Trojan Generic29.AHHS - Help!

IrishPhoenix · 25-06-2013 1:43am #1

Hi. My sister's computer got infected with Trojan Generic29.AHHS and I have been driven demented trying to clean it off the computer. AVG first picked it up but couldn't delete it. I couldn't locate the infected files to delete them manually so then I tried Malwarebytes scans and Malwarebytes root kit scans while in safe mode. After several go arounds of deleting infected files with Malwarebytes, the trojan has stopped showing as an infected file with Malwarebytes.

However, AVG is still saying that the resident shield scan is infected. Having googled this virus, it seems to be a nasty one and I was wondering whether anyone knows how to tell if the virus is fully removed or if I would be safer reinstalling windows?

ASJ112 · 25-06-2013 10:54am

can you post the log from avg and mbam

IrishPhoenix · 25-06-2013 6:13pm

mbam logs

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.06.24.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16618
Anne :: DENISE-PC [administrator]

25/06/2013 17:34:36
mbam-log-2013-06-25 (17-34-36).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 252716
Time elapsed: 9 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)a

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

AVG is now saying this:

Am I okay? Thanks for all the help!

ASJ112 · 25-06-2013 6:34pm

na, its a USB infection, so whatever USB you plugged in lately is infected and needs formatting. do this too

Download OTL to your Desktop

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Quick Scan button. Do not change any settings. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files here

IrishPhoenix · 25-06-2013 7:38pm

txt file

OTL logfile created on: 6/25/2013 6:40:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 13.29% Memory free
5.86 Gb Paging File | 2.64 Gb Available in Paging File | 45.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.09 Gb Total Space | 106.26 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive

| 12.59 Gb Total Space | 2.10 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: DENISE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/06/25 01:24:02 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Downloads\OTL.exe
PRC - [2013/06/24 22:47:44 | 000,769,096 | ---- | M] (Malwarebytes Corporation) -- C:\Users\Anne\Downloads\mbar-1.06.0.1004\mbar\mbar.exe
PRC - [2013/06/15 02:28:44 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013/05/29 12:34:28 | 000,449,248 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
PRC - [2013/05/20 17:21:11 | 001,226,928 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2013/05/20 17:21:11 | 001,015,984 | ---- | M] (AVG Secure Search) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
PRC - [2013/05/16 10:59:00 | 003,830,224 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2013/05/16 10:56:34 | 001,033,688 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/05/16 10:56:30 | 001,817,560 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/05/15 13:21:32 | 000,171,928 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
PRC - [2012/09/27 22:18:04 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\realplayer\Update\realsched.exe
PRC - [2010/10/12 14:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe

========== Modules (No Company Name) ==========

MOD - [2013/06/15 02:28:42 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppgooglenaclpluginchrome.dll
MOD - [2013/06/15 02:28:41 | 013,140,432 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll
MOD - [2013/06/15 02:28:40 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
MOD - [2013/06/15 02:27:51 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libglesv2.dll
MOD - [2013/06/15 02:27:50 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\libegl.dll
MOD - [2013/06/15 02:27:48 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ffmpegsumo.dll
MOD - [2013/05/20 17:21:11 | 000,158,384 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\SiteSafety.dll
MOD - [2013/05/17 10:51:16 | 000,207,872 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll
MOD - [2013/05/16 10:55:28 | 000,161,112 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2013/05/16 08:30:32 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\af525b4bec3b9941b7be8ffbf813da80\PresentationFramework.ni.dll
MOD - [2013/05/16 08:29:50 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013/05/16 08:29:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013/05/16 08:29:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013/04/16 14:42:08 | 000,037,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2013/02/04 18:13:54 | 000,070,832 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
MOD - [2013/01/13 12:45:55 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll
MOD - [2013/01/10 17:15:44 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013/01/10 17:15:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013/01/10 17:15:12 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\dd20416f723ee13ffb4173ec1afc4ec4\System.Data.ni.dll
MOD - [2013/01/10 17:14:26 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013/01/10 17:14:23 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\a7424b1be331f4b534ea24e0c21dbe47\UIAutomationTypes.ni.dll
MOD - [2013/01/10 17:13:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013/01/10 17:13:51 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013/01/10 17:13:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012/04/30 11:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll
MOD - [2011/10/05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/02/22 11:19:10 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010/02/22 11:19:08 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010/02/22 11:19:08 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2009/07/16 01:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009/07/16 01:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009/07/16 01:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009/07/16 01:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009/07/16 01:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009/07/16 01:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009/07/16 01:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009/07/16 01:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll

========== Services (SafeList) ==========

SRV:64bit: - [2011/02/10 23:54:55 | 000,253,440 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/02/10 23:54:54 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV:64bit: - [2011/01/13 02:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04)
SRV:64bit: - [2011/01/13 02:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/20 17:21:11 | 001,015,984 | ---- | M] (AVG Secure Search) [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe -- (vToolbarUpdater15.2.0)
SRV - [2013/05/14 00:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/04 18:43:22 | 000,155,824 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion)
SRV - [2012/09/27 11:55:16 | 000,086,528 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/05/14 18:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2009/02/22 20:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2006/12/19 19:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/05/20 17:21:11 | 000,045,856 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:24 | 000,240,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2012/09/28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/02/10 23:54:55 | 000,506,880 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/08/25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/02 17:45:24 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/07/15 00:16:34 | 000,273,456 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/24 20:00:18 | 000,216,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/06/10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009/06/10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/06/10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 13:13:10 | 000,138,752 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV:64bit: - [2009/05/22 15:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/04/29 16:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{336668CE-9DE4-4C02-8331-3365B8E7CFE3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1572&query={searchTerms}&invocationType=tb50hpcnnbie7-en-ie
IE:64bit: - HKLM\..\SearchScopes\{4566986A-D9AF-42D6-9F0D-75D4799E35EE}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{F688ACDB-19D5-4554-84EE-B5666551F71B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{336668CE-9DE4-4C02-8331-3365B8E7CFE3}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1572&query={searchTerms}&invocationType=tb50hpcnnbie7-en-ie
IE - HKLM\..\SearchScopes\{4566986A-D9AF-42D6-9F0D-75D4799E35EE}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{F688ACDB-19D5-4554-84EE-B5666551F71B}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_IE&c=94&bd=Presario&pf=cnnb
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ie/webhp?sourceid=navclient&ie=UTF-8
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7RNSN_enIE388
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4F11647F-5CDE-443C-A594-BE2208062DD7}&mid=27f5ed1c124f47d6999ed16fd8a97ba6-fd4603b1aedb7bd6cf30283f9cff57750d5bfec4&lang=en&ds=AVG&pr=fr&d=2012-10-20 17:03:40&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\15.2.0.5 [2013/05/20 17:21:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/27 22:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/27 22:18:38 | 000,000,000 | ---D | M]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={4F11647F-5CDE-443C-A594-BE2208062DD7}&mid=27f5ed1c124f47d6999ed16fd8a97ba6-fd4603b1aedb7bd6cf30283f9cff57750d5bfec4&lang=en&ds=AVG&pr=fr&d=2012-10-20 17:03:40&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://toolbar.avg.com/acp?q={searchTerms}&o=1
CHR - homepage: http://isearch.avg.com/?cid={4F11647F-5CDE-443C-A594-BE2208062DD7}&mid=27f5ed1c124f47d6999ed16fd8a97ba6-fd4603b1aedb7bd6cf30283f9cff57750d5bfec4&lang=en&ds=AVG&pr=fr&d=2012-10-20 17:03:40&v=14.2.0.1&pid=avg&sg=&sap=hp
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.116\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: AVG Security Toolbar = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\

O1 HOSTS File: ([2013/06/24 22:33:22 | 000,447,822 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 15376 more lines...
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files (x86)\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe (AVG Secure Search)
O4 - HKCU..\Run: [Epson Stylus SX235(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Anne\AppData\Local\Temp\E_SA0E.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [EPSON SX235 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHLE.EXE /FU "C:\Users\Anne\AppData\Local\Temp\E_S878.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C990A9B-BB12-424C-B447-CC5ADF365E53}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\Shell - "" = AutoRun
O33 - MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\Shell\AutoRun\command - "" = F:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/06/25 18:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/06/24 22:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/06/24 22:26:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/06/24 22:26:41 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013/06/24 22:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013/06/24 21:32:59 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Roaming\Malwarebytes
[2013/06/24 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/06/24 21:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/06/24 21:32:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/06/24 21:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/06/24 21:32:37 | 000,000,000 | ---D | C] -- C:\Users\Anne\AppData\Local\Programs
[2013/06/24 20:07:20 | 000,000,000 | ---D | C] -- C:\Users\Anne\Documents\NBBBBBBBBBBBBBBBBBBBBBB

========== Files - Modified Within 30 Days ==========

[2013/06/25 18:13:02 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/06/25 18:10:17 | 000,110,236 | ---- | M] () -- C:\Users\Anne\Desktop\scanresult.jpg
[2013/06/25 17:47:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 17:47:12 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/06/25 17:32:44 | 000,000,294 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/06/25 17:32:15 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/06/25 17:32:00 | 000,000,350 | ---- | M] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/06/25 17:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/06/25 17:30:15 | 2361,593,856 | -HS- | M] () -- C:\hiberfil.sys
[2013/06/24 22:33:22 | 000,447,822 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/06/24 22:27:05 | 000,000,656 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/06/24 22:27:05 | 000,000,628 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/06/24 22:27:05 | 000,000,458 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/06/24 22:26:48 | 000,001,383 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/06/24 21:32:49 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/24 18:51:47 | 000,000,400 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Anne.job
[2013/06/24 18:03:16 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013/06/24 17:22:15 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/06/24 17:22:15 | 000,619,642 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/06/24 17:22:15 | 000,107,792 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/24 17:20:23 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/06/14 22:48:04 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAnne.job
[2013/06/12 16:39:28 | 000,115,357 | ---- | M] () -- C:\Users\Anne\Documents\Darren Criss Music, Maggiano's Masterpost.htm
[2013/06/10 10:08:57 | 000,089,825 | ---- | M] () -- C:\Users\Anne\Documents\No regrets, Just listen_.htm
[2013/06/10 10:07:45 | 000,173,977 | ---- | M] () -- C:\Users\Anne\Documents\thegreenscene Darren Criss Music Masterpost.htm
[2013/06/10 10:06:14 | 000,076,556 | ---- | M] () -- C:\Users\Anne\Documents\bring it on back.htm
[2013/06/09 19:50:34 | 000,081,468 | ---- | M] () -- C:\Users\Anne\Documents\Cleaning plaque from teeth - PaleoHacks_com.htm
[2013/06/09 19:50:03 | 000,202,348 | ---- | M] () -- C:\Users\Anne\Documents\Why I don’t use toothpaste « Mint&Chilli.htm
[2013/06/09 19:49:55 | 000,174,569 | ---- | M] () -- C:\Users\Anne\Documents\Plaque Busters How olive oil, chewing gum and green tea can prevent the build-up of bacteria Mail Online.htm
[2013/06/09 19:49:47 | 000,216,320 | ---- | M] () -- C:\Users\Anne\Documents\Rio Dental Polisher- Home Dental Hygiene Kit - Boots.htm
[2013/06/07 09:40:26 | 000,074,731 | ---- | M] () -- C:\Users\Anne\Documents\3 Ways to Get Rid of Cramps ( for Girls) - wikiHow.htm
[2013/06/07 09:40:15 | 000,067,203 | ---- | M] () -- C:\Users\Anne\Documents\How to Get Rid of Menstrual Cramps 10 Steps (with Pictures).htm
[2013/06/06 16:41:13 | 000,354,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/06/06 09:31:33 | 000,029,975 | ---- | M] () -- C:\Users\Anne\Documents\Is Eating While Fasting Necessary » The Fast Diet.htm
[2013/06/06 09:30:36 | 000,027,027 | ---- | M] () -- C:\Users\Anne\Documents\16 hours total fast in the beginning or at the end » The Fast Diet.htm
[2013/06/06 08:56:59 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/06 08:56:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/04 11:08:40 | 000,041,244 | ---- | M] () -- C:\Users\Anne\Documents\Sneek Peek Chubby Sticks Intense - First Look with Swatches!.htm
[2013/06/04 11:08:31 | 000,043,843 | ---- | M] () -- C:\Users\Anne\Documents\Sneak Peek Clinique Chubby Stick Shadow Tint For Eyes - Review, pics, swatches.htm
[2013/06/04 09:50:57 | 000,057,085 | ---- | M] () -- C:\Users\Anne\Documents\How to Whiten Teeth With Baking Soda (with Pictures) - wikiHow.htm
[2013/06/04 09:50:46 | 000,234,628 | ---- | M] () -- C:\Users\Anne\Documents\Do I need to floss if my teeth are very close together - MoneySavingExpert_com Forums.htm
[2013/06/04 09:50:34 | 000,161,921 | ---- | M] () -- C:\Users\Anne\Documents\Whiten Your Teeth Naturally With No Dangerous Chemicals.htm
[2013/05/29 10:08:21 | 000,076,369 | ---- | M] () -- C:\Users\Anne\Documents\Craze Lines Hairline Cracks In Your Front Teeth Oral Answers.htm
[2013/05/29 10:08:09 | 000,068,589 | ---- | M] () -- C:\Users\Anne\Documents\Crack (Craze) line in front tooth appearance, self-esteem! - Yahoo! Answers.htm

========== Files Created - No Company Name ==========

[2013/06/25 18:10:17 | 000,110,236 | ---- | C] () -- C:\Users\Anne\Desktop\scanresult.jpg
[2013/06/24 22:27:05 | 000,000,656 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2013/06/24 22:27:05 | 000,000,628 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2013/06/24 22:27:05 | 000,000,458 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2013/06/24 22:26:48 | 000,001,395 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/06/24 22:26:48 | 000,001,383 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013/06/24 21:32:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/06/24 17:20:23 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013/06/12 16:39:27 | 000,115,357 | ---- | C] () -- C:\Users\Anne\Documents\Darren Criss Music, Maggiano's Masterpost.htm
[2013/06/10 10:08:56 | 000,089,825 | ---- | C] () -- C:\Users\Anne\Documents\No regrets, Just listen_.htm
[2013/06/10 10:07:45 | 000,173,977 | ---- | C] () -- C:\Users\Anne\Documents\thegreenscene Darren Criss Music Masterpost.htm
[2013/06/10 10:06:13 | 000,076,556 | ---- | C] () -- C:\Users\Anne\Documents\bring it on back.htm
[2013/06/09 19:50:34 | 000,081,468 | ---- | C] () -- C:\Users\Anne\Documents\Cleaning plaque from teeth - PaleoHacks_com.htm
[2013/06/09 19:50:03 | 000,202,348 | ---- | C] () -- C:\Users\Anne\Documents\Why I don’t use toothpaste « Mint&Chilli.htm
[2013/06/09 19:49:55 | 000,174,569 | ---- | C] () -- C:\Users\Anne\Documents\Plaque Busters How olive oil, chewing gum and green tea can prevent the build-up of bacteria Mail Online.htm
[2013/06/09 19:49:47 | 000,216,320 | ---- | C] () -- C:\Users\Anne\Documents\Rio Dental Polisher- Home Dental Hygiene Kit - Boots.htm
[2013/06/07 09:40:26 | 000,074,731 | ---- | C] () -- C:\Users\Anne\Documents\3 Ways to Get Rid of Cramps ( for Girls) - wikiHow.htm
[2013/06/07 09:40:14 | 000,067,203 | ---- | C] () -- C:\Users\Anne\Documents\How to Get Rid of Menstrual Cramps 10 Steps (with Pictures).htm
[2013/06/06 16:43:29 | 000,001,417 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/06/06 09:31:33 | 000,029,975 | ---- | C] () -- C:\Users\Anne\Documents\Is Eating While Fasting Necessary » The Fast Diet.htm
[2013/06/06 09:30:35 | 000,027,027 | ---- | C] () -- C:\Users\Anne\Documents\16 hours total fast in the beginning or at the end » The Fast Diet.htm
[2013/06/06 08:56:59 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/06/06 08:56:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/06/04 11:08:40 | 000,041,244 | ---- | C] () -- C:\Users\Anne\Documents\Sneek Peek Chubby Sticks Intense - First Look with Swatches!.htm
[2013/06/04 11:08:30 | 000,043,843 | ---- | C] () -- C:\Users\Anne\Documents\Sneak Peek Clinique Chubby Stick Shadow Tint For Eyes - Review, pics, swatches.htm
[2013/06/04 09:50:57 | 000,057,085 | ---- | C] () -- C:\Users\Anne\Documents\How to Whiten Teeth With Baking Soda (with Pictures) - wikiHow.htm
[2013/06/04 09:50:46 | 000,234,628 | ---- | C] () -- C:\Users\Anne\Documents\Do I need to floss if my teeth are very close together - MoneySavingExpert_com Forums.htm
[2013/06/04 09:50:34 | 000,161,921 | ---- | C] () -- C:\Users\Anne\Documents\Whiten Your Teeth Naturally With No Dangerous Chemicals.htm
[2013/06/03 18:36:08 | 000,000,350 | ---- | C] () -- C:\Windows\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/05/29 10:08:21 | 000,076,369 | ---- | C] () -- C:\Users\Anne\Documents\Craze Lines Hairline Cracks In Your Front Teeth Oral Answers.htm
[2013/05/29 10:08:09 | 000,068,589 | ---- | C] () -- C:\Users\Anne\Documents\Crack (Craze) line in front tooth appearance, self-esteem! - Yahoo! Answers.htm
[2012/04/04 10:10:10 | 000,000,000 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\wklnhst.dat
[2011/09/08 20:24:27 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011/09/08 20:24:27 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011/09/08 20:24:27 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011/09/08 20:24:27 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011/09/08 20:24:27 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011/09/08 20:24:27 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011/09/08 20:24:27 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011/09/08 20:24:27 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011/09/08 20:24:27 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011/09/08 20:24:27 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011/09/08 20:24:27 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011/09/08 20:24:27 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011/09/08 20:24:27 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011/09/08 20:24:27 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011/09/08 20:24:27 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011/09/08 20:24:27 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011/09/08 20:24:27 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011/09/08 20:24:27 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011/09/08 20:24:27 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011/09/08 20:15:35 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2011/05/05 00:01:00 | 000,000,000 | ---- | C] () -- C:\Users\Anne\AppData\Local\{D528C591-E88F-4B54-A6AB-4D8DB03812D7}
[2011/04/04 22:00:25 | 000,001,854 | ---- | C] () -- C:\Users\Anne\AppData\Roaming\GhostObjGAFix.xml
[2009/08/25 09:45:18 | 000,000,294 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/09/29 11:06:12 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\AVG2013
[2013/02/05 17:16:53 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\Epson
[2013/02/12 19:19:42 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\SuperPump
[2012/09/29 10:57:53 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\TuneUp Software
[2011/03/07 19:17:23 | 000,000,000 | ---D | M] -- C:\Users\Anne\AppData\Roaming\WindSolutions

========== Purity Check ==========

< End of report >

EXTRAS.TXT

OTL Extras logfile created on: 6/25/2013 6:40:19 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Anne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy

2.93 Gb Total Physical Memory | 0.39 Gb Available Physical Memory | 13.29% Memory free
5.86 Gb Paging File | 2.64 Gb Available in Paging File | 45.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 220.09 Gb Total Space | 106.26 Gb Free Space | 48.28% Space Free | Partition Type: NTFS
Drive

| 12.59 Gb Total Space | 2.10 Gb Free Space | 16.67% Space Free | Partition Type: NTFS

Computer Name: DENISE-PC | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.

ASJ112 · 25-06-2013 8:42pm

did you run malwarebytes anti-rootkit ? Do you have that log

run tdsskiller and post its log

http://www.bleepingcomputer.com/download/tdsskiller/

IrishPhoenix · 25-06-2013 8:58pm

This was the log that showed the virus.

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.24.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16618
Anne :: DENISE-PC [administrator]

24/06/2013 22:48:34
mbar-log-2013-06-24 (22-48-34).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 278271
Time elapsed: 29 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot.
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32 (Trojan.Zaccess) -> Delete on reboot.

Registry Values Detected: 1
HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| (Trojan.Zaccess) -> Data: C:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\n. -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 3
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\U (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\L (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82 (Trojan.Siredef.C) -> Delete on reboot.

Files Detected: 4
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\U\00000001.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\U\80000000.@ (Trojan.Siredef.C) -> Delete on reboot.
c:\$Recycle.Bin\S-1-5-21-3043282612-1326149552-2567834922-1003\$8ad920049e34f826dcaef5206536cc82\U\800000cb.@ (Trojan.Siredef.C) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

The log after I cleaned it

Malwarebytes Anti-Rootkit BETA 1.06.0.1004
www.malwarebytes.org

Database version: v2013.06.24.07

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16618
Anne :: DENISE-PC [administrator]

24/06/2013 23:25:48
mbar-log-2013-06-24 (23-25-48).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 278006
Time elapsed: 52 minute(s), 25 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

TDSSKiller Log

20:56:05.0320 1344 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
20:56:05.0849 1344 ============================================================
20:56:05.0849 1344 Current date / time: 2013/06/25 20:56:05.0849
20:56:05.0849 1344 SystemInfo:
20:56:05.0849 1344
20:56:05.0849 1344 OS Version: 6.1.7601 ServicePack: 1.0
20:56:05.0849 1344 Product type: Workstation
20:56:05.0849 1344 ComputerName: DENISE-PC
20:56:05.0849 1344 UserName: Anne
20:56:05.0849 1344 Windows directory: C:\Windows
20:56:05.0849 1344 System windows directory: C:\Windows
20:56:05.0849 1344 Running under WOW64
20:56:05.0849 1344 Processor architecture: Intel x64
20:56:05.0849 1344 Number of processors: 2
20:56:05.0849 1344 Page size: 0x1000
20:56:05.0849 1344 Boot type: Normal boot
20:56:05.0849 1344 ============================================================
20:56:08.0138 1344 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:08.0146 1344 ============================================================
20:56:08.0146 1344 \Device\Harddisk0\DR0:
20:56:08.0149 1344 MBR partitions:
20:56:08.0149 1344 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:56:08.0149 1344 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B830800
20:56:08.0149 1344 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B894800, BlocksNum 0x1930800
20:56:08.0149 1344 ============================================================
20:56:08.0169 1344 C: <-> \Device\Harddisk0\DR0\Partition2
20:56:08.0211 1344

<-> \Device\Harddisk0\DR0\Partition3
20:56:08.0211 1344 ============================================================
20:56:08.0212 1344 Initialize success
20:56:08.0212 1344 ============================================================
20:56:13.0127 5300 ============================================================
20:56:13.0127 5300 Scan started
20:56:13.0127 5300 Mode: Manual;
20:56:13.0127 5300 ============================================================
20:56:15.0070 5300 ================ Scan system memory ========================
20:56:15.0070 5300 System memory - ok
20:56:15.0070 5300 ================ Scan services =============================
20:56:15.0247 5300 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
20:56:15.0251 5300 1394ohci - ok
20:56:15.0405 5300 [ B33CF4DE909A5B30F526D82053A63C8E ] ABBYY.Licensing.FineReader.Sprint.9.0 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
20:56:15.0439 5300 ABBYY.Licensing.FineReader.Sprint.9.0 - ok
20:56:15.0485 5300 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:56:15.0490 5300 ACPI - ok
20:56:15.0523 5300 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:56:15.0524 5300 AcpiPmi - ok
20:56:15.0572 5300 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
20:56:15.0595 5300 adp94xx - ok
20:56:15.0627 5300 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
20:56:15.0638 5300 adpahci - ok
20:56:15.0682 5300 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
20:56:15.0686 5300 adpu320 - ok
20:56:15.0716 5300 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:15.0718 5300 AeLookupSvc - ok
20:56:15.0883 5300 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Program Files\IDT\WDM\AESTSr64.exe
20:56:15.0885 5300 AESTFilters - ok
20:56:15.0948 5300 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:56:15.0971 5300 AFD - ok
20:56:16.0030 5300 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
20:56:16.0066 5300 AgereSoftModem - ok
20:56:16.0110 5300 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:16.0112 5300 agp440 - ok
20:56:16.0146 5300 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:56:16.0149 5300 ALG - ok
20:56:16.0175 5300 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:56:16.0177 5300 aliide - ok
20:56:16.0210 5300 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:56:16.0211 5300 amdide - ok
20:56:16.0255 5300 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
20:56:16.0257 5300 AmdK8 - ok
20:56:16.0283 5300 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:56:16.0285 5300 AmdPPM - ok
20:56:16.0310 5300 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:56:16.0312 5300 amdsata - ok
20:56:16.0354 5300 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
20:56:16.0358 5300 amdsbs - ok
20:56:16.0415 5300 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:56:16.0417 5300 amdxata - ok
20:56:16.0471 5300 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:56:16.0473 5300 AppID - ok
20:56:16.0499 5300 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:56:16.0501 5300 AppIDSvc - ok
20:56:16.0553 5300 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
20:56:16.0555 5300 Appinfo - ok
20:56:16.0629 5300 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:56:16.0632 5300 Apple Mobile Device - ok
20:56:16.0683 5300 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
20:56:16.0685 5300 arc - ok
20:56:16.0704 5300 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
20:56:16.0707 5300 arcsas - ok
20:56:16.0740 5300 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:16.0742 5300 AsyncMac - ok
20:56:16.0784 5300 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:16.0785 5300 atapi - ok
20:56:16.0855 5300 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
20:56:16.0893 5300 athr - ok
20:56:16.0959 5300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:16.0982 5300 AudioEndpointBuilder - ok
20:56:17.0004 5300 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:56:17.0010 5300 AudioSrv - ok
20:56:17.0295 5300 [ 50185186719134FA8F307D269106A51C ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
20:56:17.0399 5300 AVGIDSAgent - ok
20:56:17.0463 5300 [ 139BD30C32BEE830D0CF39C5324D79DE ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
20:56:17.0467 5300 AVGIDSDriver - ok
20:56:17.0543 5300 [ 2940FACB6EF92BD1936E4A1E2502468E ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
20:56:17.0545 5300 AVGIDSHA - ok
20:56:17.0601 5300 [ 54B66C4AEEC6C4F742F3569EBA03EBB8 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
20:56:17.0604 5300 Avgldx64 - ok
20:56:17.0683 5300 [ 13667B5D6310228A9FEF2BA5FCD9081F ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
20:56:17.0688 5300 Avgloga - ok
20:56:17.0740 5300 [ BE82F9A1F2CCF4CE746D0C645D94079E ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
20:56:17.0742 5300 Avgmfx64 - ok
20:56:17.0842 5300 [ 5D11620DEF66F9DC9468FEE385A8429B ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
20:56:17.0844 5300 Avgrkx64 - ok
20:56:17.0921 5300 [ 69BD90E337625F96C718CACE7A9C9E29 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
20:56:17.0977 5300 Avgtdia - ok
20:56:18.0133 5300 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
20:56:18.0135 5300 avgtp - ok
20:56:18.0176 5300 [ 3A0977CB68AF13E2579E47EB8984056B ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
20:56:18.0181 5300 avgwd - ok
20:56:18.0226 5300 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:56:18.0228 5300 AxInstSV - ok
20:56:18.0276 5300 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
20:56:18.0299 5300 b06bdrv - ok
20:56:18.0342 5300 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:56:18.0347 5300 b57nd60a - ok
20:56:18.0391 5300 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:56:18.0393 5300 BDESVC - ok
20:56:18.0410 5300 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:18.0411 5300 Beep - ok
20:56:18.0463 5300 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:56:18.0486 5300 BFE - ok
20:56:18.0538 5300 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:56:18.0560 5300 BITS - ok
20:56:18.0593 5300 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:56:18.0595 5300 blbdrive - ok
20:56:18.0664 5300 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
20:56:18.0676 5300 Bonjour Service - ok
20:56:18.0730 5300 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:18.0732 5300 bowser - ok
20:56:18.0772 5300 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:56:18.0774 5300 BrFiltLo - ok
20:56:18.0787 5300 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:56:18.0789 5300 BrFiltUp - ok
20:56:18.0833 5300 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:56:18.0836 5300 Browser - ok
20:56:18.0874 5300 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:56:18.0879 5300 Brserid - ok
20:56:18.0909 5300 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:56:18.0911 5300 BrSerWdm - ok
20:56:18.0947 5300 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:56:18.0949 5300 BrUsbMdm - ok
20:56:18.0960 5300 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:56:18.0962 5300 BrUsbSer - ok
20:56:18.0991 5300 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:56:18.0994 5300 BTHMODEM - ok
20:56:19.0035 5300 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:56:19.0037 5300 bthserv - ok
20:56:19.0057 5300 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:19.0060 5300 cdfs - ok
20:56:19.0113 5300 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:56:19.0116 5300 cdrom - ok
20:56:19.0159 5300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:19.0162 5300 CertPropSvc - ok
20:56:19.0196 5300 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:56:19.0198 5300 circlass - ok
20:56:19.0228 5300 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:56:19.0240 5300 CLFS - ok
20:56:19.0301 5300 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:19.0303 5300 clr_optimization_v2.0.50727_32 - ok
20:56:19.0344 5300 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:56:19.0346 5300 clr_optimization_v2.0.50727_64 - ok
20:56:19.0383 5300 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:19.0385 5300 CmBatt - ok
20:56:19.0405 5300 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:56:19.0407 5300 cmdide - ok
20:56:19.0452 5300 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:56:19.0464 5300 CNG - ok
20:56:19.0556 5300 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:56:19.0560 5300 Com4QLBEx - ok
20:56:19.0581 5300 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:56:19.0582 5300 Compbatt - ok
20:56:19.0633 5300 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
20:56:19.0635 5300 CompositeBus - ok
20:56:19.0659 5300 COMSysApp - ok
20:56:19.0678 5300 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
20:56:19.0680 5300 crcdisk - ok
20:56:19.0739 5300 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:56:19.0743 5300 CryptSvc - ok
20:56:19.0790 5300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:56:19.0813 5300 DcomLaunch - ok
20:56:19.0850 5300 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:56:19.0855 5300 defragsvc - ok
20:56:19.0890 5300 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:56:19.0892 5300 DfsC - ok
20:56:19.0957 5300 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:56:19.0962 5300 Dhcp - ok
20:56:19.0990 5300 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:56:19.0992 5300 discache - ok
20:56:20.0026 5300 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
20:56:20.0027 5300 Disk - ok
20:56:20.0075 5300 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:56:20.0078 5300 Dnscache - ok
20:56:20.0113 5300 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:56:20.0118 5300 dot3svc - ok
20:56:20.0147 5300 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:56:20.0151 5300 DPS - ok
20:56:20.0198 5300 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:56:20.0200 5300 drmkaud - ok
20:56:20.0254 5300 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:56:20.0277 5300 DXGKrnl - ok
20:56:20.0322 5300 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:56:20.0324 5300 EapHost - ok
20:56:20.0413 5300 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
20:56:20.0482 5300 ebdrv - ok
20:56:20.0547 5300 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:56:20.0549 5300 EFS - ok
20:56:20.0633 5300 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:56:20.0656 5300 ehRecvr - ok
20:56:20.0689 5300 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:56:20.0692 5300 ehSched - ok
20:56:20.0725 5300 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
20:56:20.0748 5300 elxstor - ok
20:56:20.0819 5300 [ ABDD5AD016AFFD34AD40E944CE94BF59 ] EpsonBidirectionalService C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
20:56:20.0821 5300 EpsonBidirectionalService - ok
20:56:20.0944 5300 [ 7C5BFAAC8DCE7292B0C04EBF892E71F9 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
20:56:20.0948 5300 EPSON_EB_RPCV4_04 - ok
20:56:20.0986 5300 [ D4615670CD49A1679E6067F155C47C68 ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
20:56:20.0988 5300 EPSON_PM_RPCV4_04 - ok
20:56:21.0030 5300 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:56:21.0032 5300 ErrDev - ok
20:56:21.0098 5300 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:56:21.0109 5300 EventSystem - ok
20:56:21.0139 5300 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:56:21.0144 5300 exfat - ok
20:56:21.0161 5300 ezSharedSvc - ok
20:56:21.0179 5300 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:56:21.0183 5300 fastfat - ok
20:56:21.0237 5300 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:56:21.0260 5300 Fax - ok
20:56:21.0284 5300 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
20:56:21.0285 5300 fdc - ok
20:56:21.0331 5300 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:56:21.0332 5300 fdPHost - ok
20:56:21.0350 5300 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:56:21.0352 5300 FDResPub - ok
20:56:21.0378 5300 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:56:21.0380 5300 FileInfo - ok
20:56:21.0398 5300 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:56:21.0400 5300 Filetrace - ok
20:56:21.0420 5300 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
20:56:21.0422 5300 flpydisk - ok
20:56:21.0451 5300 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:56:21.0457 5300 FltMgr - ok
20:56:21.0530 5300 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
20:56:21.0566 5300 FontCache - ok
20:56:21.0614 5300 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:56:21.0616 5300 FontCache3.0.0.0 - ok
20:56:21.0647 5300 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:56:21.0649 5300 FsDepends - ok
20:56:21.0688 5300 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:56:21.0690 5300 Fs_Rec - ok
20:56:21.0741 5300 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:56:21.0744 5300 fvevol - ok
20:56:21.0782 5300 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
20:56:21.0785 5300 gagp30kx - ok
20:56:21.0857 5300 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:56:21.0861 5300 GameConsoleService - ok
20:56:21.0904 5300 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:56:21.0906 5300 GEARAspiWDM - ok
20:56:21.0953 5300 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:56:21.0976 5300 gpsvc - ok
20:56:22.0066 5300 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:22.0068 5300 gupdate - ok
20:56:22.0083 5300 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:56:22.0085 5300 gupdatem - ok
20:56:22.0109 5300 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:56:22.0113 5300 gusvc - ok
20:56:22.0143 5300 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:56:22.0145 5300 hcw85cir - ok
20:56:22.0221 5300 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:22.0255 5300 HdAudAddService - ok
20:56:22.0318 5300 [ 9f7BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
20:56:22.0321 5300 HDAudBus - ok
20:56:22.0341 5300 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
20:56:22.0343 5300 HidBatt - ok
20:56:22.0364 5300 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
20:56:22.0367 5300 HidBth - ok
20:56:22.0383 5300 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:56:22.0385 5300 HidIr - ok
20:56:22.0414 5300 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:56:22.0417 5300 hidserv - ok
20:56:22.0463 5300 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
20:56:22.0465 5300 HidUsb - ok
20:56:22.0494 5300 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:56:22.0497 5300 hkmsvc - ok
20:56:22.0528 5300 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:56:22.0533 5300 HomeGroupListener - ok
20:56:22.0564 5300 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:56:22.0568 5300 HomeGroupProvider - ok
20:56:22.0678 5300 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
20:56:22.0680 5300 HP Support Assistant Service - ok
20:56:22.0718 5300 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:56:22.0719 5300 HpqKbFiltr - ok
20:56:22.0823 5300 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
20:56:22.0845 5300 hpqwmiex - ok
20:56:22.0879 5300 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:56:22.0881 5300 HpSAMD - ok
20:56:22.0945 5300 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:56:22.0968 5300 HTTP - ok
20:56:22.0996 5300 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:56:22.0997 5300 hwpolicy - ok
20:56:23.0065 5300 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
20:56:23.0147 5300 i8042prt - ok
20:56:23.0296 5300 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:56:23.0322 5300 iaStorV - ok
20:56:23.0373 5300 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:56:23.0407 5300 idsvc - ok
20:56:23.0746 5300 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
20:56:23.0977 5300 igfx - ok
20:56:24.0026 5300 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
20:56:24.0028 5300 iirsp - ok
20:56:24.0078 5300 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:56:24.0112 5300 IKEEXT - ok
20:56:24.0174 5300 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
20:56:24.0177 5300 IntcHdmiAddService - ok
20:56:24.0217 5300 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:56:24.0218 5300 intelide - ok
20:56:24.0255 5300 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:56:24.0257 5300 intelppm - ok
20:56:24.0274 5300 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:56:24.0277 5300 IPBusEnum - ok
20:56:24.0305 5300 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:24.0308 5300 IpFilterDriver - ok
20:56:24.0327 5300 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:56:24.0351 5300 iphlpsvc - ok
20:56:24.0382 5300 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:56:24.0384 5300 IPMIDRV - ok
20:56:24.0416 5300 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:56:24.0419 5300 IPNAT - ok
20:56:24.0500 5300 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
20:56:24.0523 5300 iPod Service - ok
20:56:24.0561 5300 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:56:24.0563 5300 IRENUM - ok
20:56:24.0605 5300 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:56:24.0606 5300 isapnp - ok
20:56:24.0624 5300 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:56:24.0628 5300 iScsiPrt - ok
20:56:24.0661 5300 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
20:56:24.0663 5300 kbdclass - ok
20:56:24.0702 5300 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
20:56:24.0704 5300 kbdhid - ok
20:56:24.0727 5300 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:56:24.0729 5300 KeyIso - ok
20:56:24.0761 5300 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:56:24.0763 5300 KSecDD - ok
20:56:24.0792 5300 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:56:24.0795 5300 KSecPkg - ok
20:56:24.0844 5300 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:56:24.0846 5300 ksthunk - ok
20:56:24.0880 5300 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:56:24.0886 5300 KtmRm - ok
20:56:24.0936 5300 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:56:24.0942 5300 LanmanServer - ok
20:56:24.0972 5300 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:56:24.0976 5300 LanmanWorkstation - ok
20:56:25.0040 5300 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:56:25.0041 5300 LightScribeService - ok
20:56:25.0080 5300 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:56:25.0082 5300 lltdio - ok
20:56:25.0105 5300 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:56:25.0111 5300 lltdsvc - ok
20:56:25.0131 5300 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:56:25.0133 5300 lmhosts - ok
20:56:25.0174 5300 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
20:56:25.0176 5300 LSI_FC - ok
20:56:25.0195 5300 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
20:56:25.0197 5300 LSI_SAS - ok
20:56:25.0210 5300 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:56:25.0212 5300 LSI_SAS2 - ok
20:56:25.0234 5300 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:56:25.0236 5300 LSI_SCSI - ok
20:56:25.0278 5300 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:56:25.0280 5300 luafv - ok
20:56:25.0324 5300 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:56:25.0327 5300 Mcx2Svc - ok
20:56:25.0347 5300 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
20:56:25.0348 5300 megasas - ok
20:56:25.0386 5300 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
20:56:25.0391 5300 MegaSR - ok
20:56:25.0415 5300 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:56:25.0418 5300 MMCSS - ok
20:56:25.0443 5300 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:56:25.0445 5300 Modem - ok
20:56:25.0468 5300 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:56:25.0469 5300 monitor - ok
20:56:25.0499 5300 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
20:56:25.0500 5300 mouclass - ok
20:56:25.0526 5300 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:56:25.0528 5300 mouhid - ok
20:56:25.0564 5300 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:56:25.0566 5300 mountmgr - ok
20:56:25.0611 5300 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:56:25.0615 5300 mpio - ok
20:56:25.0655 5300 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:56:25.0657 5300 mpsdrv - ok
20:56:25.0700 5300 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:56:25.0723 5300 MpsSvc - ok
20:56:25.0758 5300 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:56:25.0761 5300 MRxDAV - ok
20:56:25.0798 5300 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:25.0801 5300 mrxsmb - ok
20:56:25.0846 5300 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:25.0850 5300 mrxsmb10 - ok
20:56:25.0872 5300 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:25.0874 5300 mrxsmb20 - ok
20:56:25.0917 5300 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:56:25.0918 5300 msahci - ok
20:56:25.0963 5300 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:56:25.0965 5300 msdsm - ok
20:56:25.0996 5300 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:56:26.0000 5300 MSDTC - ok
20:56:26.0033 5300 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:56:26.0034 5300 Msfs - ok
20:56:26.0049 5300 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:56:26.0050 5300 mshidkmdf - ok
20:56:26.0091 5300 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:56:26.0092 5300 msisadrv - ok
20:56:26.0128 5300 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:56:26.0131 5300 MSiSCSI - ok
20:56:26.0139 5300 msiserver - ok
20:56:26.0183 5300 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:56:26.0185 5300 MSKSSRV - ok
20:56:26.0198 5300 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:26.0201 5300 MSPCLOCK - ok
20:56:26.0208 5300 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:56:26.0210 5300 MSPQM - ok
20:56:26.0253 5300 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:56:26.0259 5300 MsRPC - ok
20:56:26.0291 5300 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
20:56:26.0293 5300 mssmbios - ok
20:56:26.0327 5300 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:56:26.0330 5300 MSTEE - ok
20:56:26.0356 5300 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
20:56:26.0358 5300 MTConfig - ok
20:56:26.0380 5300 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:56:26.0382 5300 Mup - ok
20:56:26.0427 5300 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:56:26.0450 5300 napagent - ok
20:56:26.0499 5300 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:56:26.0505 5300 NativeWifiP - ok
20:56:26.0552 5300 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
20:56:26.0576 5300 NDIS - ok
20:56:26.0604 5300 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:26.0606 5300 NdisCap - ok
20:56:26.0637 5300 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:26.0638 5300 NdisTapi - ok
20:56:26.0687 5300 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:26.0689 5300 Ndisuio - ok
20:56:26.0713 5300 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:26.0716 5300 NdisWan - ok
20:56:26.0747 5300 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:56:26.0832 5300 NDProxy - ok
20:56:26.0913 5300 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:56:26.0914 5300 NetBIOS - ok
20:56:26.0947 5300 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:56:26.0951 5300 NetBT - ok
20:56:26.0972 5300 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:56:26.0974 5300 Netlogon - ok
20:56:27.0024 5300 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:56:27.0036 5300 Netman - ok
20:56:27.0058 5300 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:56:27.0080 5300 netprofm - ok
20:56:27.0114 5300 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:27.0116 5300 NetTcpPortSharing - ok
20:56:27.0263 5300 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
20:56:27.0390 5300 netw5v64 - ok
20:56:27.0431 5300 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
20:56:27.0432 5300 nfrd960 - ok
20:56:27.0480 5300 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:56:27.0485 5300 NlaSvc - ok
20:56:27.0523 5300 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:56:27.0524 5300 Npfs - ok
20:56:27.0556 5300 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:56:27.0615 5300 nsi - ok
20:56:27.0661 5300 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:56:27.0664 5300 nsiproxy - ok
20:56:27.0822 5300 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:56:27.0879 5300 Ntfs - ok
20:56:27.0917 5300 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:56:27.0918 5300 Null - ok
20:56:27.0959 5300 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:56:27.0962 5300 nvraid - ok
20:56:27.0975 5300 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:56:27.0978 5300 nvstor - ok
20:56:27.0999 5300 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:56:28.0002 5300 nv_agp - ok
20:56:28.0111 5300 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:56:28.0117 5300 odserv - ok
20:56:28.0165 5300 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:56:28.0168 5300 ohci1394 - ok
20:56:28.0198 5300 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:28.0201 5300 ose - ok
20:56:28.0228 5300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:56:28.0239 5300 p2pimsvc - ok
20:56:28.0274 5300 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:56:28.0286 5300 p2psvc - ok
20:56:28.0313 5300 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:56:28.0316 5300 Parport - ok
20:56:28.0471 5300 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:56:28.0473 5300 partmgr - ok
20:56:28.0504 5300 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:56:28.0509 5300 PcaSvc - ok
20:56:28.0556 5300 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:56:28.0560 5300 pci - ok
20:56:28.0584 5300 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:56:28.0585 5300 pciide - ok
20:56:28.0607 5300 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
20:56:28.0611 5300 pcmcia - ok
20:56:28.0647 5300 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:56:28.0648 5300 pcw - ok
20:56:28.0672 5300 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:56:28.0707 5300 PEAUTH - ok
20:56:28.0816 5300 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:56:28.0818 5300 PerfHost - ok
20:56:28.0887 5300 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:56:28.0933 5300 pla - ok
20:56:28.0965 5300 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:56:28.0988 5300 PlugPlay - ok
20:56:29.0012 5300 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:56:29.0014 5300 PNRPAutoReg - ok
20:56:29.0039 5300 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:56:29.0043 5300 PNRPsvc - ok
20:56:29.0084 5300 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:56:29.0118 5300 PolicyAgent - ok
20:56:29.0152 5300 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:56:29.0157 5300 Power - ok
20:56:29.0199 5300 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:56:29.0202 5300 PptpMiniport - ok
20:56:29.0238 5300 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
20:56:29.0240 5300 Processor - ok
20:56:29.0264 5300 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
20:56:29.0269 5300 ProfSvc - ok
20:56:29.0283 5300 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:56:29.0285 5300 ProtectedStorage - ok
20:56:29.0322 5300 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:56:29.0325 5300 Psched - ok
20:56:29.0377 5300 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
20:56:29.0423 5300 ql2300 - ok
20:56:29.0458 5300 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
20:56:29.0460 5300 ql40xx - ok
20:56:29.0499 5300 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:56:29.0505 5300 QWAVE - ok
20:56:29.0528 5300 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:56:29.0530 5300 QWAVEdrv - ok
20:56:29.0553 5300 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:56:29.0555 5300 RasAcd - ok
20:56:29.0582 5300 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:56:29.0584 5300 RasAgileVpn - ok
20:56:29.0610 5300 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:56:29.0614 5300 RasAuto - ok
20:56:29.0646 5300 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:56:29.0649 5300 Rasl2tp - ok
20:56:29.0679 5300 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:56:29.0686 5300 RasMan - ok
20:56:29.0727 5300 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:56:29.0730 5300 RasPppoe - ok
20:56:29.0755 5300 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:56:29.0758 5300 RasSstp - ok
20:56:29.0791 5300 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:56:29.0797 5300 rdbss - ok
20:56:29.0823 5300 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:56:29.0825 5300 rdpbus - ok
20:56:29.0859 5300 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:56:29.0863 5300 RDPCDD - ok
20:56:29.0884 5300 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:56:29.0886 5300 RDPENCDD - ok
20:56:29.0897 5300 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:56:29.0899 5300 RDPREFMP - ok
20:56:29.0939 5300 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:56:29.0943 5300 RDPWD - ok
20:56:29.0986 5300 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:56:29.0990 5300 rdyboost - ok
20:56:30.0017 5300 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:56:30.0020 5300 RemoteAccess - ok
20:56:30.0050 5300 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:56:30.0054 5300 RemoteRegistry - ok
20:56:30.0112 5300 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
20:56:30.0116 5300 RichVideo - ok
20:56:30.0129 5300 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:56:30.0133 5300 RpcEptMapper - ok
20:56:30.0162 5300 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:56:30.0164 5300 RpcLocator - ok
20:56:30.0204 5300 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:56:30.0210 5300 RpcSs - ok
20:56:30.0248 5300 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:56:30.0250 5300 rspndr - ok
20:56:30.0299 5300 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys
20:56:30.0303 5300 RSUSBSTOR - ok
20:56:30.0337 5300 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:56:30.0341 5300 RTL8167 - ok
20:56:30.0347 5300 RtsUIR - ok
20:56:30.0373 5300 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:56:30.0375 5300 SamSs - ok
20:56:30.0410 5300 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:56:30.0412 5300 sbp2port - ok
20:56:30.0454 5300 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:56:30.0459 5300 SCardSvr - ok
20:56:30.0497 5300 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:56:30.0498 5300 scfilter - ok
20:56:30.0539 5300 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:56:30.0574 5300 Schedule - ok
20:56:30.0597 5300 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:56:30.0598 5300 SCPolicySvc - ok
20:56:30.0648 5300 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
20:56:30.0650 5300 sdbus - ok
20:56:30.0679 5300 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:56:30.0684 5300 SDRSVC - ok
20:56:30.0899 5300 [ 95AA9E165C7DE1B64A11E8B18E91E499 ] SDScannerService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
20:56:30.0946 5300 SDScannerService - ok
20:56:31.0084 5300 [ D31398D4BB4907B517B6E784C2100C4A ] SDUpdateService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
20:56:31.0107 5300 SDUpdateService - ok
20:56:31.0165 5300 [ 6AE8E702D1027A9627DDE2B77BB9992B ] SDWSCService C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
20:56:31.0168 5300 SDWSCService - ok
20:56:31.0209 5300 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:56:31.0211 5300 secdrv - ok
20:56:31.0243 5300 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:56:31.0246 5300 seclogon - ok
20:56:31.0276 5300 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:56:31.0279 5300 SENS - ok
20:56:31.0301 5300 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:56:31.0303 5300 SensrSvc - ok
20:56:31.0328 5300 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:56:31.0329 5300 Serenum - ok
20:56:31.0354 5300 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:56:31.0357 5300 Serial - ok
20:56:31.0396 5300 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
20:56:31.0398 5300 sermouse - ok
20:56:31.0437 5300 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:56:31.0442 5300 SessionEnv - ok
20:56:31.0466 5300 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:56:31.0468 5300 sffdisk - ok
20:56:31.0480 5300 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:56:31.0481 5300 sffp_mmc - ok
20:56:31.0490 5300 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:56:31.0492 5300 sffp_sd - ok
20:56:31.0503 5300 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
20:56:31.0505 5300 sfloppy - ok
20:56:31.0546 5300 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:56:31.0557 5300 SharedAccess - ok
20:56:31.0592 5300 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:56:31.0604 5300 ShellHWDetection - ok
20:56:31.0628 5300 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:56:31.0630 5300 SiSRaid2 - ok
20:56:31.0661 5300 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
20:56:31.0663 5300 SiSRaid4 - ok
20:56:31.0700 5300 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:56:31.0703 5300 Smb - ok
20:56:31.0753 5300 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:56:31.0755 5300 SNMPTRAP - ok
20:56:31.0929 5300 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
20:56:31.0932 5300 Sony PC Companion - ok
20:56:31.0966 5300 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:56:31.0968 5300 spldr - ok
20:56:32.0010 5300 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
20:56:32.0033 5300 Spooler - ok
20:56:32.0139 5300 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:56:32.0211 5300 sppsvc - ok
20:56:32.0251 5300 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:56:32.0254 5300 sppuinotify - ok
20:56:32.0298 5300 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:56:32.0309 5300 srv - ok
20:56:32.0331 5300 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:56:32.0342 5300 srv2 - ok
20:56:32.0392 5300 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
20:56:32.0398 5300 SrvHsfHDA - ok
20:56:32.0438 5300 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
20:56:32.0471 5300 SrvHsfV92 - ok
20:56:32.0501 5300 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
20:56:32.0523 5300 SrvHsfWinac - ok
20:56:32.0562 5300 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:56:32.0565 5300 srvnet - ok
20:56:32.0615 5300 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:56:32.0620 5300 SSDPSRV - ok
20:56:32.0635 5300 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:56:32.0639 5300 SstpSvc - ok
20:56:32.0804 5300 [ 3BD758C56A55930CD6DB89E3DEDCF322 ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
20:56:32.0808 5300 STacSV - ok
20:56:32.0833 5300 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
20:56:32.0835 5300 stexstor - ok
20:56:32.0882 5300 [ A3FB7AD8720D7E02AA0111A6B51C2744 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:56:32.0904 5300 STHDA - ok
20:56:32.0959 5300 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:56:32.0982 5300 stisvc - ok
20:56:33.0006 5300 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
20:56:33.0008 5300 swenum - ok
20:56:33.0040 5300 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:56:33.0063 5300 swprv - ok
20:56:33.0112 5300 [ 929C9FA0B18AD2EBC8340591C4BF00FF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:56:33.0117 5300 SynTP - ok
20:56:33.0183 5300 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:56:33.0227 5300 SysMain - ok
20:56:33.0248 5300 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:56:33.0252 5300 TabletInputService - ok
20:56:33.0274 5300 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:56:33.0285 5300 TapiSrv - ok
20:56:33.0317 5300 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:56:33.0320 5300 TBS - ok
20:56:33.0430 5300 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:56:33.0474 5300 Tcpip - ok
20:56:33.0740 5300 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:56:33.0754 5300 TCPIP6 - ok
20:56:33.0895 5300 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:56:33.0897 5300 tcpipreg - ok
20:56:33.0934 5300 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:56:33.0936 5300 TDPIPE - ok
20:56:33.0968 5300 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:56:33.0969 5300 TDTCP - ok
20:56:34.0001 5300 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:56:34.0003 5300 tdx - ok
20:56:34.0028 5300 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
20:56:34.0031 5300 TermDD - ok
20:56:34.0066 5300 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:56:34.0100 5300 TermService - ok
20:56:34.0130 5300 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:56:34.0133 5300 Themes - ok
20:56:34.0152 5300 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:56:34.0154 5300 THREADORDER - ok
20:56:34.0176 5300 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:56:34.0180 5300 TrkWks - ok
20:56:34.0237 5300 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:56:34.0240 5300 TrustedInstaller - ok
20:56:34.0261 5300 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:56:34.0263 5300 tssecsrv - ok
20:56:34.0314 5300 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:56:34.0316 5300 TsUsbFlt - ok
20:56:34.0376 5300 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:56:34.0379 5300 tunnel - ok
20:56:34.0407 5300 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
20:56:34.0409 5300 uagp35 - ok
20:56:34.0447 5300 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:56:34.0458 5300 udfs - ok
20:56:34.0504 5300 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:56:34.0507 5300 UI0Detect - ok
20:56:34.0535 5300 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:56:34.0537 5300 uliagpkx - ok
20:56:34.0575 5300 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
20:56:34.0578 5300 umbus - ok
20:56:34.0603 5300 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
20:56:34.0605 5300 UmPass - ok
20:56:34.0639 5300 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:56:34.0650 5300 upnphost - ok
20:56:34.0705 5300 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
20:56:34.0707 5300 USBAAPL64 - ok
20:56:34.0759 5300 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:56:34.0761 5300 usbccgp - ok
20:56:34.0790 5300 USBCCID - ok
20:56:34.0817 5300 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:56:34.0820 5300 usbcir - ok
20:56:34.0846 5300 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
20:56:34.0848 5300 usbehci - ok
20:56:34.0880 5300 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:56:34.0892 5300 usbhub - ok
20:56:34.0926 5300 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:56:34.0929 5300 usbohci - ok
20:56:34.0968 5300 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
20:56:34.0970 5300 usbprint - ok
20:56:35.0000 5300 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
20:56:35.0002 5300 usbscan - ok
20:56:35.0021 5300 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:56:35.0023 5300 USBSTOR - ok
20:56:35.0068 5300 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:56:35.0070 5300 usbuhci - ok
20:56:35.0100 5300 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
20:56:35.0104 5300 usbvideo - ok
20:56:35.0142 5300 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:56:35.0144 5300 UxSms - ok
20:56:35.0164 5300 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:56:35.0166 5300 VaultSvc - ok
20:56:35.0190 5300 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:56:35.0192 5300 vdrvroot - ok
20:56:35.0223 5300 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:56:35.0246 5300 vds - ok
20:56:35.0292 5300 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:56:35.0294 5300 vga - ok
20:56:35.0313 5300 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:56:35.0315 5300 VgaSave - ok
20:56:35.0357 5300 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:56:35.0361 5300 vhdmp - ok
20:56:35.0383 5300 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:56:35.0384 5300 viaide - ok
20:56:35.0404 5300 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:56:35.0406 5300 volmgr - ok
20:56:35.0447 5300 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:56:35.0459 5300 volmgrx - ok
20:56:35.0494 5300 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:56:35.0499 5300 volsnap - ok
20:56:35.0544 5300 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
20:56:35.0547 5300 vsmraid - ok
20:56:35.0628 5300 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:56:35.0662 5300 VSS - ok
20:56:35.0806 5300 [ 4B817450226F93C31ADD5BCC27FED27A ] vToolbarUpdater15.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe
20:56:35.0829 5300 vToolbarUpdater15.2.0 - ok
20:56:35.0854 5300 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:56:35.0856 5300 vwifibus - ok
20:56:35.0886 5300 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:56:35.0888 5300 vwififlt - ok
20:56:35.0923 5300 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
20:56:35.0924 5300 vwifimp - ok
20:56:35.0967 5300 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:56:35.0989 5300 W32Time - ok
20:56:36.0012 5300 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
20:56:36.0014 5300 WacomPen - ok
20:56:36.0063 5300 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:56:36.0065 5300 WANARP - ok
20:56:36.0074 5300 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:56:36.0076 5300 Wanarpv6 - ok
20:56:36.0158 5300 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:56:36.0194 5300 WatAdminSvc - ok
20:56:36.0257 5300 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:56:36.0292 5300 wbengine - ok
20:56:36.0340 5300 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:56:36.0345 5300 WbioSrvc - ok
20:56:36.0387 5300 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:56:36.0399 5300 wcncsvc - ok
20:56:36.0426 5300 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:56:36.0429 5300 WcsPlugInService - ok
20:56:36.0455 5300 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
20:56:36.0456 5300 Wd - ok
20:56:36.0496 5300 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:56:36.0518 5300 Wdf01000 - ok
20:56:36.0545 5300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:56:36.0549 5300 WdiServiceHost - ok
20:56:36.0568 5300 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:56:36.0570 5300 WdiSystemHost - ok
20:56:36.0607 5300 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:56:36.0613 5300 WebClient - ok
20:56:36.0646 5300 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:56:36.0665 5300 Wecsvc - ok
20:56:36.0691 5300 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:56:36.0694 5300 wercplsupport - ok
20:56:36.0721 5300 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:56:36.0724 5300 WerSvc - ok
20:56:36.0744 5300 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:56:36.0816 5300 WfpLwf - ok
20:56:36.0845 5300 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:56:36.0847 5300 WIMMount - ok
20:56:36.0873 5300 WinDefend - ok
20:56:36.0894 5300 WinHttpAutoProxySvc - ok
20:56:36.0958 5300 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:56:36.0963 5300 Winmgmt - ok
20:56:37.0027 5300 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:56:37.0084 5300 WinRM - ok
20:56:37.0157 5300 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
20:56:37.0159 5300 WinUsb - ok
20:56:37.0210 5300 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:56:37.0244 5300 W

ASJ112 · 25-06-2013 10:45pm

open OTL copy and paste this in the custom scan/fixes box

:Commands
[PURITY]
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[EMPTYJAVA]
[CREATERESTOREPOINT]
[Reboot]
:Files
ipconfig /flushdns /c
:OTL
O33 - MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\Shell - "" = AutoRun
O33 - MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\Shell\AutoRun\command - "" = F:\Startme.exe

click run fix post the log it gives.

then tell me is AVG still finding that thing

IrishPhoenix · 25-06-2013 11:43pm

Log

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Anne
->Temp folder emptied: 1690716 bytes
->Temporary Internet Files folder emptied: 484660753 bytes
->Java cache emptied: 5704160 bytes
->Google Chrome cache emptied: 66211917 bytes
->Flash cache emptied: 52517 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise
->Temp folder emptied: 114915757 bytes
->Temporary Internet Files folder emptied: 171299475 bytes
->Java cache emptied: 7800244 bytes
->Flash cache emptied: 701 bytes

User: Michael

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2790857 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42304013 bytes
RecycleBin emptied: 23684194 bytes

Total Files Cleaned = 878.00 mb

[EMPTYFLASH]

User: All Users

User: Anne
->Flash cache emptied: 456 bytes

User: Default

User: Default User

User: Denise
->Flash cache emptied: 0 bytes

User: Michael

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYJAVA]

User: All Users

User: Anne
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Denise
->Java cache emptied: 0 bytes

User: Michael

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Anne\Downloads\Applications\cmd.bat deleted successfully.
C:\Users\Anne\Downloads\Applications\cmd.txt deleted successfully.
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fd50268-3bd5-11e1-a994-00269e4d9255}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8fd50268-3bd5-11e1-a994-00269e4d9255}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8fd50268-3bd5-11e1-a994-00269e4d9255}\ not found.
File F:\Startme.exe not found.

OTL by OldTimer - Version 3.2.69.0 log created on 06252013_225712

Files\Folders moved on Reboot...
C:\Users\Anne\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\Anne\AppData\Local\Temp\~DF1E4B9F13BF1AD11F.TMP not found!
File\Folder C:\Users\Anne\AppData\Local\Temp\~DFFDDCBD6F42F00963.TMP not found!
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{6E0DA884-4942-435B-A060-7A84AA1C211F}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5690572F-78F9-45CB-B927-7B1DC3C6895D}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6077EFBC-447B-406E-8035-ADAD7FB48CA4}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{A9D95E00-711A-41A1-8111-4265FDA6D0D4}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{AFAFE2FD-85F6-4C08-A921-0FBB4690A0ED}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C1DF14B7-9D71-4A80-A0E5-32A21B4E6F81}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FA13E611-04B5-4A96-B18F-3150B5067985}.tmp moved successfully.
C:\Users\Anne\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

AVG's resident shield is still showing it as 'secured' and 'healed' as in the pic above but there seems to be no new cases. Am I fixed? Thanks for all the help.

ASJ112 · 26-06-2013 1:29pm

yeah looks like mbam anti-rootkit did its job

IrishPhoenix · 26-06-2013 6:07pm

Ok. brill. Thanks so much for all the help!

Trojan Generic29.AHHS - Help!

Comments