4327097E9F63D3FE221083 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:46:03.0324 3276  usbvideo - ok
07:46:03.0378 3276  [ 1ADCF0A490C2845637B334626669CD6F ] USBXHCI         C:\Windows\System32\drivers\USBXHCI.SYS
07:46:03.0382 3276  USBXHCI - ok
07:46:03.0433 3276  [ 9AD9560606A3049CE492E3A06FB12716 ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
07:46:03.0434 3276  usb_rndisx - ok
07:46:03.0521 3276  [ A3C75F5220CAB16A29784433DC241A5B ] VAIO Event Service C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
07:46:03.0522 3276  VAIO Event Service - ok
07:46:03.0684 3276  [ 8EF62038EBD54C240486A36F9259C64A ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
07:46:03.0689 3276  VAIO Power Management - ok
07:46:03.0739 3276  [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc        C:\Windows\system32\lsass.exe
07:46:03.0741 3276  VaultSvc - ok
07:46:03.0854 3276  [ 5B9E9B509770422967D2126E7D4F01EA ] VCFw            C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
07:46:03.0865 3276  VCFw - ok
07:46:03.0919 3276  [ FD911873C0BB6945FA38C16E9A2B58F9 ] VClone          C:\Windows\system32\DRIVERS\VClone.sys
07:46:03.0920 3276  VClone - ok
07:46:04.0037 3276  [ 3FD6585C0C2B3730DF30CFB8F41E1335 ] VCService       C:\Program Files\Sony\VAIO Care\VCService.exe
07:46:04.0037 3276  VCService - ok
07:46:04.0111 3276  [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:46:04.0113 3276  vdrvroot - ok
07:46:04.0162 3276  [ 1B4488988E5E7512E6C5CD1255E9E973 ] vds             C:\Windows\System32\vds.exe
07:46:04.0181 3276  vds - ok
07:46:04.0212 3276  [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt     C:\Windows\system32\drivers\VerifierExt.sys
07:46:04.0216 3276  VerifierExt - ok
07:46:04.0280 3276  [ 500BE6B2E49883720D0AE8BB859ED7A3 ] vhdmp           C:\Windows\System32\drivers\vhdmp.sys
07:46:04.0287 3276  vhdmp - ok
07:46:04.0329 3276  [ F5B4A14B00E89250C50982AC762DDD1D ] viaide          C:\Windows\system32\drivers\viaide.sys
07:46:04.0330 3276  viaide - ok
07:46:04.0344 3276  [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus           C:\Windows\system32\drivers\vmbus.sys
07:46:04.0346 3276  vmbus - ok
07:46:04.0354 3276  [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID        C:\Windows\System32\drivers\VMBusHID.sys
07:46:04.0355 3276  VMBusHID - ok
07:46:04.0407 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat   C:\Windows\System32\ICSvc.dll
07:46:04.0525 3276  vmicheartbeat - ok
07:46:04.0536 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
07:46:04.0541 3276  vmickvpexchange - ok
07:46:04.0549 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv         C:\Windows\System32\ICSvc.dll
07:46:04.0553 3276  vmicrdv - ok
07:46:04.0559 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown    C:\Windows\System32\ICSvc.dll
07:46:04.0563 3276  vmicshutdown - ok
07:46:04.0572 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync    C:\Windows\System32\ICSvc.dll
07:46:04.0575 3276  vmictimesync - ok
07:46:04.0582 3276  [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss         C:\Windows\System32\ICSvc.dll
07:46:04.0585 3276  vmicvss - ok
07:46:04.0614 3276  [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:46:04.0616 3276  volmgr - ok
07:46:04.0702 3276  [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:46:04.0709 3276  volmgrx - ok
07:46:04.0769 3276  [ 78A5BBA3819FFFC62FFEC3E2220D102D ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:46:04.0771 3276  volsnap - ok
07:46:04.0803 3276  [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci            C:\Windows\System32\drivers\vpci.sys
07:46:04.0805 3276  vpci - ok
07:46:04.0819 3276  [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:46:04.0822 3276  vsmraid - ok
07:46:04.0899 3276  [ D0C69E44BC1E1D4AD290FD84104623D8 ] VSS             C:\Windows\system32\vssvc.exe
07:46:04.0919 3276  VSS - ok
07:46:04.0948 3276  [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID        C:\Windows\system32\drivers\vstxraid.sys
07:46:04.0953 3276  VSTXRAID - ok
07:46:05.0134 3276  [ 8B54E63C1496FE7D92135DAECEC384D1 ] VUAgent         C:\Program Files\Sony\VAIO Update\VUAgent.exe
07:46:05.0149 3276  VUAgent - ok
07:46:05.0201 3276  [ 62460A45435A26A334907E3F2EA45611 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
07:46:05.0207 3276  vwifibus - ok
07:46:05.0256 3276  [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:46:05.0258 3276  vwififlt - ok
07:46:05.0263 3276  [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:46:05.0264 3276  vwifimp - ok
07:46:05.0365 3276  [ F690B6EEAA94576727B24376D7ED3601 ] W32Time         C:\Windows\system32\w32time.dll
07:46:05.0378 3276  W32Time - ok
07:46:05.0425 3276  [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen        C:\Windows\System32\drivers\wacompen.sys
07:46:05.0427 3276  WacomPen - ok
07:46:05.0496 3276  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
07:46:05.0498 3276  Wanarp - ok
07:46:05.0503 3276  [ 61F6972FF9AC9A8D0B4D62076DC30051 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:46:05.0504 3276  Wanarpv6 - ok
07:46:05.0644 3276  [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine        C:\Windows\system32\wbengine.exe
07:46:05.0665 3276  wbengine - ok
07:46:05.0730 3276  [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:46:05.0736 3276  WbioSrvc - ok
07:46:05.0790 3276  [ AF1349386D4C6786EF4E34FACEF15042 ] Wcmsvc          C:\Windows\System32\wcmsvc.dll
07:46:05.0798 3276  Wcmsvc - ok
07:46:05.0886 3276  [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:46:05.0898 3276  wcncsvc - ok
07:46:05.0924 3276  [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:46:05.0928 3276  WcsPlugInService - ok
07:46:05.0956 3276  [ B3A4D918DAB90505B6BC7B70632913CB ] Wd              C:\Windows\system32\drivers\wd.sys
07:46:05.0957 3276  Wd - ok
07:46:06.0013 3276  [ FD47DF026B32969B8A68721A0243E8EE ] WdBoot          C:\Windows\system32\drivers\WdBoot.sys
07:46:06.0015 3276  WdBoot - ok
07:46:06.0079 3276  [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:46:06.0091 3276  Wdf01000 - ok
07:46:06.0164 3276  [ 5F425D842DD6ADE9F95A51A0616AFAD7 ] WdFilter        C:\Windows\system32\drivers\WdFilter.sys
07:46:06.0167 3276  WdFilter - ok
07:46:06.0176 3276  [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:46:06.0183 3276  WdiServiceHost - ok
07:46:06.0188 3276  [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:46:06.0193 3276  WdiSystemHost - ok
07:46:06.0211 3276  [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient       C:\Windows\System32\webclnt.dll
07:46:06.0218 3276  WebClient - ok
07:46:06.0224 3276  [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:46:06.0230 3276  Wecsvc - ok
07:46:06.0251 3276  [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:46:06.0257 3276  wercplsupport - ok
07:46:06.0312 3276  [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:46:06.0317 3276  WerSvc - ok
07:46:06.0407 3276  [ 3F1F31883EAC9DDDF836ACC6D1DAC36C ] WFPLWFS         C:\Windows\system32\DRIVERS\wfplwfs.sys
07:46:06.0409 3276  WFPLWFS - ok
07:46:06.0428 3276  [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc          C:\Windows\System32\wiarpc.dll
07:46:06.0433 3276  WiaRpc - ok
07:46:06.0473 3276  [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:46:06.0474 3276  WIMMount - ok
07:46:06.0511 3276  WinDefend - ok
07:46:06.0573 3276  [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
07:46:06.0584 3276  WinHttpAutoProxySvc - ok
07:46:06.0645 3276  [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:46:06.0648 3276  Winmgmt - ok
07:46:06.0807 3276  [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM           C:\Windows\system32\WsmSvc.dll
07:46:06.0869 3276  WinRM - ok
07:46:06.0928 3276  [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:46:06.0929 3276  WinUsb - ok
07:46:07.0068 3276  [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc         C:\Windows\System32\wlansvc.dll
07:46:07.0093 3276  WlanSvc - ok
07:46:07.0204 3276  [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc         C:\Windows\system32\wlidsvc.dll
07:46:07.0243 3276  wlidsvc - ok
07:46:07.0279 3276  [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi         C:\Windows\System32\drivers\wmiacpi.sys
07:46:07.0280 3276  WmiAcpi - ok
07:46:07.0313 3276  [ D113499052C5E541906B727779F0F959 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:46:07.0316 3276  wmiApSrv - ok
07:46:07.0358 3276  WMPNetworkSvc - ok
07:46:07.0384 3276  [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr         C:\Windows\system32\DRIVERS\wpcfltr.sys
07:46:07.0385 3276  wpcfltr - ok
07:46:07.0426 3276  [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:46:07.0432 3276  WPCSvc - ok
07:46:07.0515 3276  [ 3013658A4D327854BEEC4A08D9655194 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:46:07.0524 3276  WPDBusEnum - ok
07:46:07.0555 3276  [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr       C:\Windows\system32\drivers\WpdUpFltr.sys
07:46:07.0557 3276  WpdUpFltr - ok
07:46:07.0609 3276  [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:46:07.0610 3276  ws2ifsl - ok
07:46:07.0701 3276  [ 012CFE7F0F95266F554EE3B91EE2128A ] wscsvc          C:\Windows\System32\wscsvc.dll
07:46:07.0709 3276  wscsvc - ok
07:46:07.0713 3276  WSearch - ok
07:46:07.0812 3276  [ D4D04839F3DFAF09D94BAB1016F7A297 ] WSService       C:\Windows\System32\WSService.dll
07:46:07.0838 3276  WSService - ok
07:46:07.0985 3276  [ 9DEC60D4783377097014DFCCA31E69F8 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:46:08.0024 3276  wuauserv - ok
07:46:08.0053 3276  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:46:08.0062 3276  WudfPf - ok
07:46:08.0094 3276  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\System32\drivers\WUDFRd.sys
07:46:08.0097 3276  WUDFRd - ok
07:46:08.0176 3276  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:46:08.0181 3276  wudfsvc - ok
07:46:08.0189 3276  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs       C:\Windows\system32\DRIVERS\WUDFRd.sys
07:46:08.0191 3276  WUDFWpdFs - ok
07:46:08.0200 3276  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp      C:\Windows\system32\DRIVERS\WUDFRd.sys
07:46:08.0203 3276  WUDFWpdMtp - ok
07:46:08.0262 3276  [ 6D9E07436B6646EC8F7EFFD39B6BA288 ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:46:08.0273 3276  WwanSvc - ok
07:46:08.0363 3276  [ 918C73F0275D7813E6F01E100B39DBD9 ] ZAtheros Bt&Wlan Coex Agent C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
07:46:08.0366 3276  ZAtheros Bt&Wlan Coex Agent - ok
07:46:08.0398 3276  ================ Scan global ===============================
07:46:08.0429 3276  [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
07:46:08.0491 3276  [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
07:46:08.0522 3276  [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
07:46:08.0595 3276  [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
07:46:08.0602 3276  [Global] - ok
07:46:08.0606 3276  ================ Scan MBR ==================================
07:46:08.0663 3276  [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0
07:46:08.0704 3276  \Device\Harddisk0\DR0 - ok
07:46:08.0716 3276  ================ Scan VBR ==================================
07:46:08.0730 3276  [ FBB60B9CBE8A8666E78B4484E1EFFF3D ] \Device\Harddisk0\DR0\Partition1
07:46:08.0731 3276  \Device\Harddisk0\DR0\Partition1 - ok
07:46:08.0770 3276  [ C50D97C83E42B0A7F93C0422AB30560D ] \Device\Harddisk0\DR0\Partition2
07:46:08.0773 3276  \Device\Harddisk0\DR0\Partition2 - ok
07:46:08.0787 3276  [ B99EA9695F91BA61A69BF2815CF80819 ] \Device\Harddisk0\DR0\Partition3
07:46:08.0788 3276  \Device\Harddisk0\DR0\Partition3 - ok
07:46:08.0842 3276  [ B1E27AA018409DE6BFD73F8AFB883A65 ] \Device\Harddisk0\DR0\Partition4
07:46:08.0842 3276  \Device\Harddisk0\DR0\Partition4 - ok
07:46:08.0852 3276  [ B2A5ED0A483688990B82949A4791815E ] \Device\Harddisk0\DR0\Partition5
07:46:08.0864 3276  \Device\Harddisk0\DR0\Partition5 - ok
07:46:08.0902 3276  [ 68D8B198840C09C5CD9BC4CE687C4782 ] \Device\Harddisk0\DR0\Partition6
07:46:08.0906 3276  \Device\Harddisk0\DR0\Partition6 - ok
07:46:08.0910 3276  ============================================================
07:46:08.0910 3276  Scan finished
07:46:08.0910 3276  ============================================================
07:46:08.0930 5392  Detected object count: 0
07:46:08.0931 5392  Actual detected object count: 0
 

Log from AdwCleaner:

# AdwCleaner v3.006 - Bericht erstellt am 03/10/2013 um 07:49:03
# Updated 01/10/2013 von Xplode
# Betriebssystem : Windows 8  (64 bits)
# Benutzername : Anke - ANKE-LAPTOP
# Gestartet von : C:\Users\Anke\Program setups\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\2mmdofjr.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Datei Gelöscht : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\2mmdofjr.default\foxydeal.sqlite

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16688


-\\ Mozilla Firefox v23.0.1 (en-US)

[ Datei : C:\Users\Anke\AppData\Roaming\Mozilla\Firefox\Profiles\2mmdofjr.default\prefs.js ]

Zeile gelöscht : user_pref("extensions.enabledAddons", "gmailnoads%40mywebber.com:3.9.1,ich%40maltegoetz.de:1.5.2,paulsaintuzb%40gmail.com:1.0.8,%7Bbadea1ae-72ed-4f6a-8c37-4db9a4ac7bc9%7D:1.0,%7B394DCBA4-1F92-4f8e-8EC[...]

-\\ Google Chrome v

[ Datei : C:\Users\Anke\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4537 octets] - [02/10/2013 16:56:14]
AdwCleaner[R1].txt - [1488 octets] - [03/10/2013 07:47:27]
AdwCleaner[S0].txt - [4358 octets] - [02/10/2013 16:57:47]
AdwCleaner[S1].txt - [1409 octets] - [03/10/2013 07:49:03]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1469 octets] ##########
 

 

And finally (after whooping 4 hours) the log of the ESET scan:

C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\SearchSettings.exe.vir    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Common Files\spigot\Search Settings\SearchSettings64.exe.vir    a variant of Win64/Toolbar.Widgi.A application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll.vir    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\pdfforge Toolbar\IE\7.6\pdfforgeToolbarIE.dll.vir    a variant of Win32/Toolbar.Widgi application    cleaned by deleting - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFP5TEA9\pal_install_r1111[1].exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HFP5TEA9\Setup[1].exe    multiple threats    cleaned by deleting - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMQ7FR6G\pdfforgeToolbar[1].msi    multiple threats    deleted - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMQ7FR6G\stubinst_pkg_en-eu[1].cab    Win32/OpenCandy application    deleted - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJX7X4TJ\slideshow_maker_2_en-us_110128[1].exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Users\Anke\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PJX7X4TJ\stubinst_pkg_en-eu[1].cab    Win32/OpenCandy application    deleted - quarantined
C:\Users\Anke\Documents\Ebooks\The Ultimate Italian Learning Pack\09.Miscellaneous\Foxit Reader Setup.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Anke\Documents\MAGIX Downloads\Installationsmanager\slideshow_maker_2_en-us_110128_2_0_0_8.exe    a variant of Win32/Bundled.Toolbar.Ask application    deleted - quarantined
C:\Users\Anke\Local Settings\Application Data\Bundled software uninstaller\biclient.exe    Win32/Somoto.A application    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\CuteWriter.exe    a variant of Win32/Bundled.Toolbar.Ask application    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\OrbitSetup4.0.10.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\PlayFLV.exe    Win32/TrojanDownloader.Adload.NIQ trojan    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\SoftonicDownloader_for_winamp.exe    Win32/SoftonicDownloader.E application    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\Hotel Dash 2 - Lost Luxuries\Hotel Dash 2 - Lost Luxuries.exe    Win32/Agent.SVW trojan    cleaned by deleting - quarantined
C:\Users\Anke\Program setups\Midnight Mysteries 2 - Salem Witch Trials\Midnight Mysteries 2 - Salem Witch Trials.exe    a variant of Win32/TrojanDropper.Agent.OTR trojan    cleaned by deleting - quarantined
C:\Windows\Installer\53fd1e5e.msi    multiple threats    deleted - quarantined
 



#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 03 October 2013 - 08:15 PM

That was a good clean.

 

You need to reset the Winsock

Type or copy this into an elevated command prompt

Type in the dos window: netsh winsock reset
Click on the enter key.

 

 

You need to update to Adobe Reader XI

 

Note when you install Apps such as this and others look for and UNcheck any extras they are installing.

Such as this....

Yes, install Google Chrome as my default browser and Google Toolbar for Internet Explorer.

google_banner_225x66.png

These are outdated. Remove thru Control Panel and reboot after.
Java™ 7 Update 5 (64-bit) (Version: 7.0.50)
Java™ 7 Update 5 (Version: 7.0.50

 

Then install  Version 7 Update 40


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Avee1977

Avee1977
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:39 PM

Posted 04 October 2013 - 12:13 AM

Ok, did all that. Thank you so very, very much for your help - you did such an awesome job! :thumbup2:



#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,072 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:03:39 PM

Posted 04 October 2013 - 09:01 AM

You're welcome from all of us.. Looks good to go.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users