Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Data Recovery virus [Solved]

Started by Jaybarker , May 16 2012 07:35 PM

This topic is locked

#1
Jaybarker

Posted 16 May 2012 - 07:35 PM

Member

Member
14 posts

I have the data recovery virus and I can't remove it.. it has hidden all of my files (I got some back) and keeps restarting my computer every time I try system restore or to run an anti virus or spyware... I have downloaded malwarebytes and am currently running a scan in safe mode.. I could use help (alot lol) as I am not very good with computers

#2
maliprog

Posted 17 May 2012 - 12:09 AM

Trusted Helper

Malware Removal
6,172 posts

Hello Jaybarker and welcome to my office here at G2G!

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTE:

Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
Absence of symptoms does not always mean the computer is clean
Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
Please DO NOT run any scans or fix on your own without my direction.
Please read all of my response through at least once before attempting to follow the procedures described.
If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply.
You must reply within 3 days or your topic will be closed

Step 1

Download the latest version of TDSSKiller from here and save it to your Desktop.

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
Check the boxes beside:
- Verify Driver Digital Signature
- Detect TDLFS file system
then click OK.
Click the Start Scan button to start the scan.
If a suspicious object is detected, the default action will be Skip
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected for malicious objects
Click Continue then Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Step 2

Download OTL to your Desktop

Double click on the icon to run it (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
. Make sure all other windows are closed and to let it run uninterrupted.
Under the Custom Scan box paste this in

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them if you need to start a new topic.

Step 3

Download GMER from Here. Note the file's name and save it to your root folder, such as C:.

Disconnect from the Internet and close all running programs.
Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
Click on this link to see a list of programs that should be disabled.
Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
Allow the driver to load if asked.
You may be prompted to scan immediately if it detects rootkit activity.
If you are prompted to scan your system click "No", save the log and post back the results.
If not prompted, click the "Rootkit/Malware" tab.
On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
Select all drives that are connected to your system to be scanned.
Click the Scan button to begin. (Please be patient as it can take some time to complete)
When the scan is finished, click Save to save the scan results to your Desktop.
Save the file as Results.log and copy/paste the contents in your next reply.
Exit the program and re-enable all active protection when done.

Step 4

Please don't forget to include these items in your reply:

OTL log
OTL Extras log
TDSSKiller log
GMER log

It would be helpful if you could post each log in separate post using "Add Reply" button

#3
Jaybarker

Posted 17 May 2012 - 05:30 PM

Member

Topic Starter
Member
14 posts

tdss report

19:05:57.0213 4116 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
19:05:58.0025 4116 ============================================================
19:05:58.0025 4116 Current date / time: 2012/05/17 19:05:58.0025
19:05:58.0025 4116 SystemInfo:
19:05:58.0025 4116
19:05:58.0025 4116 OS Version: 6.1.7601 ServicePack: 1.0
19:05:58.0025 4116 Product type: Workstation
19:05:58.0025 4116 ComputerName: JASON-PC
19:05:58.0025 4116 UserName: Jason
19:05:58.0025 4116 Windows directory: C:\windows
19:05:58.0025 4116 System windows directory: C:\windows
19:05:58.0025 4116 Running under WOW64
19:05:58.0025 4116 Processor architecture: Intel x64
19:05:58.0025 4116 Number of processors: 2
19:05:58.0025 4116 Page size: 0x1000
19:05:58.0025 4116 Boot type: Normal boot
19:05:58.0025 4116 ============================================================
19:06:01.0363 4116 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:06:01.0379 4116 ============================================================
19:06:01.0379 4116 \Device\Harddisk0\DR0:
19:06:01.0379 4116 MBR partitions:
19:06:01.0379 4116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x21D73000
19:06:01.0379 4116 ============================================================
19:06:01.0410 4116 C: <-> \Device\Harddisk0\DR0\Partition0
19:06:01.0425 4116 ============================================================
19:06:01.0425 4116 Initialize success
19:06:01.0425 4116 ============================================================
19:26:48.0008 4984 ============================================================
19:26:48.0008 4984 Scan started
19:26:48.0008 4984 Mode: Manual; SigCheck; TDLFS;
19:26:48.0008 4984 ============================================================
19:26:49.0347 4984 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
19:26:49.0557 4984 1394ohci - ok
19:26:49.0685 4984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
19:26:49.0751 4984 ACPI - ok
19:26:49.0839 4984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
19:26:49.0973 4984 AcpiPmi - ok
19:26:50.0207 4984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
19:26:50.0279 4984 adp94xx - ok
19:26:50.0537 4984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
19:26:50.0613 4984 adpahci - ok
19:26:50.0733 4984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
19:26:50.0792 4984 adpu320 - ok
19:26:50.0844 4984 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
19:26:51.0220 4984 AeLookupSvc - ok
19:26:51.0369 4984 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
19:26:51.0506 4984 AFD - ok
19:26:51.0583 4984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
19:26:51.0619 4984 agp440 - ok
19:26:51.0693 4984 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
19:26:51.0789 4984 ALG - ok
19:26:51.0893 4984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
19:26:51.0928 4984 aliide - ok
19:26:52.0069 4984 AMD External Events Utility (a8b81d750556fb9a9266ec65bfab63af) C:\windows\system32\atiesrxx.exe
19:26:52.0189 4984 AMD External Events Utility - ok
19:26:52.0234 4984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
19:26:52.0268 4984 amdide - ok
19:26:52.0346 4984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
19:26:52.0441 4984 AmdK8 - ok
19:26:55.0551 4984 amdkmdag (7a1ac757f3a2a3126a806b7319cab21b) C:\windows\system32\DRIVERS\atikmdag.sys
19:26:55.0981 4984 amdkmdag - ok
19:26:56.0750 4984 amdkmdap (eef6f806eedfd1c746071f1fd684870e) C:\windows\system32\DRIVERS\atikmpag.sys
19:26:56.0872 4984 amdkmdap - ok
19:26:56.0925 4984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
19:26:56.0993 4984 AmdPPM - ok
19:26:57.0138 4984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
19:26:57.0176 4984 amdsata - ok
19:26:57.0346 4984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
19:26:57.0388 4984 amdsbs - ok
19:26:57.0432 4984 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
19:26:57.0470 4984 amdxata - ok
19:26:57.0510 4984 amd_sata (caee7c1afc9f1c9ee8dd11acd18d22e7) C:\windows\system32\DRIVERS\amd_sata.sys
19:26:57.0585 4984 amd_sata - ok
19:26:57.0647 4984 amd_xata (23726116b4fbcc84fc45b95157c08f5f) C:\windows\system32\DRIVERS\amd_xata.sys
19:26:57.0707 4984 amd_xata - ok
19:26:57.0841 4984 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
19:26:58.0336 4984 AppID - ok
19:26:58.0419 4984 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
19:26:58.0538 4984 AppIDSvc - ok
19:26:58.0678 4984 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
19:26:58.0816 4984 Appinfo - ok
19:26:59.0182 4984 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:26:59.0238 4984 Apple Mobile Device - ok
19:26:59.0369 4984 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
19:26:59.0409 4984 arc - ok
19:26:59.0535 4984 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
19:26:59.0577 4984 arcsas - ok
19:26:59.0632 4984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
19:26:59.0776 4984 AsyncMac - ok
19:26:59.0909 4984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
19:26:59.0943 4984 atapi - ok
19:27:00.0413 4984 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:00.0566 4984 AudioEndpointBuilder - ok
19:27:00.0589 4984 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
19:27:00.0716 4984 AudioSrv - ok
19:27:00.0868 4984 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
19:27:00.0906 4984 AVGIDSDriver - ok
19:27:00.0955 4984 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
19:27:00.0983 4984 AVGIDSFilter - ok
19:27:01.0025 4984 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
19:27:01.0058 4984 AVGIDSHA - ok
19:27:01.0340 4984 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
19:27:01.0394 4984 Avgldx64 - ok
19:27:01.0558 4984 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
19:27:01.0589 4984 Avgmfx64 - ok
19:27:01.0718 4984 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
19:27:01.0752 4984 Avgrkx64 - ok
19:27:01.0869 4984 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
19:27:01.0924 4984 Avgtdia - ok
19:27:02.0099 4984 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
19:27:02.0270 4984 AxInstSV - ok
19:27:02.0585 4984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
19:27:02.0705 4984 b06bdrv - ok
19:27:02.0864 4984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
19:27:02.0957 4984 b57nd60a - ok
19:27:03.0071 4984 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
19:27:03.0149 4984 BDESVC - ok
19:27:03.0193 4984 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
19:27:03.0339 4984 Beep - ok
19:27:03.0729 4984 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
19:27:03.0899 4984 BFE - ok
19:27:04.0448 4984 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
19:27:04.0632 4984 BITS - ok
19:27:04.0935 4984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
19:27:04.0997 4984 blbdrive - ok
19:27:05.0487 4984 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
19:27:05.0548 4984 Bonjour Service - ok
19:27:05.0686 4984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
19:27:05.0770 4984 bowser - ok
19:27:05.0850 4984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
19:27:05.0913 4984 BrFiltLo - ok
19:27:05.0948 4984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
19:27:05.0993 4984 BrFiltUp - ok
19:27:06.0045 4984 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
19:27:06.0184 4984 Browser - ok
19:27:06.0347 4984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
19:27:06.0489 4984 Brserid - ok
19:27:06.0566 4984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
19:27:06.0643 4984 BrSerWdm - ok
19:27:06.0708 4984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
19:27:06.0789 4984 BrUsbMdm - ok
19:27:06.0882 4984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
19:27:06.0959 4984 BrUsbSer - ok
19:27:07.0068 4984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
19:27:07.0136 4984 BTHMODEM - ok
19:27:07.0284 4984 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
19:27:07.0423 4984 bthserv - ok
19:27:07.0552 4984 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
19:27:07.0695 4984 cdfs - ok
19:27:07.0839 4984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
19:27:07.0898 4984 cdrom - ok
19:27:08.0035 4984 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:27:08.0173 4984 CertPropSvc - ok
19:27:08.0394 4984 cfWiMAXService (41e7c4fa6491747402cfca77cc1c7aab) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
19:27:08.0434 4984 cfWiMAXService - ok
19:27:08.0511 4984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
19:27:08.0577 4984 circlass - ok
19:27:08.0665 4984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
19:27:08.0728 4984 CLFS - ok
19:27:08.0936 4984 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:27:08.0971 4984 clr_optimization_v2.0.50727_32 - ok
19:27:09.0111 4984 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:27:09.0147 4984 clr_optimization_v2.0.50727_64 - ok
19:27:09.0314 4984 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:27:09.0350 4984 clr_optimization_v4.0.30319_32 - ok
19:27:09.0491 4984 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:27:09.0525 4984 clr_optimization_v4.0.30319_64 - ok
19:27:09.0640 4984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
19:27:09.0691 4984 CmBatt - ok
19:27:09.0751 4984 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
19:27:09.0815 4984 cmdide - ok
19:27:10.0233 4984 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
19:27:10.0330 4984 CNG - ok
19:27:11.0227 4984 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys
19:27:11.0361 4984 CnxtHdAudService - ok
19:27:12.0034 4984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
19:27:12.0069 4984 Compbatt - ok
19:27:12.0175 4984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
19:27:12.0248 4984 CompositeBus - ok
19:27:12.0262 4984 COMSysApp - ok
19:27:12.0460 4984 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
19:27:12.0496 4984 ConfigFree Service - ok
19:27:12.0548 4984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
19:27:12.0586 4984 crcdisk - ok
19:27:12.0666 4984 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
19:27:12.0790 4984 CryptSvc - ok
19:27:13.0322 4984 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
19:27:13.0390 4984 cvhsvc - ok
19:27:13.0525 4984 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\windows\system32\DRIVERS\dc3d.sys
19:27:13.0632 4984 dc3d - ok
19:27:14.0004 4984 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:27:14.0181 4984 DcomLaunch - ok
19:27:14.0333 4984 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
19:27:14.0493 4984 defragsvc - ok
19:27:14.0657 4984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
19:27:14.0784 4984 DfsC - ok
19:27:15.0084 4984 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
19:27:15.0247 4984 Dhcp - ok
19:27:15.0334 4984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
19:27:15.0458 4984 discache - ok
19:27:15.0537 4984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
19:27:15.0573 4984 Disk - ok
19:27:15.0647 4984 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
19:27:15.0721 4984 Dnscache - ok
19:27:15.0873 4984 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
19:27:16.0038 4984 dot3svc - ok
19:27:16.0179 4984 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
19:27:16.0346 4984 DPS - ok
19:27:16.0400 4984 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
19:27:16.0475 4984 drmkaud - ok
19:27:16.0952 4984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
19:27:17.0064 4984 DXGKrnl - ok
19:27:17.0144 4984 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
19:27:17.0283 4984 EapHost - ok
19:27:18.0807 4984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
19:27:18.0985 4984 ebdrv - ok
19:27:19.0518 4984 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
19:27:19.0631 4984 EFS - ok
19:27:20.0048 4984 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
19:27:20.0191 4984 ehRecvr - ok
19:27:20.0313 4984 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
19:27:20.0370 4984 ehSched - ok
19:27:20.0770 4984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
19:27:20.0841 4984 elxstor - ok
19:27:20.0889 4984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
19:27:20.0948 4984 ErrDev - ok
19:27:21.0123 4984 ETD (5d82d501d2fee413b1f45f0302b5802c) C:\windows\system32\DRIVERS\ETD.sys
19:27:21.0160 4984 ETD - ok
19:27:21.0454 4984 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
19:27:21.0606 4984 EventSystem - ok
19:27:21.0689 4984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
19:27:21.0834 4984 exfat - ok
19:27:21.0948 4984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
19:27:22.0070 4984 fastfat - ok
19:27:22.0578 4984 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
19:27:22.0701 4984 Fax - ok
19:27:22.0721 4984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
19:27:22.0777 4984 fdc - ok
19:27:22.0860 4984 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
19:27:22.0993 4984 fdPHost - ok
19:27:23.0097 4984 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
19:27:23.0202 4984 FDResPub - ok
19:27:23.0290 4984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
19:27:23.0325 4984 FileInfo - ok
19:27:23.0400 4984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
19:27:23.0526 4984 Filetrace - ok
19:27:23.0634 4984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
19:27:23.0681 4984 flpydisk - ok
19:27:23.0874 4984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
19:27:23.0945 4984 FltMgr - ok
19:27:24.0354 4984 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
19:27:24.0476 4984 FontCache - ok
19:27:24.0570 4984 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:27:24.0602 4984 FontCache3.0.0.0 - ok
19:27:24.0717 4984 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
19:27:24.0751 4984 FsDepends - ok
19:27:24.0838 4984 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\windows\system32\DRIVERS\fssfltr.sys
19:27:24.0868 4984 fssfltr - ok
19:27:25.0447 4984 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:27:25.0571 4984 fsssvc - ok
19:27:25.0863 4984 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
19:27:25.0896 4984 Fs_Rec - ok
19:27:26.0000 4984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
19:27:26.0066 4984 fvevol - ok
19:27:26.0138 4984 FwLnk (60acb128e64c35c2b4e4aab1b0a5c293) C:\windows\system32\DRIVERS\FwLnk.sys
19:27:26.0181 4984 FwLnk - ok
19:27:26.0273 4984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
19:27:26.0308 4984 gagp30kx - ok
19:27:26.0441 4984 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
19:27:26.0477 4984 GameConsoleService - ok
19:27:26.0532 4984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
19:27:26.0559 4984 GEARAspiWDM - ok
19:27:26.0698 4984 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
19:27:26.0839 4984 gpsvc - ok
19:27:27.0040 4984 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:27.0081 4984 gupdate - ok
19:27:27.0108 4984 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:27:27.0142 4984 gupdatem - ok
19:27:27.0309 4984 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:27:27.0343 4984 gusvc - ok
19:27:27.0405 4984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
19:27:27.0470 4984 hcw85cir - ok
19:27:27.0610 4984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
19:27:27.0690 4984 HdAudAddService - ok
19:27:27.0753 4984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
19:27:27.0816 4984 HDAudBus - ok
19:27:27.0840 4984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
19:27:27.0889 4984 HidBatt - ok
19:27:27.0977 4984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
19:27:28.0049 4984 HidBth - ok
19:27:28.0095 4984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
19:27:28.0140 4984 HidIr - ok
19:27:28.0179 4984 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
19:27:28.0317 4984 hidserv - ok
19:27:28.0418 4984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
19:27:28.0467 4984 HidUsb - ok
19:27:28.0566 4984 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
19:27:28.0753 4984 hkmsvc - ok
19:27:28.0828 4984 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
19:27:28.0926 4984 HomeGroupListener - ok
19:27:29.0026 4984 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
19:27:29.0087 4984 HomeGroupProvider - ok
19:27:29.0206 4984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
19:27:29.0249 4984 HpSAMD - ok
19:27:29.0501 4984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
19:27:29.0695 4984 HTTP - ok
19:27:29.0753 4984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
19:27:29.0784 4984 hwpolicy - ok
19:27:29.0828 4984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
19:27:29.0866 4984 i8042prt - ok
19:27:30.0099 4984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
19:27:30.0172 4984 iaStorV - ok
19:27:30.0404 4984 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:27:30.0484 4984 idsvc - ok
19:27:30.0583 4984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
19:27:30.0617 4984 iirsp - ok
19:27:31.0004 4984 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
19:27:31.0195 4984 IKEEXT - ok
19:27:31.0266 4984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
19:27:31.0300 4984 intelide - ok
19:27:31.0403 4984 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
19:27:31.0482 4984 intelppm - ok
19:27:31.0601 4984 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
19:27:31.0783 4984 IPBusEnum - ok
19:27:31.0868 4984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
19:27:32.0004 4984 IpFilterDriver - ok
19:27:32.0205 4984 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
19:27:32.0364 4984 iphlpsvc - ok
19:27:32.0438 4984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
19:27:32.0594 4984 IPMIDRV - ok
19:27:32.0660 4984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
19:27:32.0796 4984 IPNAT - ok
19:27:33.0155 4984 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
19:27:33.0272 4984 iPod Service - ok
19:27:33.0336 4984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
19:27:33.0400 4984 IRENUM - ok
19:27:33.0454 4984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
19:27:33.0519 4984 isapnp - ok
19:27:33.0795 4984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
19:27:33.0880 4984 iScsiPrt - ok
19:27:33.0932 4984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
19:27:33.0970 4984 kbdclass - ok
19:27:34.0058 4984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
19:27:34.0114 4984 kbdhid - ok
19:27:34.0188 4984 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:34.0225 4984 KeyIso - ok
19:27:34.0294 4984 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
19:27:34.0337 4984 KSecDD - ok
19:27:34.0426 4984 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
19:27:34.0468 4984 KSecPkg - ok
19:27:34.0528 4984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
19:27:34.0650 4984 ksthunk - ok
19:27:34.0969 4984 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
19:27:35.0170 4984 KtmRm - ok
19:27:35.0305 4984 L1C (655a5d8e80869781cce23760ada7e695) C:\windows\system32\DRIVERS\L1C62x64.sys
19:27:35.0359 4984 L1C - ok
19:27:35.0710 4984 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
19:27:35.0902 4984 LanmanServer - ok
19:27:35.0999 4984 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
19:27:36.0123 4984 LanmanWorkstation - ok
19:27:36.0244 4984 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
19:27:36.0363 4984 lltdio - ok
19:27:36.0519 4984 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
19:27:36.0684 4984 lltdsvc - ok
19:27:36.0725 4984 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
19:27:36.0868 4984 lmhosts - ok
19:27:37.0159 4984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
19:27:37.0202 4984 LSI_FC - ok
19:27:37.0346 4984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
19:27:37.0385 4984 LSI_SAS - ok
19:27:37.0451 4984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
19:27:37.0485 4984 LSI_SAS2 - ok
19:27:37.0679 4984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
19:27:37.0729 4984 LSI_SCSI - ok
19:27:37.0808 4984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
19:27:37.0928 4984 luafv - ok
19:27:38.0027 4984 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
19:27:38.0100 4984 Mcx2Svc - ok
19:27:38.0169 4984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
19:27:38.0208 4984 megasas - ok
19:27:38.0289 4984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
19:27:38.0358 4984 MegaSR - ok
19:27:38.0434 4984 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:27:38.0617 4984 MMCSS - ok
19:27:38.0690 4984 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
19:27:38.0862 4984 Modem - ok
19:27:38.0928 4984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
19:27:38.0983 4984 monitor - ok
19:27:39.0097 4984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
19:27:39.0156 4984 mouclass - ok
19:27:39.0232 4984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
19:27:39.0282 4984 mouhid - ok
19:27:39.0337 4984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
19:27:39.0370 4984 mountmgr - ok
19:27:39.0434 4984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
19:27:39.0472 4984 mpio - ok
19:27:39.0531 4984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
19:27:39.0654 4984 mpsdrv - ok
19:27:40.0307 4984 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
19:27:40.0477 4984 MpsSvc - ok
19:27:40.0574 4984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
19:27:40.0645 4984 MRxDAV - ok
19:27:40.0723 4984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
19:27:40.0825 4984 mrxsmb - ok
19:27:41.0013 4984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
19:27:41.0079 4984 mrxsmb10 - ok
19:27:41.0138 4984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
19:27:41.0184 4984 mrxsmb20 - ok
19:27:41.0308 4984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\DRIVERS\msahci.sys
19:27:41.0355 4984 msahci - ok
19:27:41.0449 4984 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
19:27:41.0493 4984 msdsm - ok
19:27:41.0743 4984 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
19:27:41.0860 4984 MSDTC - ok
19:27:41.0953 4984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
19:27:42.0067 4984 Msfs - ok
19:27:42.0120 4984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
19:27:42.0283 4984 mshidkmdf - ok
19:27:42.0335 4984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
19:27:42.0368 4984 msisadrv - ok
19:27:42.0493 4984 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
19:27:42.0626 4984 MSiSCSI - ok
19:27:42.0649 4984 msiserver - ok
19:27:42.0692 4984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
19:27:42.0827 4984 MSKSSRV - ok
19:27:42.0888 4984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
19:27:43.0036 4984 MSPCLOCK - ok
19:27:43.0118 4984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
19:27:43.0331 4984 MSPQM - ok
19:27:43.0579 4984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
19:27:43.0669 4984 MsRPC - ok
19:27:43.0739 4984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
19:27:43.0786 4984 mssmbios - ok
19:27:43.0842 4984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
19:27:43.0968 4984 MSTEE - ok
19:27:44.0005 4984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
19:27:44.0041 4984 MTConfig - ok
19:27:44.0093 4984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
19:27:44.0130 4984 Mup - ok
19:27:44.0388 4984 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
19:27:44.0569 4984 napagent - ok
19:27:44.0856 4984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
19:27:44.0942 4984 NativeWifiP - ok
19:27:45.0463 4984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys
19:27:45.0620 4984 NDIS - ok
19:27:45.0730 4984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
19:27:45.0904 4984 NdisCap - ok
19:27:45.0970 4984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
19:27:46.0075 4984 NdisTapi - ok
19:27:46.0183 4984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
19:27:46.0309 4984 Ndisuio - ok
19:27:46.0390 4984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
19:27:46.0519 4984 NdisWan - ok
19:27:46.0559 4984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
19:27:46.0700 4984 NDProxy - ok
19:27:46.0765 4984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
19:27:46.0895 4984 NetBIOS - ok
19:27:47.0055 4984 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
19:27:47.0187 4984 NetBT - ok
19:27:47.0232 4984 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:47.0267 4984 Netlogon - ok
19:27:47.0460 4984 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
19:27:47.0630 4984 Netman - ok
19:27:47.0907 4984 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
19:27:48.0066 4984 netprofm - ok
19:27:48.0271 4984 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:27:48.0305 4984 NetTcpPortSharing - ok
19:27:48.0397 4984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
19:27:48.0433 4984 nfrd960 - ok
19:27:48.0687 4984 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
19:27:48.0833 4984 NlaSvc - ok
19:27:48.0890 4984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
19:27:48.0996 4984 Npfs - ok
19:27:49.0074 4984 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
19:27:49.0210 4984 nsi - ok
19:27:49.0260 4984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
19:27:49.0386 4984 nsiproxy - ok
19:27:49.0825 4984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
19:27:49.0988 4984 Ntfs - ok
19:27:50.0459 4984 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
19:27:50.0587 4984 Null - ok
19:27:50.0726 4984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
19:27:50.0778 4984 nvraid - ok
19:27:50.0979 4984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
19:27:51.0064 4984 nvstor - ok
19:27:51.0193 4984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
19:27:51.0251 4984 nv_agp - ok
19:27:51.0335 4984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
19:27:51.0377 4984 ohci1394 - ok
19:27:51.0606 4984 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:27:51.0648 4984 ose - ok
19:27:53.0222 4984 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
19:27:53.0595 4984 osppsvc - ok
19:27:54.0008 4984 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:54.0105 4984 p2pimsvc - ok
19:27:54.0255 4984 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
19:27:54.0321 4984 p2psvc - ok
19:27:54.0486 4984 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
19:27:54.0524 4984 Parport - ok
19:27:54.0576 4984 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
19:27:54.0612 4984 partmgr - ok
19:27:54.0817 4984 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe
19:27:54.0867 4984 Partner Service - ok
19:27:55.0107 4984 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
19:27:55.0243 4984 PcaSvc - ok
19:27:55.0332 4984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
19:27:55.0372 4984 pci - ok
19:27:55.0415 4984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
19:27:55.0459 4984 pciide - ok
19:27:55.0567 4984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
19:27:55.0619 4984 pcmcia - ok
19:27:55.0661 4984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
19:27:55.0698 4984 pcw - ok
19:27:55.0993 4984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
19:27:56.0165 4984 PEAUTH - ok
19:27:56.0478 4984 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
19:27:56.0538 4984 PerfHost - ok
19:27:56.0641 4984 PGEffect (91111cebbde8015e822c46120ed9537c) C:\windows\system32\DRIVERS\pgeffect.sys
19:27:56.0669 4984 PGEffect - ok
19:27:57.0227 4984 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
19:27:57.0411 4984 pla - ok
19:27:57.0619 4984 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
19:27:57.0740 4984 PlugPlay - ok
19:27:57.0801 4984 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
19:27:57.0878 4984 PNRPAutoReg - ok
19:27:58.0025 4984 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
19:27:58.0072 4984 PNRPsvc - ok
19:27:58.0244 4984 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\windows\system32\DRIVERS\point64.sys
19:27:58.0272 4984 Point64 - ok
19:27:58.0421 4984 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
19:27:58.0576 4984 PolicyAgent - ok
19:27:58.0685 4984 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
19:27:58.0856 4984 Power - ok
19:27:58.0922 4984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
19:27:59.0051 4984 PptpMiniport - ok
19:27:59.0140 4984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
19:27:59.0268 4984 Processor - ok
19:27:59.0354 4984 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
19:27:59.0502 4984 ProfSvc - ok
19:27:59.0571 4984 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:27:59.0605 4984 ProtectedStorage - ok
19:27:59.0691 4984 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
19:27:59.0812 4984 Psched - ok
19:28:00.0167 4984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
19:28:00.0293 4984 ql2300 - ok
19:28:00.0688 4984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
19:28:00.0737 4984 ql40xx - ok
19:28:00.0812 4984 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
19:28:00.0873 4984 QWAVE - ok
19:28:00.0919 4984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
19:28:01.0002 4984 QWAVEdrv - ok
19:28:01.0052 4984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
19:28:01.0175 4984 RasAcd - ok
19:28:01.0294 4984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
19:28:01.0424 4984 RasAgileVpn - ok
19:28:01.0501 4984 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
19:28:01.0644 4984 RasAuto - ok
19:28:01.0702 4984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
19:28:01.0840 4984 Rasl2tp - ok
19:28:02.0003 4984 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
19:28:02.0164 4984 RasMan - ok
19:28:02.0253 4984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
19:28:02.0381 4984 RasPppoe - ok
19:28:02.0459 4984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
19:28:02.0585 4984 RasSstp - ok
19:28:02.0809 4984 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
19:28:02.0985 4984 rdbss - ok
19:28:03.0051 4984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
19:28:03.0120 4984 rdpbus - ok
19:28:03.0152 4984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
19:28:03.0337 4984 RDPCDD - ok
19:28:03.0397 4984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
19:28:03.0565 4984 RDPENCDD - ok
19:28:03.0607 4984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
19:28:03.0726 4984 RDPREFMP - ok
19:28:03.0907 4984 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
19:28:04.0056 4984 RDPWD - ok
19:28:04.0252 4984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
19:28:04.0324 4984 rdyboost - ok
19:28:04.0432 4984 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
19:28:04.0595 4984 RemoteAccess - ok
19:28:04.0684 4984 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
19:28:04.0870 4984 RemoteRegistry - ok
19:28:04.0998 4984 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
19:28:05.0212 4984 RpcEptMapper - ok
19:28:05.0260 4984 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
19:28:05.0304 4984 RpcLocator - ok
19:28:05.0801 4984 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
19:28:05.0963 4984 RpcSs - ok
19:28:06.0196 4984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
19:28:06.0326 4984 rspndr - ok
19:28:06.0548 4984 RSUSBSTOR (0e3dcf76f11dc431b088a2dfd7265cda) C:\windows\system32\Drivers\RtsUStor.sys
19:28:06.0640 4984 RSUSBSTOR - ok
19:28:07.0096 4984 RTL8192Ce (64fdf4fe366ca42da2b7d9d424b6e39b) C:\windows\system32\DRIVERS\rtl8192Ce.sys
19:28:07.0203 4984 RTL8192Ce - ok
19:28:07.0244 4984 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:07.0293 4984 SamSs - ok
19:28:07.0365 4984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
19:28:07.0408 4984 sbp2port - ok
19:28:07.0524 4984 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
19:28:07.0678 4984 SCardSvr - ok
19:28:07.0730 4984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
19:28:07.0857 4984 scfilter - ok
19:28:08.0195 4984 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
19:28:08.0370 4984 Schedule - ok
19:28:08.0461 4984 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
19:28:08.0572 4984 SCPolicySvc - ok
19:28:08.0654 4984 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
19:28:08.0729 4984 SDRSVC - ok
19:28:08.0865 4984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
19:28:08.0990 4984 secdrv - ok
19:28:09.0020 4984 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
19:28:09.0136 4984 seclogon - ok
19:28:09.0210 4984 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
19:28:09.0364 4984 SENS - ok
19:28:09.0427 4984 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
19:28:09.0493 4984 SensrSvc - ok
19:28:09.0554 4984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
19:28:09.0606 4984 Serenum - ok
19:28:09.0662 4984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
19:28:09.0715 4984 Serial - ok
19:28:09.0790 4984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
19:28:09.0846 4984 sermouse - ok
19:28:09.0950 4984 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
19:28:10.0107 4984 SessionEnv - ok
19:28:10.0143 4984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
19:28:10.0195 4984 sffdisk - ok
19:28:10.0249 4984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
19:28:10.0350 4984 sffp_mmc - ok
19:28:10.0403 4984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
19:28:10.0464 4984 sffp_sd - ok
19:28:10.0521 4984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
19:28:10.0567 4984 sfloppy - ok
19:28:10.0822 4984 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
19:28:10.0901 4984 Sftfs - ok
19:28:11.0153 4984 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
19:28:11.0226 4984 sftlist - ok
19:28:11.0373 4984 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
19:28:11.0416 4984 Sftplay - ok
19:28:11.0515 4984 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
19:28:11.0545 4984 Sftredir - ok
19:28:11.0616 4984 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
19:28:11.0644 4984 Sftvol - ok
19:28:11.0757 4984 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
19:28:11.0794 4984 sftvsa - ok
19:28:11.0998 4984 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
19:28:12.0145 4984 SharedAccess - ok
19:28:12.0299 4984 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
19:28:12.0469 4984 ShellHWDetection - ok
19:28:12.0564 4984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
19:28:12.0604 4984 SiSRaid2 - ok
19:28:12.0691 4984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
19:28:12.0730 4984 SiSRaid4 - ok
19:28:12.0805 4984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
19:28:12.0934 4984 Smb - ok
19:28:13.0042 4984 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
19:28:13.0115 4984 SNMPTRAP - ok
19:28:13.0242 4984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
19:28:13.0279 4984 spldr - ok
19:28:13.0428 4984 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
19:28:13.0570 4984 Spooler - ok
19:28:15.0174 4984 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
19:28:15.0472 4984 sppsvc - ok
19:28:15.0964 4984 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
19:28:16.0077 4984 sppuinotify - ok
19:28:16.0283 4984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
19:28:16.0389 4984 srv - ok
19:28:16.0536 4984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
19:28:16.0629 4984 srv2 - ok
19:28:16.0732 4984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
19:28:16.0769 4984 srvnet - ok
19:28:16.0852 4984 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
19:28:17.0017 4984 SSDPSRV - ok
19:28:17.0110 4984 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
19:28:17.0238 4984 SstpSvc - ok
19:28:17.0298 4984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
19:28:17.0331 4984 stexstor - ok
19:28:17.0473 4984 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
19:28:17.0563 4984 stisvc - ok
19:28:17.0644 4984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
19:28:17.0677 4984 swenum - ok
19:28:17.0894 4984 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
19:28:18.0074 4984 swprv - ok
19:28:18.0840 4984 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
19:28:18.0977 4984 SysMain - ok
19:28:19.0498 4984 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
19:28:19.0583 4984 TabletInputService - ok
19:28:19.0769 4984 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
19:28:19.0925 4984 TapiSrv - ok
19:28:19.0976 4984 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
19:28:20.0103 4984 TBS - ok
19:28:20.0654 4984 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
19:28:20.0796 4984 Tcpip - ok
19:28:21.0629 4984 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
19:28:21.0748 4984 TCPIP6 - ok
19:28:21.0998 4984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
19:28:22.0112 4984 tcpipreg - ok
19:28:22.0165 4984 tdcmdpst (fd542b661bd22fa69ca789ad0ac58c29) C:\windows\system32\DRIVERS\tdcmdpst.sys
19:28:22.0198 4984 tdcmdpst - ok
19:28:22.0286 4984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
19:28:22.0324 4984 TDPIPE - ok
19:28:22.0389 4984 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
19:28:22.0451 4984 TDTCP - ok
19:28:22.0518 4984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
19:28:22.0632 4984 tdx - ok
19:28:22.0657 4984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
19:28:22.0692 4984 TermDD - ok
19:28:22.0999 4984 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
19:28:23.0168 4984 TermService - ok
19:28:23.0238 4984 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
19:28:23.0303 4984 Themes - ok
19:28:23.0383 4984 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
19:28:23.0494 4984 THREADORDER - ok
19:28:23.0658 4984 TMachInfo (dfe9ba871b9f3dbb591bd113611cbcc0) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
19:28:23.0696 4984 TMachInfo - ok
19:28:23.0876 4984 TODDSrv (8e2c799d3476eac32c3ba0df7ce6af19) C:\windows\system32\TODDSrv.exe
19:28:23.0911 4984 TODDSrv - ok
19:28:24.0182 4984 TosCoSrv (db9719688c08f42705feb3f6a0c98b91) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
19:28:24.0237 4984 TosCoSrv - ok
19:28:24.0430 4984 TOSHIBA HDD SSD Alert Service (74c2fa8c3765ee71a9c22182ec108457) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
19:28:24.0463 4984 TOSHIBA HDD SSD Alert Service - ok
19:28:24.0543 4984 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
19:28:24.0670 4984 TrkWks - ok
19:28:24.0977 4984 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
19:28:25.0114 4984 TrustedInstaller - ok
19:28:25.0221 4984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
19:28:25.0356 4984 tssecsrv - ok
19:28:25.0526 4984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
19:28:25.0571 4984 TsUsbFlt - ok
19:28:25.0629 4984 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
19:28:25.0687 4984 TsUsbGD - ok
19:28:25.0798 4984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
19:28:25.0923 4984 tunnel - ok
19:28:26.0012 4984 TVALZ (550b567f9364d8f7684c3fb3ea665a72) C:\windows\system32\DRIVERS\TVALZ_O.SYS
19:28:26.0045 4984 TVALZ - ok
19:28:26.0152 4984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
19:28:26.0187 4984 uagp35 - ok
19:28:26.0344 4984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
19:28:26.0522 4984 udfs - ok
19:28:26.0621 4984 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
19:28:26.0691 4984 UI0Detect - ok
19:28:26.0763 4984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
19:28:26.0799 4984 uliagpkx - ok
19:28:26.0877 4984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
19:28:26.0940 4984 umbus - ok
19:28:26.0969 4984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
19:28:27.0024 4984 UmPass - ok
19:28:27.0250 4984 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
19:28:27.0427 4984 upnphost - ok
19:28:27.0516 4984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
19:28:27.0563 4984 usbccgp - ok
19:28:27.0702 4984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
19:28:27.0748 4984 usbcir - ok
19:28:27.0816 4984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
19:28:27.0868 4984 usbehci - ok
19:28:28.0149 4984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys
19:28:28.0213 4984 usbhub - ok
19:28:28.0266 4984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\DRIVERS\usbohci.sys
19:28:28.0342 4984 usbohci - ok
19:28:28.0410 4984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
19:28:28.0472 4984 usbprint - ok
19:28:28.0573 4984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
19:28:28.0645 4984 USBSTOR - ok
19:28:28.0728 4984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
19:28:28.0773 4984 usbuhci - ok
19:28:28.0881 4984 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
19:28:28.0946 4984 usbvideo - ok
19:28:29.0007 4984 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
19:28:29.0148 4984 UxSms - ok
19:28:29.0211 4984 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
19:28:29.0246 4984 VaultSvc - ok
19:28:29.0337 4984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
19:28:29.0368 4984 vdrvroot - ok
19:28:29.0783 4984 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
19:28:29.0953 4984 vds - ok
19:28:30.0028 4984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
19:28:30.0081 4984 vga - ok
19:28:30.0148 4984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
19:28:30.0373 4984 VgaSave - ok
19:28:30.0564 4984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
19:28:30.0633 4984 vhdmp - ok
19:28:30.0656 4984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
19:28:30.0688 4984 viaide - ok
19:28:30.0776 4984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
19:28:30.0827 4984 volmgr - ok
19:28:31.0103 4984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
19:28:31.0178 4984 volmgrx - ok
19:28:31.0395 4984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
19:28:31.0466 4984 volsnap - ok
19:28:31.0803 4984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
19:28:31.0859 4984 vsmraid - ok
19:28:33.0122 4984 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
19:28:33.0346 4984 VSS - ok
19:28:34.0279 4984 vToolbarUpdater11.0.2 (56e1e4442e4613fb2039a6b7421f4e58) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
19:28:34.0381 4984 vToolbarUpdater11.0.2 - ok
19:28:35.0092 4984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
19:28:35.0155 4984 vwifibus - ok
19:28:35.0224 4984 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
19:28:35.0297 4984 vwififlt - ok
19:28:35.0374 4984 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
19:28:35.0423 4984 vwifimp - ok
19:28:35.0740 4984 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
19:28:35.0902 4984 W32Time - ok
19:28:36.0002 4984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
19:28:36.0052 4984 WacomPen - ok
19:28:36.0138 4984 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:36.0262 4984 WANARP - ok
19:28:36.0288 4984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
19:28:36.0407 4984 Wanarpv6 - ok
19:28:37.0286 4984 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
19:28:37.0396 4984 WatAdminSvc - ok
19:28:38.0250 4984 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
19:28:38.0390 4984 wbengine - ok
19:28:38.0915 4984 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
19:28:38.0992 4984 WbioSrvc - ok
19:28:39.0265 4984 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
19:28:39.0387 4984 wcncsvc - ok
19:28:39.0493 4984 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
19:28:39.0551 4984 WcsPlugInService - ok
19:28:39.0726 4984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
19:28:39.0768 4984 Wd - ok
19:28:40.0077 4984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
19:28:40.0177 4984 Wdf01000 - ok
19:28:40.0227 4984 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:40.0450 4984 WdiServiceHost - ok
19:28:40.0460 4984 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
19:28:40.0520 4984 WdiSystemHost - ok
19:28:40.0677 4984 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
19:28:40.0765 4984 WebClient - ok
19:28:40.0871 4984 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
19:28:41.0018 4984 Wecsvc - ok
19:28:41.0101 4984 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
19:28:41.0241 4984 wercplsupport - ok
19:28:41.0327 4984 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
19:28:41.0464 4984 WerSvc - ok
19:28:41.0615 4984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
19:28:41.0719 4984 WfpLwf - ok
19:28:41.0746 4984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
19:28:41.0779 4984 WIMMount - ok
19:28:41.0882 4984 WinDefend - ok
19:28:41.0905 4984 WinHttpAutoProxySvc - ok
19:28:42.0131 4984 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
19:28:42.0260 4984 Winmgmt - ok
19:28:42.0898 4984 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
19:28:43.0110 4984 WinRM - ok
19:28:43.0659 4984 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
19:28:43.0792 4984 Wlansvc - ok
19:28:43.0943 4984 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:28:43.0976 4984 wlcrasvc - ok
19:28:44.0736 4984 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:28:44.0895 4984 wlidsvc - ok
19:28:45.0269 4984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
19:28:45.0343 4984 WmiAcpi - ok
19:28:45.0512 4984 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
19:28:45.0601 4984 wmiApSrv - ok
19:28:45.0712 4984 WMPNetworkSvc - ok
19:28:45.0775 4984 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
19:28:45.0826 4984 WPCSvc - ok
19:28:45.0927 4984 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
19:28:45.0997 4984 WPDBusEnum - ok
19:28:46.0060 4984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
19:28:46.0165 4984 ws2ifsl - ok
19:28:46.0342 4984 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
19:28:46.0421 4984 wscsvc - ok
19:28:46.0431 4984 WSearch - ok
19:28:47.0210 4984 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
19:28:47.0505 4984 wuauserv - ok
19:28:48.0168 4984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
19:28:48.0302 4984 WudfPf - ok
19:28:48.0527 4984 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
19:28:48.0696 4984 WUDFRd - ok
19:28:48.0767 4984 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
19:28:48.0880 4984 wudfsvc - ok
19:28:49.0044 4984 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
19:28:49.0164 4984 WwanSvc - ok
19:28:49.0241 4984 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
19:28:52.0850 4984 \Device\Harddisk0\DR0 - ok
19:28:52.0872 4984 Boot (0x1200) (ebb51d99ec7151e02985dc76407af273) \Device\Harddisk0\DR0\Partition0
19:28:52.0884 4984 \Device\Harddisk0\DR0\Partition0 - ok
19:28:52.0885 4984 ============================================================
19:28:52.0885 4984 Scan finished
19:28:52.0885 4984 ============================================================
19:28:52.0930 4328 Detected object count: 0
19:28:52.0930 4328 Actual detected object count: 0

#4
Jaybarker

Posted 17 May 2012 - 05:34 PM

Member

Topic Starter
Member
14 posts

OTL report... I did this yesterday... I have since ran malwarebytes and removed 8 threats

OTL logfile created on: 5/16/2012 8:45:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jason\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 46.76% Memory free
5.20 Gb Paging File | 3.54 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.72 Gb Total Space | 175.70 Gb Free Space | 64.90% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/16 20:39:02 | 000,250,368 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
PRC - [2012/05/16 20:27:17 | 000,595,456 | -H-- | M] (OldTimer Tools) -- C:\Users\Jason\Downloads\OTL.exe
PRC - [2012/05/16 18:54:02 | 000,343,040 | -HS- | M] () -- C:\ProgramData\QKTsgoHyjHp.exe
PRC - [2012/05/16 01:36:48 | 000,932,736 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe
PRC - [2012/05/16 01:36:41 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/06/03 19:09:00 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\NDSTray.exe
PRC - [2009/07/28 23:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSwMgr.exe
PRC - [2009/07/13 21:14:12 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\attrib.exe
PRC - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2009/01/26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (No Company Name) ==========

MOD - [2012/05/16 20:39:02 | 000,250,368 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
MOD - [2012/05/16 18:54:02 | 000,343,040 | -HS- | M] () -- C:\ProgramData\QKTsgoHyjHp.exe
MOD - [2012/05/16 01:36:50 | 000,130,944 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\SiteSafety.dll
MOD - [2012/05/16 01:36:41 | 001,116,544 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/04/27 22:07:01 | 000,444,400 | -H-- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppgooglenaclpluginchrome.dll
MOD - [2012/04/27 22:06:59 | 003,915,248 | -H-- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
MOD - [2012/04/27 22:05:34 | 000,122,880 | -H-- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\avutil-51.dll
MOD - [2012/04/27 22:05:33 | 000,220,672 | -H-- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\avformat-53.dll
MOD - [2012/04/27 22:05:32 | 001,747,456 | -H-- | M] () -- C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/02/10 15:52:04 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/10/20 17:41:50 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010/09/28 15:30:28 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/05 20:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/05/16 01:36:48 | 000,932,736 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.0.2\ToolbarUpdater.exe -- (vToolbarUpdater11.0.2)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/09/13 14:53:54 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service)
SRV - [2010/07/01 13:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010/04/03 19:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/28 19:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/03/10 21:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\Toshiba\ConfigFree\CFSvcs.exe -- (ConfigFree Service)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/05/18 09:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d) MS Hardware Device Detection Driver (USB)
DRV:64bit: - [2011/04/20 10:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/14 15:43:00 | 001,581,184 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2011/02/10 16:22:00 | 008,283,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/02/10 15:15:08 | 000,294,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/02/08 22:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011/01/05 04:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 15:58:54 | 000,137,512 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010/11/05 10:52:54 | 000,038,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/05 10:52:52 | 000,075,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/10/08 14:49:08 | 000,243,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/09/23 03:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/30 23:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 18:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/07 12:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...ng}&rlz=1I7TSCA
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.ca/welcome
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshiba.ca/welcome
IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.co...1I7TSCA_enCA459
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.c...fr&d=2012-05-16 01:36:53&v=11.0.0.9&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.19: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.0.0.9\ [2012/05/16 01:37:17 | 000,000,000 | -H-D | M]

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.c...fr&d=2012-05-16 01:36:53&v=11.0.0.9&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.goog...outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Jason\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.0.2\\npsitesafety.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Jason\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AdBlock = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.33_0\
CHR - Extension: Gmail = C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg64.dll (Google Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.0.0.9\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.)
O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [nYdUlnRnEPi.exe] C:\ProgramData\nYdUlnRnEPi.exe ()
O4 - HKCU..\Run: [QKTsgoHyjHp.exe] C:\ProgramData\QKTsgoHyjHp.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
F3:64bit: - HKCU WinNT: Load - (C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe) - C:\Users\Jason\Local Settings\Temp\msahvayth.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe) - C:\Users\Jason\Local Settings\Temp\msahvayth.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Add to TOSHIBA Bulletin Board - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14648AC4-8035-4A1E-999A-A560AB12B448}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14648AC4-8035-4A1E-999A-A560AB12B448}: NameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.0.2\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/16 20:39:47 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{F53FAFB5-5EB9-4F35-AB46-E1C211749292}
[2012/05/16 20:39:16 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{5DE56A25-CDF0-4F2D-9FC2-73FA1FF3E3F9}
[2012/05/16 20:01:26 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{90A13759-36EA-484D-952C-A0F33F43CD56}
[2012/05/16 20:01:12 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{949144FD-DFD9-42E0-BBB9-D233372A96ED}
[2012/05/16 01:59:04 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{9646A900-3F66-4F29-8BB3-EB4262798F65}
[2012/05/16 01:58:41 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{BDAC09FE-1E21-4997-9B51-2459E3AF64CC}
[2012/05/16 01:40:58 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{B85106FA-3506-4D09-90B3-1CA229155181}
[2012/05/16 01:40:40 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{7337E8AE-E9B7-49CD-A624-BF474A2608E5}
[2012/05/16 01:40:19 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\AVG Secure Search
[2012/05/16 01:36:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG Secure Search
[2012/05/16 01:36:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012/05/16 01:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012/05/16 01:34:25 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
[2012/05/16 01:33:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/05/16 01:32:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVG2012
[2012/05/16 01:32:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/16 01:20:38 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{6043C652-30B0-489E-8A4F-08E63C0704AD}
[2012/05/16 01:20:25 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{8B240E25-8FF8-49C2-BE9F-49B5993E71B0}
[2012/05/16 01:11:10 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{CFC43B81-C6F1-46E0-B85A-5FAABF0D2ED9}
[2012/05/16 01:10:49 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{60CB5EB3-E7A7-4E34-A6AD-9EC116C57826}
[2012/05/16 00:59:04 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{25470567-7556-4BD1-A823-DEA62ED5CF2E}
[2012/05/16 00:56:47 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/09 07:22:05 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{79D97133-974D-4414-8148-A8E1F1EE8ABF}
[2012/05/09 07:21:36 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{B11F352E-9B1C-467E-AC5C-4C2231CBFA15}
[2012/05/08 18:57:48 | 001,544,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\DWrite.dll
[2012/05/08 18:57:42 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ntoskrnl.exe
[2012/05/08 18:57:39 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntkrnlpa.exe
[2012/05/08 18:57:38 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ntoskrnl.exe
[2012/04/19 14:17:49 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{A4AFE7B0-1AB3-4A79-B53C-7BB2B5982F50}
[2012/04/19 04:50:26 | 000,028,480 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\windows\SysNative\drivers\avgidsha.sys
[2012/04/18 19:24:06 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/14 16:38:34 | 000,082,816 | -H-- | C] (VSO Software) -- C:\Users\Jason\AppData\Roaming\pcouffin.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/16 20:48:48 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 20:48:48 | 000,025,120 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/16 20:39:27 | 000,000,160 | -H-- | M] () -- C:\ProgramData\-coVnA8yj5VUSxyr
[2012/05/16 20:39:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-coVnA8yj5VUSxy
[2012/05/16 20:39:26 | 000,000,666 | -H-- | M] () -- C:\Users\Jason\Desktop\Data_Recovery.lnk
[2012/05/16 20:39:16 | 000,000,256 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy
[2012/05/16 20:39:02 | 000,250,368 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
[2012/05/16 20:38:10 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/05/16 20:38:00 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/05/16 20:37:55 | 2094,161,920 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/16 19:33:01 | 000,000,908 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3453606639-3217382791-1870904024-1000UA.job
[2012/05/16 19:14:52 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/05/16 18:54:02 | 000,343,040 | -HS- | M] () -- C:\ProgramData\QKTsgoHyjHp.exe
[2012/05/16 01:59:13 | 000,000,690 | -H-- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/16 01:34:25 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/05/16 01:34:25 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/05/16 01:33:38 | 000,001,297 | -H-- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/16 01:33:38 | 000,001,273 | -H-- | M] () -- C:\Users\Jason\Desktop\Spybot - Search & Destroy.lnk
[2012/05/16 01:20:33 | 000,000,176 | -H-- | M] () -- C:\ProgramData\bad7
[2012/05/16 01:20:33 | 000,000,000 | -H-- | M] () -- C:\ProgramData\bad8
[2012/05/16 01:20:29 | 000,000,256 | -H-- | M] () -- C:\ProgramData\bad5
[2012/05/16 01:20:13 | 000,250,880 | -H-- | M] () -- C:\ProgramData\bad6.exe
[2012/05/16 01:11:14 | 000,000,176 | -H-- | M] () -- C:\ProgramData\bad4
[2012/05/16 01:11:14 | 000,000,000 | -H-- | M] () -- C:\ProgramData\bad2
[2012/05/16 01:11:06 | 000,000,256 | -H-- | M] () -- C:\ProgramData\bad1
[2012/05/16 01:04:14 | 264,212,495 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/05/16 00:56:32 | 000,250,880 | -H-- | M] () -- C:\ProgramData\bad3.exe
[2012/05/16 00:53:02 | 000,000,856 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3453606639-3217382791-1870904024-1000Core.job
[2012/05/16 00:42:23 | 000,343,552 | -HS- | M] () -- C:\ProgramData\nYdUlnRnEPi.exe
[2012/05/11 09:40:25 | 000,001,057 | -H-- | M] () -- C:\Users\Jason\AppData\Roaming\vso_ts_preview.xml
[2012/05/09 07:20:05 | 000,276,216 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/05/09 06:52:44 | 000,733,008 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/05/09 06:52:44 | 000,616,506 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/05/09 06:52:44 | 000,106,628 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/04/30 18:38:29 | 000,002,374 | -H-- | M] () -- C:\Users\Jason\Desktop\Google Chrome.lnk
[2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\windows\SysNative\drivers\avgidsha.sys
[2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ]
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/16 20:39:27 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-coVnA8yj5VUSxyr
[2012/05/16 20:39:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-coVnA8yj5VUSxy
[2012/05/16 20:39:26 | 000,000,666 | -H-- | C] () -- C:\Users\Jason\Desktop\Data_Recovery.lnk
[2012/05/16 20:39:14 | 000,000,256 | -H-- | C] () -- C:\ProgramData\coVnA8yj5VUSxy
[2012/05/16 20:39:02 | 000,250,368 | -H-- | C] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
[2012/05/16 17:06:00 | 000,343,040 | -HS- | C] () -- C:\ProgramData\QKTsgoHyjHp.exe
[2012/05/16 01:59:13 | 000,000,690 | -H-- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/16 01:34:25 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
[2012/05/16 01:34:25 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
[2012/05/16 01:33:38 | 000,001,297 | -H-- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/05/16 01:33:38 | 000,001,273 | -H-- | C] () -- C:\Users\Jason\Desktop\Spybot - Search & Destroy.lnk
[2012/05/16 01:20:33 | 000,000,176 | -H-- | C] () -- C:\ProgramData\bad7
[2012/05/16 01:20:32 | 000,000,000 | -H-- | C] () -- C:\ProgramData\bad8
[2012/05/16 01:20:28 | 000,000,256 | -H-- | C] () -- C:\ProgramData\bad5
[2012/05/16 01:20:13 | 000,250,880 | -H-- | C] () -- C:\ProgramData\bad6.exe
[2012/05/16 00:56:51 | 000,000,176 | -H-- | C] () -- C:\ProgramData\bad4
[2012/05/16 00:56:51 | 000,000,000 | -H-- | C] () -- C:\ProgramData\bad2
[2012/05/16 00:56:43 | 000,000,256 | -H-- | C] () -- C:\ProgramData\bad1
[2012/05/16 00:56:32 | 000,250,880 | -H-- | C] () -- C:\ProgramData\bad3.exe
[2012/05/16 00:44:43 | 000,343,552 | -HS- | C] () -- C:\ProgramData\nYdUlnRnEPi.exe
[2012/03/21 03:25:42 | 000,008,704 | -H-- | C] () -- C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/06 22:01:41 | 000,735,230 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011/12/14 16:38:34 | 000,099,384 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\inst.exe
[2011/12/14 16:38:34 | 000,007,859 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.cat
[2011/12/14 16:38:34 | 000,001,167 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\pcouffin.inf
[2011/12/12 23:12:31 | 000,001,057 | -H-- | C] () -- C:\Users\Jason\AppData\Roaming\vso_ts_preview.xml
[2011/12/12 23:06:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/09/13 14:37:16 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2011/09/13 14:16:37 | 000,451,072 | ---- | C] () -- C:\windows\SysWow64\ISSRemoveSP.exe
[2011/09/13 14:02:33 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011/09/13 13:59:37 | 000,002,975 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat

< End of report >

OTL Extras logfile created on: 5/16/2012 8:45:49 PM - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Jason\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.60 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 46.76% Memory free
5.20 Gb Paging File | 3.54 Gb Available in Paging File | 68.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 270.72 Gb Total Space | 175.70 Gb Free Space | 64.90% Space Free | Partition Type: NTFS

Computer Name: JASON-PC | User Name: Jason | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07DFDDDE-A94B-478A-B114-BD99170A8312}" = lport=138 | protocol=17 | dir=in | app=system |
"{09CC2E3F-42E9-4631-B9A7-6D65519B9571}" = rport=10243 | protocol=6 | dir=out | app=system |
"{12878ED9-9104-4121-B9D4-6E0180EA195F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{14FEDFD7-4791-4897-9764-B816BA44EF6A}" = lport=137 | protocol=17 | dir=in | app=system |
"{1F8D887F-FA77-4CA3-AD6D-15942E3D7D91}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{21DA822F-433C-4064-9073-A029B8B1E135}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{26345CFC-FD84-43EE-841A-07F4819EF2EE}" = rport=139 | protocol=6 | dir=out | app=system |
"{31358301-C7B0-4D1D-A87A-E1109001FCE6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{38BDBECA-B4BB-4570-8A1F-B8A7AB929EC9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3BD9DC10-277C-47F2-9AA1-7C97D70D79DF}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{43E75B6A-E685-49D2-A85A-0EAEB6208F68}" = lport=445 | protocol=6 | dir=in | app=system |
"{4986DDC5-D0D0-4F4A-A031-4EB0385D0E96}" = rport=138 | protocol=17 | dir=out | app=system |
"{4F4CDCE6-AF77-41EC-8549-D07ADEFF953A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{503BA460-75FD-408A-8B23-48BC83420E96}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{51C344C3-4BAD-4D4F-B496-C1CA218B1CFE}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{5816CCE8-A646-4700-9537-AB94C4B6B9D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60BD654D-A914-4EA0-ACD5-CF6DF3EAABC8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6AD09849-C85A-47F7-94CE-5CD99E4C3219}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{706D1BBE-8E7D-4A7B-8698-05F2C6F067B6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{78FEDEA1-836D-481D-9684-48C7967EDE46}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79C77520-DE85-4AE1-8950-3D5F0BCAE0C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{96999CC2-9C10-4F2D-A0DF-5B8562E3AFA2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{97715698-C974-48C6-86DD-131240E4F32B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9BDB5281-BE99-45EF-980F-E1DC58CA6632}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9CCED254-458B-40A6-9CD4-17D8992A1B9F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E043668-5F98-4C50-A601-F55AE3398F02}" = lport=139 | protocol=6 | dir=in | app=system |
"{AD1662DE-8ECF-4BC6-BB8B-45151C5A18E6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B8845CFD-3E43-411B-9E64-42331A430D92}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF36C0FC-FA58-4B3B-AD09-2CBE2FFA3BAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D3504AC3-1FBF-4D39-966A-D25933736796}" = rport=137 | protocol=17 | dir=out | app=system |
"{D552753D-C5D5-42A6-8752-E54001D57445}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D5971C28-7216-498A-9739-ADC0E84E10A1}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DA0C08E5-04EB-46EE-99E3-EC99B07AB375}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F523A5-1643-4FB3-8F76-54BE00B74582}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{07BBBCD3-4F2E-4931-90BD-52B824219822}" = protocol=1 | dir=in | [email protected],-28543 |
"{0E13A5A9-CF41-4473-988E-7455A08C0B82}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20418BC4-4CB2-441B-A0DA-A6AB1AB05501}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{224FB7B5-37A4-4667-86AC-311A80A90980}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{2452441B-2551-4A73-A8C0-13BC4FACA345}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{257EE5CA-19DA-4C90-820E-0EF7C0D64042}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{27DDA334-7C49-4056-9A1A-FE9BA349618D}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2900C0D3-78B1-49BE-9C91-7044BF132E15}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{349F21D4-CDE1-4D3F-A0BF-E07ABD8130C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3912BE36-1C98-46B8-A2F6-46F8D5D786FB}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{39979E88-D29D-4DF4-A679-DDB4D86FDF60}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{470EE046-ECFE-48F7-8612-17143C60BFCA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5CFA9EF5-5599-4026-8EAF-707A004EE3B2}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{5DE564F7-680A-45A8-90FD-F687FD3AEF64}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{607E951F-FE0A-44CD-AB1D-9C41B2687FFC}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{6143A5A6-589D-4ED7-A6CC-5FC840126301}" = protocol=6 | dir=out | app=system |
"{68DF321E-0FBC-40FA-9C6A-C7E799B7664C}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{692C7902-F0B7-40FB-80D1-530FC8D07603}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6A5F80A8-B40C-4F12-AD04-3B3B037FBF08}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{7411A3FA-E053-4D45-AF79-36A5C2DF0E83}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{75CA6E0F-F0C3-4D00-B3A9-0C6989D6A4F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{7CB97CCB-7AB4-45E3-9DCC-FBDA0A921D78}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{891DA0BC-4089-41C9-B6A4-9769F02B4627}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9C861F66-60D9-434B-A473-364CCE869898}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A8F3882B-2861-4418-9E98-D1F84B548DDE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AE75E938-42AF-4444-8B7D-29F431820A43}" = protocol=58 | dir=out | [email protected],-28546 |
"{AEF96EAC-A33A-4FEB-A83F-05113DFB841A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B43742F2-A673-4F23-B207-2039C0A8E49C}" = protocol=1 | dir=out | [email protected],-28544 |
"{C8CB44CE-293F-4309-A62B-44D39F4A10E1}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{CCA26F72-3164-4563-A24E-C9A9D75D59A4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{CE5C8977-CF08-470E-ABF0-A079BCF1D71C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CEE7AD1B-FD6B-46C9-9B1A-67D10F5D0C90}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{D179E9A0-37AE-48D3-9DFE-9FAAC88CE205}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D989CCB0-0FB5-4E09-96C9-5F9796F6D911}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E377595E-2F80-406C-B409-E7284C44D242}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E634B33E-123D-42AB-9678-B264BFD77FA1}" = protocol=58 | dir=in | [email protected],-28545 |
"{E7AFEEAF-0756-4FDB-A569-D3732CCBABD5}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{E9E6C2C0-F229-4D93-9F38-81BC0997FECF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F682A0B0-DCD8-4E84-9A0A-D46225528466}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F8A7A9E5-F27E-48A6-8572-4BEC9B581323}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe |
"{FDFBE87A-3659-4267-84AB-39593FBE9D21}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D27E8CF-7546-F200-4CA3-CD2F39909F5A}" = ATI Catalyst Install Manager
"{1FB31F44-D4D0-4D76-944A-A1A5D79FD321}" = Windows Live Family Safety
"{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"{2CDD9D22-AD67-4588-93AD-147C979F6E7C}" = AVG 2012
"{3EF6F8CE-BE77-0786-CA40-3CB5BF5EBCC8}" = ccc-utility64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{522D5958-FFF0-2849-776B-442BE2A0004C}" = WMV9/VC-1 Video Playback
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5E11C972-1E76-45FE-8F92-14E0D1140B1B}" = iTunes
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Media Creator
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CEA21F20-DBF4-464C-8B81-28B8508AFDDD}" = Windows Live Family Safety
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-X64 8.0.8.0_R01
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"WinRAR archiver" = WinRAR 4.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008D69EB-70FF-46AB-9C75-924620DF191A}" = TOSHIBA Speech System SR Engine(U.S.) Version1.0
"{04259F13-626E-814E-A80C-4601DFF3CE95}" = CCC Help Finnish
"{04D90620-2973-6F93-6E6C-C833F39C50C1}" = CCC Help Thai
"{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"{073B89C3-BA88-41B5-965F-B35A88EAE838}" = TOSHIBA Supervisor Password
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0FC61261-B251-C870-C650-8A854F1B4CF0}" = CCC Help Chinese Standard
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C563C0-5569-A3BF-DF26-AAB3F25B5375}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java™ 6 Update 31
"{2823D463-54F8-F7B4-818F-B7436FF70658}" = CCC Help Portuguese
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C303EE0-A595-3543-A71A-931C7AC40EDE}" = Microsoft Primary Interoperability Assemblies 2005
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{32F32D10-5190-7565-DD14-C235FAF81408}" = CCC Help Dutch
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{34F971C8-B75F-6B8D-4AFC-5DAB84241AE6}" = CCC Help French
"{3798E892-DB93-6BE5-D4AD-8D1C4569F5EF}" = CCC Help Norwegian
"{3FBF6F99-8EC6-41B4-8527-0A32241B5496}" = TOSHIBA Speech System TTS Engine(U.S.) Version1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{52A2A26B-59BE-DE58-67EA-AE33077248A0}" = CCC Help Greek
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589EB570-9B45-8EF9-7A0F-2A5B3A37BC49}" = CCC Help Swedish
"{59F65EE9-3DD6-6944-8222-342A9947D40B}" = Catalyst Control Center InstallProxy
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{60A1C223-4D86-AD1E-FB21-DE75010DABE3}" = CCC Help Hungarian
"{618AF7BF-10CD-0118-EE52-ED9BC440487B}" = CCC Help Russian
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6C313A41-2704-23C5-DA68-05BB34126233}" = CCC Help Italian
"{6C49A7D6-FD97-A573-29C7-87ED1756AC6D}" = CCC Help Chinese Traditional
"{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"{70B4D913-147C-7084-961A-6728E8F2AC2E}" = CCC Help Korean
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80F696E0-AB85-433E-99E3-8CC6D98CF167}" = TOSHIBA ConfigFree
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E9CEA3B-EBD1-439C-A01D-830CB39613C6}" = TOSHIBA Hardware Setup
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{983CD6FE-8320-4B80-A8F6-0D0366E0AA22}" = TOSHIBA Media Controller
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D3D8C60-A55F-4fed-B2B9-173001290E16}" = Realtek WLAN Driver
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC6569FA-6919-442A-8552-073BE69E247A}" = TOSHIBA Service Station
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{ACB77FD0-7796-82B5-51B1-3ABAD84932E7}" = Catalyst Control Center Graphics Previews Common
"{AE26F217-2100-A52C-2A00-3829358E4930}" = ccc-core-static
"{B35FB627-BB1F-E79D-9512-E7CF549B00AD}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}" = TOSHIBA Assist
"{C4F1B841-0C75-368C-0A54-1BAF7C8B6A91}" = CCC Help English
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CA5CF466-CAE3-4D99-8BB4-C80F4AC55028}" = TOSHIBA Wireless LAN Indicator
"{CE15C07B-32E3-0586-305C-975F0FEE559A}" = CCC Help Turkish
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.1.7.343
"{DC280F21-4FD6-9D47-6323-7CD5C8712DFB}" = CCC Help Spanish
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ED8AB7F6-E885-A8E9-1E97-2218D89FAE8F}" = CCC Help German
"{EE033C1F-443E-41EC-A0E2-559B539A4E4D}" = TOSHIBA Speech System Applications
"{EEE6C8F8-4FDD-A08F-2292-31B34E327C0C}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F4C03C2A-E14E-EB7C-AAD7-F4FB6396BEA1}" = Catalyst Control Center Localization All
"{F9E83908-4502-9B01-6B42-21E449DD2627}" = CCC Help Czech
"{FB90923E-F94F-4343-A084-F0AB39305C8B}" = Catalyst Control Center - Branding
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}" = TOSHIBA Value Added Package
"InstallShield_{229C190B-7690-40B7-8680-42530179F3E9}" = TOSHIBA Bulletin Board
"InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}" = TOSHIBA ReelTime
"InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}" = TOSHIBA Web Camera Application
"InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}" = TOSHIBA HDD/SSD Alert
"InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}" = TOSHIBA Face Recognition
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PokerStars" = PokerStars
"TOSHIBA Game Console" = WildTangent ORB Game Console
"uTorrent" = µTorrent
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.11
"WildTangent toshiba Master Uninstall" = WildTangent Games
"WinLiveSuite" = Windows Live Essentials
"WT088682" = Bejeweled 2 Deluxe
"WT088696" = Chuzzle Deluxe
"WT088702" = Plants vs. Zombies
"WT088703" = Build-a-lot 2
"WT088710" = Zuma's Revenge
"WT088739" = FATE
"WT088750" = Jewel Quest - Heritage
"WT088759" = Polar Bowler
"WT088760" = Virtual Villagers 4 - The Tree of Life
"WT088761" = Wheel of Fortune 2

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 09/05/2012 7:35:34 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2901

Error - 09/05/2012 7:35:35 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/05/2012 7:35:35 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4009

Error - 09/05/2012 7:35:35 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4009

Error - 09/05/2012 7:35:38 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/05/2012 7:35:38 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6271

Error - 09/05/2012 7:35:38 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6271

Error - 09/05/2012 7:35:39 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 09/05/2012 7:35:39 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7347

Error - 09/05/2012 7:35:39 AM | Computer Name = Jason-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7347

[ Media Center Events ]
Error - 21/03/2012 3:22:42 AM | Computer Name = Jason-PC | Source = Microsoft-Windows-Media Center Extender | ID = 116
Description =

Error - 16/05/2012 5:07:47 PM | Computer Name = Jason-PC | Source = MCUpdate | ID = 0
Description = 5:07:26 PM - Failed to retrieve SportsSchedule (Error: The operation
has timed out)

[ System Events ]
Error - 16/05/2012 8:33:08 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:33:08 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:34:28 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:34:28 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:34:28 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:35:16 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:35:16 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:35:16 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068

Error - 16/05/2012 8:38:01 PM | Computer Name = Jason-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 8:36:09 PM on ?16/?05/?2012 was unexpected.

Error - 16/05/2012 8:38:33 PM | Computer Name = Jason-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Avgldx64

< End of report >

#5
Jaybarker

Posted 17 May 2012 - 07:04 PM

Member

Topic Starter
Member
14 posts

gmer seems to take forever and list every file have on my comp... then freezes or the virus restarts my computer
... I will keep trying

#6
maliprog

Posted 17 May 2012 - 11:06 PM

Trusted Helper

Malware Removal
6,172 posts

Leave GMER for now. Let's try these steps

Step 1

NOTE: This fix is custom made for this system only and for current system state! Don't try to run it on another system!

Please close all running programs and Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:processes
killallprocesses

:OTL
MOD - [2012/05/16 20:39:02 | 000,250,368 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
MOD - [2012/05/16 18:54:02 | 000,343,040 | -HS- | M] () -- C:\ProgramData\QKTsgoHyjHp.exe
O4 - HKCU..\Run: [nYdUlnRnEPi.exe] C:\ProgramData\nYdUlnRnEPi.exe ()
O4 - HKCU..\Run: [QKTsgoHyjHp.exe] C:\ProgramData\QKTsgoHyjHp.exe ()
F3:64bit: - HKCU WinNT: Load - (C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe) - C:\Users\Jason\Local Settings\Temp\msahvayth.exe ()
F3 - HKCU WinNT: Load - (C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe) - C:\Users\Jason\Local Settings\Temp\msahvayth.exe ()
[2012/05/16 20:39:47 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{F53FAFB5-5EB9-4F35-AB46-E1C211749292}
[2012/05/16 20:39:16 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{5DE56A25-CDF0-4F2D-9FC2-73FA1FF3E3F9}
[2012/05/16 20:01:26 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{90A13759-36EA-484D-952C-A0F33F43CD56}
[2012/05/16 20:01:12 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{949144FD-DFD9-42E0-BBB9-D233372A96ED}
[2012/05/16 01:59:04 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{9646A900-3F66-4F29-8BB3-EB4262798F65}
[2012/05/16 01:58:41 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{BDAC09FE-1E21-4997-9B51-2459E3AF64CC}
[2012/05/16 01:40:58 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{B85106FA-3506-4D09-90B3-1CA229155181}
[2012/05/16 01:40:40 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{7337E8AE-E9B7-49CD-A624-BF474A2608E5}
[2012/05/16 01:20:38 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{6043C652-30B0-489E-8A4F-08E63C0704AD}
[2012/05/16 01:20:25 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{8B240E25-8FF8-49C2-BE9F-49B5993E71B0}
[2012/05/16 01:11:10 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{CFC43B81-C6F1-46E0-B85A-5FAABF0D2ED9}
[2012/05/16 01:10:49 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{60CB5EB3-E7A7-4E34-A6AD-9EC116C57826}
[2012/05/16 00:59:04 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{25470567-7556-4BD1-A823-DEA62ED5CF2E}
[2012/05/16 00:56:47 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery
[2012/05/09 07:22:05 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{79D97133-974D-4414-8148-A8E1F1EE8ABF}
[2012/05/09 07:21:36 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{B11F352E-9B1C-467E-AC5C-4C2231CBFA15}
[2012/04/19 14:17:49 | 000,000,000 | -H-D | C] -- C:\Users\Jason\AppData\Local\{A4AFE7B0-1AB3-4A79-B53C-7BB2B5982F50}
[2012/05/16 20:39:27 | 000,000,160 | -H-- | M] () -- C:\ProgramData\-coVnA8yj5VUSxyr
[2012/05/16 20:39:27 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-coVnA8yj5VUSxy
[2012/05/16 20:39:26 | 000,000,666 | -H-- | M] () -- C:\Users\Jason\Desktop\Data_Recovery.lnk
[2012/05/16 20:39:16 | 000,000,256 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy
[2012/05/16 20:39:02 | 000,250,368 | -H-- | M] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
[2012/05/16 18:54:02 | 000,343,040 | -HS- | M] () -- C:\ProgramData\QKTsgoHyjHp.exe
[2012/05/16 01:59:13 | 000,000,690 | -H-- | M] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk
[2012/05/16 01:20:33 | 000,000,176 | -H-- | M] () -- C:\ProgramData\bad7
[2012/05/16 01:20:33 | 000,000,000 | -H-- | M] () -- C:\ProgramData\bad8
[2012/05/16 01:20:29 | 000,000,256 | -H-- | M] () -- C:\ProgramData\bad5
[2012/05/16 01:20:13 | 000,250,880 | -H-- | M] () -- C:\ProgramData\bad6.exe
[2012/05/16 01:11:14 | 000,000,176 | -H-- | M] () -- C:\ProgramData\bad4
[2012/05/16 01:11:14 | 000,000,000 | -H-- | M] () -- C:\ProgramData\bad2
[2012/05/16 01:11:06 | 000,000,256 | -H-- | M] () -- C:\ProgramData\bad1
[2012/05/16 00:56:32 | 000,250,880 | -H-- | M] () -- C:\ProgramData\bad3.exe
[2012/05/16 00:42:23 | 000,343,552 | -HS- | M] () -- C:\ProgramData\nYdUlnRnEPi.exe
[2012/05/16 20:39:27 | 000,000,160 | -H-- | C] () -- C:\ProgramData\-coVnA8yj5VUSxyr
[2012/05/16 20:39:27 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-coVnA8yj5VUSxy
[2012/05/16 20:39:26 | 000,000,666 | -H-- | C] () -- C:\Users\Jason\Desktop\Data_Recovery.lnk
[2012/05/16 20:39:14 | 000,000,256 | -H-- | C] () -- C:\ProgramData\coVnA8yj5VUSxy
[2012/05/16 20:39:02 | 000,250,368 | -H-- | C] () -- C:\ProgramData\coVnA8yj5VUSxy.exe
[2012/05/16 17:06:00 | 000,343,040 | -HS- | C] () -- C:\ProgramData\QKTsgoHyjHp.exe
[2012/05/16 01:59:13 | 000,000,690 | -H-- | C] () -- C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk

:Files
ipconfig /flushdns /c

:Commands
[purity]
[Reboot]
Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

Step 2

Please do another Malwarebytes Quick Scan scan and post log for me.

Step 3

Download Unhide.exe from here to your desktop and run ti. It should unhide all your files.

Step 4

Please don't forget to include these items in your reply:

OTL log
Malwarebytes log

It would be helpful if you could post each log in separate post using "Add Reply" button

#7
Jaybarker

Posted 21 May 2012 - 11:48 AM

Member

Topic Starter
Member
14 posts

OTL log

========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\nYdUlnRnEPi.exe deleted successfully.
File C:\ProgramData\nYdUlnRnEPi.exe not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\QKTsgoHyjHp.exe deleted successfully.
C:\ProgramData\QKTsgoHyjHp.exe moved successfully.
File C:\Users\Jason\Local Settings\Temp\msahvayth.exe not found.
64bit-Registry delete failed. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe scheduled to be deleted on reboot.
File C:\Users\Jason\Local Settings\Temp\msahvayth.exe not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe deleted successfully.
C:\Users\Jason\AppData\Local\{F53FAFB5-5EB9-4F35-AB46-E1C211749292} folder moved successfully.
C:\Users\Jason\AppData\Local\{5DE56A25-CDF0-4F2D-9FC2-73FA1FF3E3F9} folder moved successfully.
C:\Users\Jason\AppData\Local\{90A13759-36EA-484D-952C-A0F33F43CD56} folder moved successfully.
C:\Users\Jason\AppData\Local\{949144FD-DFD9-42E0-BBB9-D233372A96ED} folder moved successfully.
C:\Users\Jason\AppData\Local\{9646A900-3F66-4F29-8BB3-EB4262798F65} folder moved successfully.
C:\Users\Jason\AppData\Local\{BDAC09FE-1E21-4997-9B51-2459E3AF64CC} folder moved successfully.
C:\Users\Jason\AppData\Local\{B85106FA-3506-4D09-90B3-1CA229155181} folder moved successfully.
C:\Users\Jason\AppData\Local\{7337E8AE-E9B7-49CD-A624-BF474A2608E5} folder moved successfully.
C:\Users\Jason\AppData\Local\{6043C652-30B0-489E-8A4F-08E63C0704AD} folder moved successfully.
C:\Users\Jason\AppData\Local\{8B240E25-8FF8-49C2-BE9F-49B5993E71B0} folder moved successfully.
C:\Users\Jason\AppData\Local\{CFC43B81-C6F1-46E0-B85A-5FAABF0D2ED9} folder moved successfully.
C:\Users\Jason\AppData\Local\{60CB5EB3-E7A7-4E34-A6AD-9EC116C57826} folder moved successfully.
C:\Users\Jason\AppData\Local\{25470567-7556-4BD1-A823-DEA62ED5CF2E} folder moved successfully.
C:\Users\Jason\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery folder moved successfully.
C:\Users\Jason\AppData\Local\{79D97133-974D-4414-8148-A8E1F1EE8ABF} folder moved successfully.
C:\Users\Jason\AppData\Local\{B11F352E-9B1C-467E-AC5C-4C2231CBFA15} folder moved successfully.
C:\Users\Jason\AppData\Local\{A4AFE7B0-1AB3-4A79-B53C-7BB2B5982F50} folder moved successfully.
C:\ProgramData\-coVnA8yj5VUSxyr moved successfully.
C:\ProgramData\-coVnA8yj5VUSxy moved successfully.
C:\Users\Jason\Desktop\Data_Recovery.lnk moved successfully.
C:\ProgramData\coVnA8yj5VUSxy moved successfully.
C:\ProgramData\coVnA8yj5VUSxy.exe moved successfully.
File C:\ProgramData\QKTsgoHyjHp.exe not found.
C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk moved successfully.
C:\ProgramData\bad7 moved successfully.
C:\ProgramData\bad8 moved successfully.
C:\ProgramData\bad5 moved successfully.
File C:\ProgramData\bad6.exe not found.
C:\ProgramData\bad4 moved successfully.
C:\ProgramData\bad2 moved successfully.
C:\ProgramData\bad1 moved successfully.
File C:\ProgramData\bad3.exe not found.
File C:\ProgramData\nYdUlnRnEPi.exe not found.
File C:\ProgramData\-coVnA8yj5VUSxyr not found.
File C:\ProgramData\-coVnA8yj5VUSxy not found.
File C:\Users\Jason\Desktop\Data_Recovery.lnk not found.
File C:\ProgramData\coVnA8yj5VUSxy not found.
File C:\ProgramData\coVnA8yj5VUSxy.exe not found.
File C:\ProgramData\QKTsgoHyjHp.exe not found.
File C:\Users\Jason\Application Data\Microsoft\Internet Explorer\Quick Launch\Data_Recovery.lnk not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Jason\Downloads\cmd.bat deleted successfully.
C:\Users\Jason\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.43.0 log created on 05212012_134521

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jason\LOCALS~1\Temp\msahvayth.exe deleted successfully.

#8
Jaybarker

Posted 21 May 2012 - 12:09 PM

Member

Topic Starter
Member
14 posts

Malware log

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Jason :: JASON-PC [administrator]

21/05/2012 2:02:47 PM
mbam-log-2012-05-21 (14-02-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 217338
Time elapsed: 4 minute(s), 24 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Jason\AppData\Local\Temp\4alBcHxdrnVBQB.exe.tmp (Trojan.FakeHDD) -> Quarantined and deleted successfully.
C:\Users\Jason\AppData\Local\Temp\P8carOfte9G9cQ.exe.tmp (Trojan.FakeHDD) -> Quarantined and deleted successfully.

(end)

#9
Jaybarker

Posted 21 May 2012 - 12:10 PM

Member

Topic Starter
Member
14 posts

What is my Q drive??? I don't recall seeing it before... looks like a partition on my hard drive but it is locked and I can't access it

#10
maliprog

Posted 21 May 2012 - 11:08 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Jaybarker,

I don't see that partition. We will check all partitions with aswMBR in Step 1 now.

How is your system now? Any problems?

Step 1

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post aswMBR.txt in your next reply
Also, ZIP MBR.dat it creates and attach it to your next reply

Step 2

Download Virus Removal Tool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right
Posted Image

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
Posted Image

Allow Virus Removal Tool to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post

Step 3

Please don't forget to include these items in your reply:

aswMBR log
VRT log

It would be helpful if you could post each log in separate post using "Add Reply" button

#11
Jaybarker

Posted 22 May 2012 - 11:42 AM

Member

Topic Starter
Member
14 posts

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-22 13:25:10
-----------------------------
13:25:10.439 OS Version: Windows x64 6.1.7601 Service Pack 1
13:25:10.440 Number of processors: 2 586 0x100
13:25:10.442 ComputerName: JASON-PC UserName: Jason
13:25:14.676 Initialize success
13:25:33.371 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
13:25:33.381 Disk 0 Vendor: TOSHIBA_ GH10 Size: 305245MB BusType: 11
13:25:33.391 Disk 0 MBR read successfully
13:25:33.401 Disk 0 MBR scan
13:25:33.411 Disk 0 Windows VISTA default MBR code
13:25:33.440 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
13:25:33.462 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 277222 MB offset 3074048
13:25:33.496 Disk 0 Partition 3 00 17 Hidd HPFS/NTFS NTFS 16993 MB offset 570824704
13:25:33.515 Disk 0 Partition 4 00 17 Hidd HPFS/NTFS NTFS 9529 MB offset 605626368
13:25:33.562 Disk 0 scanning C:\windows\system32\drivers
13:25:41.304 Service scanning
13:26:26.945 Modules scanning
13:26:26.974 Disk 0 trace - called modules:
13:26:27.063 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
13:26:27.452 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8002ff6060]
13:26:27.468 3 CLASSPNP.SYS[fffff880019a143f] -> nt!IofCallDriver -> [0xfffffa8002ed0040]
13:26:27.484 5 amd_xata.sys[fffff8800112b8b4] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80029d73d0]
13:26:27.501 Scan finished successfully
13:40:47.574 Disk 0 MBR has been saved successfully to "C:\Users\Jason\Downloads\MBR.dat"
13:40:47.606 The log file has been saved successfully to "C:\Users\Jason\Downloads\aswMBR.txt"

#12
Jaybarker

Posted 22 May 2012 - 11:47 AM

Member

Topic Starter
Member
14 posts

not too sure about zipping the dat file... but it is only 512 bytes.. says I am not allowed to upload that file

Edited by Jaybarker, 22 May 2012 - 11:51 AM.

#13
maliprog

Posted 22 May 2012 - 11:50 PM

Trusted Helper

Malware Removal
6,172 posts

Hi Jaybarker,

OK. Just save that file for later. Please do VRT scan and post log here for me.

#14
Jaybarker

Posted 24 May 2012 - 06:54 PM

Member

Topic Starter
Member
14 posts

Status: Deleted (events: 23)
22/05/2012 1:59:51 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{04797E90-B495-EA78-E5C4-E63A44D56C2B}-coVnA8yj5VUSxy.exe High
22/05/2012 1:59:51 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{04797E90-B495-EA78-E5C4-E63A44D56C2B}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 1:59:55 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{2667E6DD-0949-5D53-81E8-0867D387CCFC}-coVnA8yj5VUSxy.exe High
22/05/2012 1:59:55 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{2667E6DD-0949-5D53-81E8-0867D387CCFC}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 2:00:06 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{27E63E82-B5C7-E32C-A9B1-0B5B313AE779}-coVnA8yj5VUSxy.exe High
22/05/2012 2:00:06 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{27E63E82-B5C7-E32C-A9B1-0B5B313AE779}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 2:00:12 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeSysDef.aw C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{36A1F97F-7FDB-5704-06AB-BAB737C397D7}-awdB2wdT6TVWcI.exe High
22/05/2012 2:00:12 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeSysDef.aw C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{36A1F97F-7FDB-5704-06AB-BAB737C397D7}-awdB2wdT6TVWcI.exe//PE-Crypt.XorPE High
22/05/2012 2:00:19 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{6A22E2A3-E0F2-D273-62F0-1E0CF8546C37}-coVnA8yj5VUSxy.exe High
22/05/2012 2:00:19 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{6A22E2A3-E0F2-D273-62F0-1E0CF8546C37}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 2:00:25 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{AA194B6C-0959-9793-8668-83A99598B3C1}-coVnA8yj5VUSxy.exe High
22/05/2012 2:00:25 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{AA194B6C-0959-9793-8668-83A99598B3C1}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 2:00:31 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeSysDef.aw C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{BE9D4576-9347-3306-1703-86426CDD80CB}-awdB2wdT6TVWcI.exe High
22/05/2012 2:00:31 PM Deleted Trojan program Trojan-FakeAV.Win32.FakeSysDef.aw C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{BE9D4576-9347-3306-1703-86426CDD80CB}-awdB2wdT6TVWcI.exe//PE-Crypt.XorPE High
22/05/2012 2:00:38 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{F9956838-41B8-8F1D-D217-3B114A68752E}-coVnA8yj5VUSxy.exe High
22/05/2012 2:00:38 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{F9956838-41B8-8F1D-D217-3B114A68752E}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 2:00:43 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{FCD295D1-96AC-592D-DF8D-83629D0D42AF}-coVnA8yj5VUSxy.exe High
22/05/2012 2:00:43 PM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\Documents and Settings\All Users\Microsoft\Windows Defender\LocalCopy\{FCD295D1-96AC-592D-DF8D-83629D0D42AF}-coVnA8yj5VUSxy.exe//PE-Crypt.XorPE High
22/05/2012 4:45:43 PM Deleted Trojan program Trojan.Win32.Agent.sfdq C:\Documents and Settings\Jason\AppData\Local\Temp\lmXJNabFS8XlMO.exe High
22/05/2012 4:45:55 PM Deleted Trojan program Trojan.Win32.Agent.sfdq C:\Documents and Settings\Jason\AppData\Local\Temp\Install.exe High
22/05/2012 4:45:54 PM Deleted Trojan program Trojan.Win32.Agent.sfdq C:\Documents and Settings\Jason\AppData\Local\Temp\CEC.tmp High
23/05/2012 2:41:54 AM Deleted Trojan program HEUR:Trojan.Win32.Generic C:\_OTL\MovedFiles\05212012_134521\C_ProgramData\coVnA8yj5VUSxy.exe High
23/05/2012 2:42:03 AM Deleted Trojan program Trojan-FakeAV.Win32.SmartFixer.dn C:\_OTL\MovedFiles\05212012_134521\C_ProgramData\QKTsgoHyjHp.exe High