Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Is my pc clean?

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Is my pc clean?

Unread postby blah9 » April 2nd, 2012, 8:22 pm

Hi all,

This forum was super helpful when I went to fix my computer problems (and I've kept that PC clean!). However today I was browsing on my son's computer and it was acting funny connecting connecting to certain webpages First instinct was to run a virus scan with ESET as I know it was recommended to me here.

Long story short I would really appreciate if any one can review my DDS log and see if ESET got all the nasties.

Note: As I was writing this I decided to scan my wife's computer and see it has a virus too and ESET found something on that one too :evil: I'm going to post a dds log in a separate thread for her PC.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Alex at 20:10:47 on 2012-04-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3932.1707 [GMT -4:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\TOSHIBA\TECO\Teco.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\TOSHIBA\TANU\TANU.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Program Files (x86)\PostgreSQL\8.3\bin\postgres.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\TOSHIBA\rselect\RSelSvc.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe
C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\msiexec.exe
C:\Windows\ehome\ehsched.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Users\Alex\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = 0.0.0.0:80
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Google Update] "C:\Users\Alex\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Akamai NetSession Interface] "C:\Users\Alex\AppData\Local\Akamai\netsession_win.exe"
mRun: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
StartupFolder: C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Update Tool Notifier.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
Trusted Zone: facebook.com
Trusted Zone: tenderfoot.com
Trusted Zone: wildwestonline.com
DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimi ... Config.CAB
DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/ ... 10.115.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1 199.45.32.38
TCP: Interfaces\{215AAA93-32FA-4FCF-9A4A-374D1B5681F1} : DhcpNameServer = 192.168.1.1 4.2.2.2
TCP: Interfaces\{5E859100-32BA-4DB0-8F68-2095DA7F0E10} : DhcpNameServer = 192.168.1.1 199.45.32.38
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [SVPWUTIL] "C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" SVPwUTIL
mRun-x64: [HWSetup] "C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" hwSetUP
mRun-x64: [TANU] %ProgramFiles%\TOSHIBA\TANU\TANU.exe
mRun-x64: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe"
mRun-x64: [TWebCamera] "%ProgramFiles(x86)%\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun-x64: [NDSTray.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe"
mRun-x64: [cfFncEnabler.exe] "C:\Program Files (x86)\TOSHIBA\ConfigFree\cfFncEnabler.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM
IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
.
============= SERVICES / DRIVERS ===============
.
R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\Windows\system32\DRIVERS\tos_sps64.sys --> C:\Windows\system32\DRIVERS\tos_sps64.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-5-12 44768]
R2 camsvc;TOSHIBA Web Camera Service;C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe [2009-9-22 20544]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 ConfigFree Gadget Service;ConfigFree Gadget Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe [2009-3-6 36864]
R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 pgsql-8.3;PostgreSQL Database Server 8.3;C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe [2009-3-13 65536]
R2 RSELSVC;TOSHIBA Modem region select service;C:\Program Files\TOSHIBA\rselect\RSelSvc.exe [2009-2-19 55808]
R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2011-12-1 206120]
R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2011-12-1 185640]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2009-4-14 251392]
R2 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2009-3-17 84480]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw5v64.sys --> C:\Windows\system32\DRIVERS\NETw5v64.sys [?]
R3 PGEffect;Pangu effect driver;C:\Windows\system32\DRIVERS\pgeffect.sys --> C:\Windows\system32\DRIVERS\pgeffect.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-31 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PTUMWBus;PANTECH USB Modem V2 Composite Device Driver;C:\Windows\system32\DRIVERS\PTUMWBus.sys --> C:\Windows\system32\DRIVERS\PTUMWBus.sys [?]
S3 PTUMWCSP;PANTECH USB Modem V2 Connection Port;C:\Windows\system32\DRIVERS\PTUMWCSP.sys --> C:\Windows\system32\DRIVERS\PTUMWCSP.sys [?]
S3 PTUMWFLT;PTUMWNET Filter Driver;C:\Windows\system32\DRIVERS\PTUMWFLT.sys --> C:\Windows\system32\DRIVERS\PTUMWFLT.sys [?]
S3 PTUMWMdm;PANTECH USB Modem V2 Modem Driver;C:\Windows\system32\DRIVERS\PTUMWMdm.sys --> C:\Windows\system32\DRIVERS\PTUMWMdm.sys [?]
S3 PTUMWNET;PANTECH USB Modem V2 WWAN Driver;C:\Windows\system32\DRIVERS\PTUMWNET.sys --> C:\Windows\system32\DRIVERS\PTUMWNET.sys [?]
S3 PTUMWNSP;PANTECH USB Modem V2 NMEA Port;C:\Windows\system32\DRIVERS\PTUMWNSP.sys --> C:\Windows\system32\DRIVERS\PTUMWNSP.sys [?]
S3 PTUMWVsp;PANTECH USB Modem V2 Diagnostic Port;C:\Windows\system32\DRIVERS\PTUMWVsp.sys --> C:\Windows\system32\DRIVERS\PTUMWVsp.sys [?]
S3 SMSIVZAM5X64;SMSIVZAM5X64 NDIS Protocol Driver;C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [2009-3-20 43032]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-3 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-04-03 00:06:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5BF1D9C-F6D8-45F7-836D-4337B560690B}\offreg.dll
2012-03-31 11:48:47 8669240 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C5BF1D9C-F6D8-45F7-836D-4337B560690B}\mpengine.dll
2012-03-31 00:04:51 -------- d-----w- C:\Users\Alex\AppData\Local\SupportSoft
2012-03-31 00:04:32 -------- d-----w- C:\Program Files (x86)\VERIZONDM
2012-03-31 00:04:25 -------- d-----w- C:\Windows\VDM
2012-03-31 00:04:25 -------- d-----w- C:\Program Files (x86)\Verizon
2012-03-31 00:04:25 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft
2012-03-20 01:22:00 -------- d-----w- C:\Users\Alex\AppData\Local\Microsoft Games
2012-03-09 01:37:49 -------- d-----w- C:\Users\Alex\.android
2012-03-09 01:37:36 -------- d-----w- C:\Program Files (x86)\Android
2012-03-08 12:13:23 -------- d-----w- C:\Python25
.
==================== Find3M ====================
.
2012-02-23 13:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-01-10 18:28:18 750488 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-01-10 18:28:14 660368 ----a-w- C:\Windows\System32\deployJava1.dll
.
============= FINISH: 20:11:29.79 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 9/22/2009 4:13:22 PM
System Uptime: 4/2/2012 7:26:36 PM (1 hours ago)
.
Motherboard: TOSHIBA | | KTWAA
Processor: Intel(R) Core(TM)2 Duo CPU T6500 @ 2.10GHz | U2E1 | 2100/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 361 GiB total, 263.538 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Photosmart C309a series
Device ID: ROOT\IMAGE\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\IMAGE\0000
Service: StillCam
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Photosmart C309a series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Photosmart C309a series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Deskjet 6980 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Deskjet 6980 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Community Help
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.1
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Akamai NetSession Interface
Amazon Links
Android SDK Tools
AutoHotkey 1.1.05.06
avast! Free Antivirus
Bodog Poker
Borderlands
CarbonPoker
CardRunnersEV
Counter-Strike
Counter-Strike: Source
Coupon Printer for Windows
Direct DiscRecorder
Download Manager 2.3.10
DVD MovieFactory for TOSHIBA
ESET Online Scanner v3
EV calculator
Flopzilla
Full Tilt Poker
Gambit
Game Booster 3
GIMP 2.6.7
Google App Engine
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
Half-Life 2: Lost Coast
Holdem Manager
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java Auto Updater
Java(TM) 6 Update 20
League of Legends
LightScribe 1.4.124.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Netzero Internet Access Installer
NoteCaddy
NoteCaddy 2
NVIDIA PhysX v8.10.29
OpenOffice.org 3.1
PDF Settings
Picasa 2
Pokerazor 1.38
PokerStars
PokerStove version 1.24
PostgreSQL 8.3
PS_AIO_05_C309_Software_Min
PunkBuster Services
Python 2.5
Quake Live Internet Explorer Plugin
QuickBooks Financial Center
Realtek 8136 8168 8169 Ethernet Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RPM Poker
Scan
SciTE4AutoHotkey v3.0.00 (Release Candidate)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Sid Meier's Civilization V
Skype Launcher
Steam
StoxEV
StoxPoker Combo
TableNinja
TableNinjaFT
Tarrasch Chess GUI V1.00b
Toolbox
TOSHIBA Agreement Notification Utility
Toshiba Application Installer
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA DVD PLAYER
TOSHIBA eco Utility
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Face Recognition
TOSHIBA Flash Cards Support Utility
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
TOSHIBA Internal Modem Region Select Utility
Toshiba Quality Application
Toshiba Registration
Toshiba Resources Page
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Utility Common Driver
Verizon Activation
Verizon Download Manager
VZAccess Manager
Wild West Online: Gunfighter Browser Plugin
WildTangent Games
.
==== Event Viewer Messages From Past Week ========
.
4/2/2012 7:28:40 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
4/1/2012 8:26:04 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 001E65A13D0C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/31/2012 8:37:31 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.66 for the Network Card with network address 001E65A13D0C has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/30/2012 8:45:56 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.64 for the Network Card with network address 00235AFADD9F has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
3/30/2012 8:04:42 PM, Error: Service Control Manager [7030] - The SupportSoft Repair Service (verizondm) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/30/2012 8:04:39 PM, Error: Service Control Manager [7030] - The SupportSoft Sprocket Service (verizondm) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
.
==== End Of File ===========================
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm
Advertisement
Register to Remove

Re: Is my pc clean?

Unread postby askey127 » April 3rd, 2012, 6:40 pm

Hi blah9,
First, enable Avast! again.
Understand that virtually ALL poker sites track your behavior on the internet and sell it to others, redirect your searches, pop up ads..
So, in your case, you can deal with it, or remove those below. That's up to you. You have these lovelies to deal with:
Pokerazor 1.38
PokerStars
PokerStove version 1.24
StoxPoker Combo
RPM Poker
Pokerazor 1.38
PokerStars
PokerStove version 1.24
Full Tilt Poker
Game Booster 3
CarbonPoker
Bodog Poker
Holdem Manager

Also, never allow anything but your Internet provider or Microsoft in the IE trusted zone.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Java(TM) 6 Update 20
Coupon Printer for Windows

Take extra care in answering questions posed by any Uninstaller.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :OTL
    IE-X64: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE-X64: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
    IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
    IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
    IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Bodog Poker\BPGame.exe
    Trusted Zone: facebook.com
    Trusted Zone: tenderfoot.com
    Trusted Zone: wildwestonline.com
    uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
    mStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=TSHB
    uInternet Settings,ProxyOverride = *.local;<local>
    
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [emptyflash] 
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved. Please run the program just once.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

So, we are looking for the contents of OTL.txt and CKFiles.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby blah9 » April 3rd, 2012, 8:21 pm

First let me apologize for posting two computer logs at once. I didn't realize that wasn't allowed - My mistake.

I uninstalled all the poker sites plus the other two programs you recommended uninstalling.

I copied the code into OTL and clicked run fix. When I left my computer it said something about scanning pokerstarsupdate.exe when I came back an hour later it said it was still scanning pokerstarsupdate.exe When I tried to drag the window it crashed. I've repeated this process a few times now and the same thing keeps happening.
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Is my pc clean?

Unread postby askey127 » April 3rd, 2012, 9:19 pm

OK.
Run the CKScanner procedure, and then this:
----------------------------------------------------------------------------------
Download and Run MalwareBytes' Anti-Malware It is free for non-business use.
Please go here to the Download Location, click on Download in the Free column..
When the next page comes up, click on the Download Now button.
  • After clicking on the download and choosing Save, the "Save to location" dialog will come up.
  • Click the browse folders button, then click on Desktop on the left as the location for the installer and click Save again. Close the dialog when the download is complete.
  • You should now have a desktop icon named mbam-setup.exe. (If the download was saved somewhere else, locate it and copy or move it to your desktop).
  • Right click it, choose Run as administrator and Continue
  • Let it install where it wants to, with the default settings, and click Finish.
  • If an update is found, it will download and install the latest version. A shield symbol will show on the desktop icon while it is updating, and will disappear when it's done.
  • If necessary, start Malwarebytes Anti-Malware again.
    (You can Decline any Offer for a Trial if you don't want the paid version)
  • Once the program has started up, select Perform Quick Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • If it found any malware items, check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location, and post the contents in your reply.
  • The log can also be found using the "Logs" tab in the program. You can click any "Scan" log listed to open its contents. The logs are listed and named by time/date stamp.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby blah9 » April 5th, 2012, 9:57 pm

Here you go...


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\android\android-sdk\docs\reference\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygenerator.html
c:\program files (x86)\android\android-sdk\docs\reference\javax\crypto\keygeneratorspi.html
c:\program files (x86)\android\android-sdk\sources\android-15\java\security\spec\rsakeygenparameterspec.java
c:\program files (x86)\android\android-sdk\sources\android-15\javax\crypto\keygenerator.java
c:\program files (x86)\android\android-sdk\sources\android-15\javax\crypto\keygeneratorspi.java
c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratorspitest.java
c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\keygeneratortest.java
c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorfunctionaltest.java
c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\javax\crypto\func\keygeneratorthread.java
c:\program files (x86)\android\android-sdk\sources\android-15\org\apache\harmony\crypto\tests\support\mykeygeneratorspi.java
c:\program files (x86)\gimp-2.0\share\gimp\2.0\patterns\cracked.pat
c:\program files (x86)\rvg software\holdem manager\keygenerateclasslibrary.dll
scanner sequence 3.EH.11.WQNAXF
----- EOF -----


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.05.11

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Alex :: ALEX-PC [administrator]

Protection: Enabled

4/5/2012 9:41:50 PM
mbam-log-2012-04-05 (21-41-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222033
Time elapsed: 8 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Is my pc clean?

Unread postby askey127 » April 6th, 2012, 7:54 am

blah9,
OK. That part was good.
A few more things:

------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
Scroll down to the section on the page, labeled Java SE 7 Update 3, click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform Windows x64 and click it.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.

During installation, be certain to Uncheck and Refuse any offer for "partner software" or toolbars.
When it finishes, you can remove the Installer from your desktop.
----------------------------------------------
Download and Run Temp File Cleaner (TFC.exe)
Download Temp File Cleaner and save it to your desktop.
You might want to Copy/Paste/Print these instructions and Save any unsaved work. TFC will close ALL open programs... including your browser!
Right click TFC.exe and choose Run as Administrator
If you have a lot of junk files to remove, it could take a while, so please be patient and let it finish.
When it's done, it will report the total size of files removed. If it asks to Reboot, choose to do so. This will remove files that could not be removed while Windows was running.
After Restart, log back in to your usual account.
(You can leave TFC on your desktop and run it every week or two to clean out leftover temporary files).
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right Click on TDSSKiller.exe and choose "Run as administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
    If you try to change the filename and extension, you may get a warning message from Windows because of the change of file extension. OK the change.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

If this looks OK, we will do an online scan, and we will then be quite confident your machine is clean.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby blah9 » April 6th, 2012, 10:50 pm

I've done all the steps asked. TDSS asked me if I wanted to update so I went ahead and updated to the latest version. So I actually have two logs. One log for the update and one log for the scan I'm posting both of them below.


22:43:58.0276 1892 TDSS rootkit removing tool 2.7.6.0 Jan 19 2012 13:09:04
22:44:05.0967 1892 Perform update action was selected
22:44:05.0982 1884 Deinitialize success

22:45:03.0969 4876 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02
22:45:04.0234 4876 ============================================================
22:45:04.0234 4876 Current date / time: 2012/04/06 22:45:04.0234
22:45:04.0234 4876 SystemInfo:
22:45:04.0234 4876
22:45:04.0234 4876 OS Version: 6.0.6002 ServicePack: 2.0
22:45:04.0234 4876 Product type: Workstation
22:45:04.0234 4876 ComputerName: ALEX-PC
22:45:04.0234 4876 UserName: Alex
22:45:04.0234 4876 Windows directory: C:\Windows
22:45:04.0234 4876 System windows directory: C:\Windows
22:45:04.0234 4876 Running under WOW64
22:45:04.0234 4876 Processor architecture: Intel x64
22:45:04.0234 4876 Number of processors: 2
22:45:04.0234 4876 Page size: 0x1000
22:45:04.0234 4876 Boot type: Normal boot
22:45:04.0234 4876 ============================================================
22:45:04.0655 4876 Drive \Device\Harddisk0\DR0 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:45:04.0655 4876 \Device\Harddisk0\DR0:
22:45:04.0655 4876 MBR used
22:45:04.0655 4876 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x2D1F5000
22:45:04.0702 4876 Initialize success
22:45:04.0702 4876 ============================================================
22:45:58.0902 4132 ============================================================
22:45:58.0902 4132 Scan started
22:45:58.0902 4132 Mode: Manual;
22:45:58.0902 4132 ============================================================
22:45:59.0495 4132 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:45:59.0495 4132 ACPI - ok
22:45:59.0744 4132 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:45:59.0760 4132 adp94xx - ok
22:45:59.0947 4132 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:45:59.0947 4132 adpahci - ok
22:46:00.0103 4132 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:46:00.0103 4132 adpu160m - ok
22:46:00.0181 4132 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:46:00.0181 4132 adpu320 - ok
22:46:00.0337 4132 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:46:00.0337 4132 AeLookupSvc - ok
22:46:00.0602 4132 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
22:46:00.0618 4132 AFD - ok
22:46:00.0712 4132 AgereModemAudio (8fe65709982f2cb7d291f6c9b2c60805) C:\Windows\system32\agr64svc.exe
22:46:00.0712 4132 AgereModemAudio - ok
22:46:00.0899 4132 AgereSoftModem (55fcdb10e31c22eb67454aaef42b6725) C:\Windows\system32\DRIVERS\agrsm64.sys
22:46:00.0946 4132 AgereSoftModem - ok
22:46:01.0102 4132 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:46:01.0102 4132 agp440 - ok
22:46:01.0211 4132 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:46:01.0211 4132 aic78xx - ok
22:46:01.0273 4132 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:46:01.0273 4132 ALG - ok
22:46:01.0414 4132 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:46:01.0414 4132 aliide - ok
22:46:01.0523 4132 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:46:01.0523 4132 amdide - ok
22:46:01.0726 4132 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:46:01.0726 4132 AmdK8 - ok
22:46:01.0991 4132 ApfiltrService (19b93a45c4428419e60fe840014407e7) C:\Windows\system32\DRIVERS\Apfiltr.sys
22:46:01.0991 4132 ApfiltrService - ok
22:46:02.0131 4132 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:46:02.0131 4132 Appinfo - ok
22:46:02.0256 4132 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:46:02.0256 4132 arc - ok
22:46:02.0350 4132 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:46:02.0350 4132 arcsas - ok
22:46:02.0584 4132 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:46:02.0584 4132 aspnet_state - ok
22:46:02.0771 4132 aswFsBlk (ce6d8bcc4787704ea4feeb92b0d0caf8) C:\Windows\system32\drivers\aswFsBlk.sys
22:46:02.0771 4132 aswFsBlk - ok
22:46:02.0880 4132 aswMonFlt (0debeb2e3fbd0bf5343125cce617f105) C:\Windows\system32\drivers\aswMonFlt.sys
22:46:02.0880 4132 aswMonFlt - ok
22:46:02.0942 4132 aswRdr (952edc2e81f85d1781958d4128bf59f8) C:\Windows\system32\drivers\aswRdr.sys
22:46:02.0942 4132 aswRdr - ok
22:46:03.0067 4132 aswSnx (dd383e2ac941c545a85ab72503da6c12) C:\Windows\system32\drivers\aswSnx.sys
22:46:03.0067 4132 aswSnx - ok
22:46:03.0348 4132 aswSP (ef5403fb8b2dcb791ec365fdf6040a4a) C:\Windows\system32\drivers\aswSP.sys
22:46:03.0348 4132 aswSP - ok
22:46:03.0364 4132 aswTdi (34165da5c6b30c0f9d61246bf8a28040) C:\Windows\system32\drivers\aswTdi.sys
22:46:03.0364 4132 aswTdi - ok
22:46:03.0457 4132 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:46:03.0457 4132 AsyncMac - ok
22:46:03.0520 4132 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:46:03.0520 4132 atapi - ok
22:46:03.0676 4132 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:46:03.0691 4132 AudioEndpointBuilder - ok
22:46:03.0691 4132 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:46:03.0707 4132 AudioSrv - ok
22:46:03.0941 4132 avast! Antivirus (996e6d052438e8d8dfd501f31560b2e0) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
22:46:03.0941 4132 avast! Antivirus - ok
22:46:04.0362 4132 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
22:46:04.0378 4132 BFE - ok
22:46:04.0580 4132 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
22:46:04.0596 4132 BITS - ok
22:46:04.0736 4132 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:46:04.0736 4132 blbdrive - ok
22:46:04.0830 4132 Bonjour Service (73686fe0b2e0469f89fd2075be724704) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
22:46:04.0830 4132 Bonjour Service - ok
22:46:04.0939 4132 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:46:04.0939 4132 bowser - ok
22:46:05.0033 4132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:46:05.0033 4132 BrFiltLo - ok
22:46:05.0080 4132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:46:05.0080 4132 BrFiltUp - ok
22:46:05.0158 4132 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:46:05.0158 4132 Browser - ok
22:46:05.0251 4132 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:46:05.0251 4132 Brserid - ok
22:46:05.0267 4132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:46:05.0267 4132 BrSerWdm - ok
22:46:05.0501 4132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:46:05.0501 4132 BrUsbMdm - ok
22:46:05.0563 4132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:46:05.0563 4132 BrUsbSer - ok
22:46:05.0626 4132 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:46:05.0626 4132 BTHMODEM - ok
22:46:05.0719 4132 camsvc (f1140ed3a1e1d6824a63f27afd9eef32) C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCameraSrv.exe
22:46:05.0719 4132 camsvc - ok
22:46:05.0797 4132 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:46:05.0813 4132 cdfs - ok
22:46:05.0938 4132 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:46:05.0938 4132 cdrom - ok
22:46:06.0047 4132 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:46:06.0047 4132 CertPropSvc - ok
22:46:06.0094 4132 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:46:06.0109 4132 circlass - ok
22:46:06.0203 4132 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:46:06.0203 4132 CLFS - ok
22:46:06.0296 4132 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:46:06.0296 4132 clr_optimization_v2.0.50727_32 - ok
22:46:06.0374 4132 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:46:06.0374 4132 clr_optimization_v2.0.50727_64 - ok
22:46:06.0499 4132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:46:06.0546 4132 clr_optimization_v4.0.30319_32 - ok
22:46:06.0811 4132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:46:06.0811 4132 clr_optimization_v4.0.30319_64 - ok
22:46:06.0952 4132 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
22:46:06.0952 4132 CmBatt - ok
22:46:07.0092 4132 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:46:07.0092 4132 cmdide - ok
22:46:07.0232 4132 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
22:46:07.0232 4132 Compbatt - ok
22:46:07.0513 4132 COMSysApp - ok
22:46:07.0825 4132 ConfigFree Gadget Service (bcf2c3177e4777e3793310bac0244c1a) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFProcSRVC.exe
22:46:07.0825 4132 ConfigFree Gadget Service - ok
22:46:07.0934 4132 ConfigFree Service (cab0eeaf5295fc96ddd3e19dce27e131) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
22:46:07.0934 4132 ConfigFree Service - ok
22:46:08.0122 4132 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:46:08.0122 4132 crcdisk - ok
22:46:08.0480 4132 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
22:46:08.0480 4132 CryptSvc - ok
22:46:08.0590 4132 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:46:08.0605 4132 DcomLaunch - ok
22:46:08.0855 4132 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:46:08.0855 4132 DfsC - ok
22:46:09.0416 4132 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
22:46:09.0510 4132 DFSR - ok
22:46:09.0869 4132 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
22:46:09.0884 4132 Dhcp - ok
22:46:10.0103 4132 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:46:10.0118 4132 disk - ok
22:46:10.0243 4132 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
22:46:10.0243 4132 Dnscache - ok
22:46:10.0415 4132 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
22:46:10.0415 4132 dot3svc - ok
22:46:10.0540 4132 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
22:46:10.0540 4132 Dot4 - ok
22:46:10.0586 4132 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:46:10.0586 4132 Dot4Print - ok
22:46:10.0711 4132 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
22:46:10.0711 4132 dot4usb - ok
22:46:10.0742 4132 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:46:10.0742 4132 DPS - ok
22:46:10.0898 4132 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:46:10.0898 4132 drmkaud - ok
22:46:10.0961 4132 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:46:10.0976 4132 DXGKrnl - ok
22:46:11.0554 4132 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:46:11.0554 4132 E1G60 - ok
22:46:11.0678 4132 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:46:11.0678 4132 EapHost - ok
22:46:11.0944 4132 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:46:11.0944 4132 Ecache - ok
22:46:12.0162 4132 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
22:46:12.0178 4132 ehRecvr - ok
22:46:12.0521 4132 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
22:46:12.0521 4132 ehSched - ok
22:46:12.0614 4132 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
22:46:12.0614 4132 ehstart - ok
22:46:12.0848 4132 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:46:12.0848 4132 elxstor - ok
22:46:13.0129 4132 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
22:46:13.0129 4132 EMDMgmt - ok
22:46:13.0753 4132 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:46:13.0753 4132 ErrDev - ok
22:46:14.0003 4132 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
22:46:14.0003 4132 EventSystem - ok
22:46:14.0128 4132 EvtEng (7e763f8f300346a8f1da8bb1dfa9ca97) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:46:14.0128 4132 EvtEng - ok
22:46:14.0424 4132 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:46:14.0424 4132 exfat - ok
22:46:14.0518 4132 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:46:14.0518 4132 fastfat - ok
22:46:14.0642 4132 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:46:14.0658 4132 fdc - ok
22:46:14.0674 4132 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:46:14.0674 4132 fdPHost - ok
22:46:14.0861 4132 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:46:14.0861 4132 FDResPub - ok
22:46:15.0017 4132 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:46:15.0032 4132 FileInfo - ok
22:46:15.0048 4132 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:46:15.0048 4132 Filetrace - ok
22:46:15.0157 4132 FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:46:15.0173 4132 FLEXnet Licensing Service - ok
22:46:15.0391 4132 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:46:15.0391 4132 flpydisk - ok
22:46:15.0563 4132 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:46:15.0563 4132 FltMgr - ok
22:46:15.0781 4132 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
22:46:15.0797 4132 FontCache - ok
22:46:15.0906 4132 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:46:15.0906 4132 FontCache3.0.0.0 - ok
22:46:16.0093 4132 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
22:46:16.0093 4132 Fs_Rec - ok
22:46:16.0202 4132 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:46:16.0202 4132 gagp30kx - ok
22:46:16.0390 4132 GameConsoleService (37331304e89a773b1a86fe681fca150d) C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
22:46:16.0390 4132 GameConsoleService - ok
22:46:16.0624 4132 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
22:46:16.0624 4132 gpsvc - ok
22:46:16.0811 4132 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:46:16.0811 4132 gupdate - ok
22:46:16.0873 4132 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:46:16.0873 4132 gupdatem - ok
22:46:16.0998 4132 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:46:16.0998 4132 gusvc - ok
22:46:17.0216 4132 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
22:46:17.0216 4132 HdAudAddService - ok
22:46:17.0528 4132 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:46:17.0606 4132 HDAudBus - ok
22:46:17.0762 4132 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:46:17.0762 4132 HidBth - ok
22:46:17.0903 4132 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:46:17.0903 4132 HidIr - ok
22:46:18.0090 4132 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
22:46:18.0090 4132 hidserv - ok
22:46:18.0246 4132 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:46:18.0246 4132 HidUsb - ok
22:46:18.0449 4132 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:46:18.0464 4132 hkmsvc - ok
22:46:18.0730 4132 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:46:18.0730 4132 HpCISSs - ok
22:46:18.0995 4132 HPSLPSVC (d4f91cf4de215d6f14a06087d46725e4) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
22:46:19.0010 4132 HPSLPSVC - ok
22:46:19.0556 4132 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:46:19.0619 4132 HTTP - ok
22:46:19.0946 4132 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:46:19.0946 4132 i2omp - ok
22:46:20.0165 4132 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:46:20.0165 4132 i8042prt - ok
22:46:21.0054 4132 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
22:46:21.0054 4132 iaStor - ok
22:46:22.0084 4132 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:46:22.0099 4132 iaStorV - ok
22:46:23.0082 4132 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
22:46:23.0098 4132 IDriverT - ok
22:46:23.0347 4132 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:46:23.0394 4132 idsvc - ok
22:46:26.0888 4132 igfx (8b7de1ea805335b1361d459acb4ece18) C:\Windows\system32\DRIVERS\igdkmd64.sys
22:46:27.0154 4132 igfx - ok
22:46:27.0341 4132 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:46:27.0341 4132 iirsp - ok
22:46:27.0575 4132 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
22:46:27.0590 4132 IKEEXT - ok
22:46:28.0090 4132 IntcAzAudAddService (627c6b352718e59df08f02c536e2e0ed) C:\Windows\system32\drivers\RTKVHD64.sys
22:46:28.0105 4132 IntcAzAudAddService - ok
22:46:28.0277 4132 IntcHdmiAddService (be1cb000c655396c9def09aee3ea2d67) C:\Windows\system32\drivers\IntcHdmi.sys
22:46:28.0277 4132 IntcHdmiAddService - ok
22:46:28.0417 4132 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:46:28.0417 4132 intelide - ok
22:46:28.0776 4132 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:46:28.0776 4132 intelppm - ok
22:46:29.0041 4132 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:46:29.0057 4132 IPBusEnum - ok
22:46:29.0213 4132 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:46:29.0213 4132 IpFilterDriver - ok
22:46:29.0322 4132 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
22:46:29.0322 4132 iphlpsvc - ok
22:46:29.0494 4132 IpInIp - ok
22:46:29.0587 4132 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:46:29.0587 4132 IPMIDRV - ok
22:46:29.0852 4132 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:46:29.0852 4132 IPNAT - ok
22:46:29.0977 4132 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:46:29.0977 4132 IRENUM - ok
22:46:30.0102 4132 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:46:30.0102 4132 isapnp - ok
22:46:30.0196 4132 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:46:30.0196 4132 iScsiPrt - ok
22:46:30.0367 4132 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:46:30.0367 4132 iteatapi - ok
22:46:30.0601 4132 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:46:30.0601 4132 iteraid - ok
22:46:30.0742 4132 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:46:30.0742 4132 kbdclass - ok
22:46:30.0960 4132 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
22:46:30.0960 4132 kbdhid - ok
22:46:31.0100 4132 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:46:31.0100 4132 KeyIso - ok
22:46:31.0350 4132 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
22:46:31.0350 4132 KSecDD - ok
22:46:31.0522 4132 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:46:31.0522 4132 ksthunk - ok
22:46:31.0709 4132 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:46:31.0709 4132 KtmRm - ok
22:46:31.0927 4132 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
22:46:31.0927 4132 LanmanServer - ok
22:46:32.0224 4132 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
22:46:32.0224 4132 LanmanWorkstation - ok
22:46:32.0317 4132 LightScribeService (6e5dac168d1ff9843e84a59d51d31107) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
22:46:32.0317 4132 LightScribeService - ok
22:46:32.0614 4132 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:46:32.0614 4132 lltdio - ok
22:46:32.0801 4132 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:46:32.0816 4132 lltdsvc - ok
22:46:32.0988 4132 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:46:32.0988 4132 lmhosts - ok
22:46:33.0097 4132 LPCFilter (9c551a9121639a9779862cb8a6cabf03) C:\Windows\system32\DRIVERS\LPCFilter.sys
22:46:33.0097 4132 LPCFilter - ok
22:46:33.0316 4132 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:46:33.0316 4132 LSI_FC - ok
22:46:33.0487 4132 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:46:33.0487 4132 LSI_SAS - ok
22:46:33.0752 4132 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:46:33.0752 4132 LSI_SCSI - ok
22:46:34.0111 4132 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:46:34.0111 4132 luafv - ok
22:46:34.0236 4132 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
22:46:34.0236 4132 Mcx2Svc - ok
22:46:34.0298 4132 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:46:34.0298 4132 megasas - ok
22:46:34.0439 4132 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:46:34.0439 4132 MegaSR - ok
22:46:34.0626 4132 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:46:34.0626 4132 MMCSS - ok
22:46:35.0000 4132 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:46:35.0000 4132 Modem - ok
22:46:35.0624 4132 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:46:35.0624 4132 monitor - ok
22:46:36.0108 4132 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:46:36.0108 4132 mouclass - ok
22:46:36.0280 4132 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:46:36.0280 4132 mouhid - ok
22:46:36.0529 4132 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:46:36.0529 4132 MountMgr - ok
22:46:36.0826 4132 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:46:36.0841 4132 mpio - ok
22:46:37.0138 4132 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:46:37.0138 4132 mpsdrv - ok
22:46:37.0325 4132 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
22:46:37.0340 4132 MpsSvc - ok
22:46:37.0481 4132 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:46:37.0481 4132 Mraid35x - ok
22:46:37.0996 4132 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:46:37.0996 4132 MRxDAV - ok
22:46:38.0276 4132 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:46:38.0276 4132 mrxsmb - ok
22:46:38.0635 4132 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:46:38.0635 4132 mrxsmb10 - ok
22:46:38.0900 4132 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:46:38.0900 4132 mrxsmb20 - ok
22:46:39.0072 4132 msahci (e7e3e515d1d33a2a372d7fce2bbef5d9) C:\Windows\system32\drivers\msahci.sys
22:46:39.0072 4132 msahci - ok
22:46:39.0259 4132 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:46:39.0275 4132 msdsm - ok
22:46:39.0524 4132 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:46:39.0540 4132 MSDTC - ok
22:46:39.0712 4132 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:46:39.0712 4132 Msfs - ok
22:46:39.0946 4132 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:46:39.0946 4132 msisadrv - ok
22:46:39.0992 4132 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:46:39.0992 4132 MSiSCSI - ok
22:46:40.0055 4132 msiserver - ok
22:46:40.0148 4132 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:46:40.0148 4132 MSKSSRV - ok
22:46:40.0211 4132 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:46:40.0211 4132 MSPCLOCK - ok
22:46:40.0304 4132 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:46:40.0320 4132 MSPQM - ok
22:46:40.0757 4132 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:46:40.0772 4132 MsRPC - ok
22:46:42.0083 4132 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:46:42.0083 4132 mssmbios - ok
22:46:42.0348 4132 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:46:42.0348 4132 MSTEE - ok
22:46:43.0003 4132 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:46:43.0003 4132 Mup - ok
22:46:43.0268 4132 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
22:46:43.0268 4132 napagent - ok
22:46:43.0424 4132 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:46:43.0440 4132 NativeWifiP - ok
22:46:43.0643 4132 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:46:43.0658 4132 NDIS - ok
22:46:43.0768 4132 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:46:43.0768 4132 NdisTapi - ok
22:46:43.0830 4132 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:46:43.0830 4132 Ndisuio - ok
22:46:43.0986 4132 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:46:44.0002 4132 NdisWan - ok
22:46:44.0267 4132 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:46:44.0267 4132 NDProxy - ok
22:46:44.0485 4132 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll
22:46:44.0485 4132 Net Driver HPZ12 - ok
22:46:44.0735 4132 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:46:44.0735 4132 NetBIOS - ok
22:46:44.0875 4132 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:46:44.0875 4132 netbt - ok
22:46:44.0953 4132 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:46:44.0953 4132 Netlogon - ok
22:46:45.0296 4132 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:46:45.0374 4132 Netman - ok
22:46:45.0515 4132 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:46:45.0530 4132 NetMsmqActivator - ok
22:46:45.0530 4132 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:46:45.0530 4132 NetPipeActivator - ok
22:46:45.0796 4132 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:46:45.0811 4132 netprofm - ok
22:46:46.0076 4132 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:46:46.0076 4132 NetTcpActivator - ok
22:46:46.0076 4132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:46:46.0076 4132 NetTcpPortSharing - ok
22:46:46.0451 4132 NETw5v64 (2bdcb7b7917380794c9d87ac2153ce33) C:\Windows\system32\DRIVERS\NETw5v64.sys
22:46:46.0607 4132 NETw5v64 - ok
22:46:46.0810 4132 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:46:46.0810 4132 nfrd960 - ok
22:46:46.0872 4132 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:46:46.0872 4132 NlaSvc - ok
22:46:47.0153 4132 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:46:47.0153 4132 Npfs - ok
22:46:47.0262 4132 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:46:47.0278 4132 nsi - ok
22:46:47.0418 4132 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:46:47.0418 4132 nsiproxy - ok
22:46:47.0870 4132 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:46:47.0886 4132 Ntfs - ok
22:46:48.0042 4132 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
22:46:48.0042 4132 NuidFltr - ok
22:46:48.0120 4132 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:46:48.0120 4132 Null - ok
22:46:48.0214 4132 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:46:48.0214 4132 nvraid - ok
22:46:48.0307 4132 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:46:48.0307 4132 nvstor - ok
22:46:48.0338 4132 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:46:48.0354 4132 nv_agp - ok
22:46:48.0416 4132 NwlnkFlt - ok
22:46:48.0432 4132 NwlnkFwd - ok
22:46:48.0588 4132 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:46:48.0588 4132 odserv - ok
22:46:48.0713 4132 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
22:46:48.0728 4132 ohci1394 - ok
22:46:48.0822 4132 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:46:48.0822 4132 ose - ok
22:46:49.0025 4132 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:46:49.0040 4132 p2pimsvc - ok
22:46:49.0118 4132 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:46:49.0118 4132 p2psvc - ok
22:46:49.0228 4132 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
22:46:49.0228 4132 Parport - ok
22:46:49.0462 4132 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
22:46:49.0462 4132 partmgr - ok
22:46:49.0493 4132 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:46:49.0493 4132 PcaSvc - ok
22:46:49.0571 4132 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:46:49.0571 4132 pci - ok
22:46:49.0789 4132 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\DRIVERS\pciide.sys
22:46:49.0789 4132 pciide - ok
22:46:49.0930 4132 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:46:49.0945 4132 pcmcia - ok
22:46:50.0008 4132 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:46:50.0008 4132 PEAUTH - ok
22:46:50.0179 4132 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:46:50.0179 4132 PerfHost - ok
22:46:50.0320 4132 PGEffect (2c3ba65f8ca712730050c29104e093f9) C:\Windows\system32\DRIVERS\pgeffect.sys
22:46:50.0320 4132 PGEffect - ok
22:46:50.0444 4132 pgsql-8.3 (7c620e950bf1fe96e0fc81985b0b0b4a) C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
22:46:50.0460 4132 pgsql-8.3 - ok
22:46:50.0585 4132 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:46:50.0600 4132 pla - ok
22:46:50.0756 4132 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
22:46:50.0756 4132 PlugPlay - ok
22:46:50.0881 4132 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll
22:46:50.0881 4132 Pml Driver HPZ12 - ok
22:46:50.0975 4132 PnkBstrA - ok
22:46:51.0100 4132 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:46:51.0115 4132 PNRPAutoReg - ok
22:46:51.0131 4132 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:46:51.0131 4132 PNRPsvc - ok
22:46:51.0380 4132 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
22:46:51.0396 4132 PolicyAgent - ok
22:46:51.0521 4132 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:46:51.0521 4132 PptpMiniport - ok
22:46:51.0614 4132 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:46:51.0614 4132 Processor - ok
22:46:51.0755 4132 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
22:46:51.0755 4132 ProfSvc - ok
22:46:51.0802 4132 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:46:51.0802 4132 ProtectedStorage - ok
22:46:52.0004 4132 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:46:52.0004 4132 PSched - ok
22:46:52.0192 4132 PTUMWBus (2d04e85a561d867bb46c1e8adf812ef9) C:\Windows\system32\DRIVERS\PTUMWBus.sys
22:46:52.0192 4132 PTUMWBus - ok
22:46:52.0519 4132 PTUMWCSP (835e3da6dbd727f2b369020418a5b7a8) C:\Windows\system32\DRIVERS\PTUMWCSP.sys
22:46:52.0519 4132 PTUMWCSP - ok
22:46:52.0706 4132 PTUMWFLT (137942a6b20430b5d365c8e26af6151a) C:\Windows\system32\DRIVERS\PTUMWFLT.sys
22:46:52.0706 4132 PTUMWFLT - ok
22:46:52.0862 4132 PTUMWMdm (bea56369770fca045ab40108f0575c79) C:\Windows\system32\DRIVERS\PTUMWMdm.sys
22:46:52.0862 4132 PTUMWMdm - ok
22:46:53.0096 4132 PTUMWNET (c7cd59cc46c7e5fb0b43018ea49b530c) C:\Windows\system32\DRIVERS\PTUMWNET.sys
22:46:53.0096 4132 PTUMWNET - ok
22:46:53.0252 4132 PTUMWNSP (52b35d95c74334e34769f3a911a632ae) C:\Windows\system32\DRIVERS\PTUMWNSP.sys
22:46:53.0252 4132 PTUMWNSP - ok
22:46:53.0299 4132 PTUMWVsp (0eb64a496e1af099ec8dbb122aeb3f16) C:\Windows\system32\DRIVERS\PTUMWVsp.sys
22:46:53.0315 4132 PTUMWVsp - ok
22:46:53.0533 4132 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:46:53.0580 4132 ql2300 - ok
22:46:53.0705 4132 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:46:53.0705 4132 ql40xx - ok
22:46:53.0861 4132 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:46:53.0861 4132 QWAVE - ok
22:46:54.0142 4132 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:46:54.0142 4132 QWAVEdrv - ok
22:46:54.0313 4132 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:46:54.0313 4132 RasAcd - ok
22:46:54.0438 4132 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:46:54.0454 4132 RasAuto - ok
22:46:54.0563 4132 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:46:54.0563 4132 Rasl2tp - ok
22:46:54.0594 4132 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
22:46:54.0594 4132 RasMan - ok
22:46:54.0797 4132 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:46:54.0797 4132 RasPppoe - ok
22:46:54.0968 4132 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:46:54.0984 4132 RasSstp - ok
22:46:55.0124 4132 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:46:55.0124 4132 rdbss - ok
22:46:55.0218 4132 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:46:55.0234 4132 RDPCDD - ok
22:46:55.0343 4132 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
22:46:55.0343 4132 rdpdr - ok
22:46:55.0405 4132 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:46:55.0405 4132 RDPENCDD - ok
22:46:55.0483 4132 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
22:46:55.0483 4132 RDPWD - ok
22:46:55.0592 4132 RegSrvc (0bf9e30d4f981cafede7de13604a45f5) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:46:55.0608 4132 RegSrvc - ok
22:46:55.0748 4132 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:46:55.0748 4132 RemoteAccess - ok
22:46:55.0842 4132 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
22:46:55.0842 4132 RemoteRegistry - ok
22:46:55.0873 4132 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:46:55.0873 4132 RpcLocator - ok
22:46:55.0982 4132 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:46:55.0998 4132 RpcSs - ok
22:46:56.0092 4132 RSELSVC - ok
22:46:56.0232 4132 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:46:56.0232 4132 rspndr - ok
22:46:56.0482 4132 RTL8169 (3e800d0dd24c5cfe61a1d71a3f6feab9) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:46:56.0482 4132 RTL8169 - ok
22:46:56.0560 4132 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:46:56.0560 4132 SamSs - ok
22:46:56.0872 4132 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:46:56.0872 4132 sbp2port - ok
22:46:56.0996 4132 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
22:46:56.0996 4132 SCardSvr - ok
22:46:57.0121 4132 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
22:46:57.0137 4132 Schedule - ok
22:46:57.0324 4132 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:46:57.0324 4132 SCPolicySvc - ok
22:46:57.0371 4132 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:46:57.0371 4132 SDRSVC - ok
22:46:57.0527 4132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:46:57.0558 4132 secdrv - ok
22:46:57.0730 4132 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:46:57.0745 4132 seclogon - ok
22:46:57.0823 4132 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
22:46:57.0823 4132 SENS - ok
22:46:57.0932 4132 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
22:46:57.0932 4132 Serenum - ok
22:46:58.0042 4132 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
22:46:58.0042 4132 Serial - ok
22:46:58.0166 4132 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:46:58.0166 4132 sermouse - ok
22:46:58.0322 4132 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:46:58.0322 4132 SessionEnv - ok
22:46:58.0447 4132 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:46:58.0447 4132 sffdisk - ok
22:46:58.0588 4132 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:46:58.0603 4132 sffp_mmc - ok
22:46:58.0728 4132 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:46:58.0744 4132 sffp_sd - ok
22:46:58.0884 4132 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:46:58.0884 4132 sfloppy - ok
22:46:59.0071 4132 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
22:46:59.0071 4132 SharedAccess - ok
22:46:59.0274 4132 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
22:46:59.0274 4132 ShellHWDetection - ok
22:46:59.0368 4132 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:46:59.0368 4132 SiSRaid2 - ok
22:46:59.0414 4132 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:46:59.0414 4132 SiSRaid4 - ok
22:46:59.0617 4132 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
22:46:59.0726 4132 slsvc - ok
22:46:59.0851 4132 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
22:46:59.0851 4132 SLUINotify - ok
22:46:59.0945 4132 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:46:59.0960 4132 Smb - ok
22:47:00.0132 4132 SMSIVZAM5X64 (b5d3c24e4ea8e6d4850e83dad8c510d4) C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS
22:47:00.0132 4132 SMSIVZAM5X64 - ok
22:47:00.0272 4132 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:47:00.0272 4132 SNMPTRAP - ok
22:47:00.0350 4132 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:47:00.0350 4132 spldr - ok
22:47:00.0538 4132 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
22:47:00.0553 4132 Spooler - ok
22:47:00.0662 4132 sprtsvc_verizondm - ok
22:47:00.0896 4132 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:47:00.0896 4132 srv - ok
22:47:01.0115 4132 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:47:01.0130 4132 srv2 - ok
22:47:01.0177 4132 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:47:01.0177 4132 srvnet - ok
22:47:01.0255 4132 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:47:01.0255 4132 SSDPSRV - ok
22:47:01.0396 4132 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:47:01.0396 4132 SstpSvc - ok
22:47:01.0442 4132 Steam Client Service - ok
22:47:01.0614 4132 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
22:47:01.0614 4132 StillCam - ok
22:47:01.0676 4132 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
22:47:01.0676 4132 stisvc - ok
22:47:01.0879 4132 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:47:01.0879 4132 swenum - ok
22:47:02.0082 4132 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
22:47:02.0082 4132 swprv - ok
22:47:02.0207 4132 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:47:02.0207 4132 Symc8xx - ok
22:47:02.0238 4132 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:47:02.0238 4132 Sym_hi - ok
22:47:02.0300 4132 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:47:02.0316 4132 Sym_u3 - ok
22:47:02.0488 4132 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
22:47:02.0550 4132 SysMain - ok
22:47:02.0628 4132 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:47:02.0644 4132 TabletInputService - ok
22:47:02.0690 4132 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
22:47:02.0706 4132 TapiSrv - ok
22:47:02.0862 4132 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:47:02.0862 4132 TBS - ok
22:47:03.0143 4132 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
22:47:03.0174 4132 Tcpip - ok
22:47:03.0408 4132 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
22:47:03.0424 4132 Tcpip6 - ok
22:47:03.0736 4132 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:47:03.0736 4132 tcpipreg - ok
22:47:03.0876 4132 tdcmdpst (d45586a9facb2c9708b10e491ef748a6) C:\Windows\system32\DRIVERS\tdcmdpst.sys
22:47:03.0876 4132 tdcmdpst - ok
22:47:04.0094 4132 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:47:04.0094 4132 TDPIPE - ok
22:47:04.0328 4132 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:47:04.0328 4132 TDTCP - ok
22:47:04.0531 4132 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:47:04.0531 4132 tdx - ok
22:47:04.0687 4132 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:47:04.0687 4132 TermDD - ok
22:47:04.0984 4132 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
22:47:04.0984 4132 TermService - ok
22:47:05.0093 4132 tgsrvc_verizondm - ok
22:47:05.0311 4132 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
22:47:05.0311 4132 Themes - ok
22:47:05.0436 4132 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:47:05.0436 4132 THREADORDER - ok
22:47:05.0576 4132 TNaviSrv (22bc804efe155f54252f389b0781d7f2) C:\Program Files (x86)\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
22:47:05.0576 4132 TNaviSrv - ok
22:47:05.0701 4132 TODDSrv (19af3434564e973bc232bbd629ec2bf6) C:\Windows\system32\TODDSrv.exe
22:47:05.0701 4132 TODDSrv - ok
22:47:05.0810 4132 TosCoSrv (7810e3a97e004cd2641fd3fc5d2a62cd) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
22:47:05.0810 4132 TosCoSrv - ok
22:47:05.0873 4132 TOSHIBA eco Utility Service (947b552af9371bb52ab1e8c184d1a3d0) C:\Program Files\TOSHIBA\TECO\TecoService.exe
22:47:05.0873 4132 TOSHIBA eco Utility Service - ok
22:47:05.0951 4132 TOSHIBA HDD SSD Alert Service (b67c69e2982769355d9ff76dd3b2a0fd) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
22:47:05.0951 4132 TOSHIBA HDD SSD Alert Service - ok
22:47:06.0122 4132 tos_sps64 (dd50a5df5f7b29fdb6b5fea728c43dc3) C:\Windows\system32\DRIVERS\tos_sps64.sys
22:47:06.0138 4132 tos_sps64 - ok
22:47:06.0185 4132 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:47:06.0185 4132 TrkWks - ok
22:47:06.0310 4132 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
22:47:06.0310 4132 TrustedInstaller - ok
22:47:06.0388 4132 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:47:06.0403 4132 tssecsrv - ok
22:47:06.0544 4132 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:47:06.0544 4132 tunmp - ok
22:47:06.0606 4132 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:47:06.0606 4132 tunnel - ok
22:47:06.0731 4132 TVALZ (9a744cc3d804ec38a6c2c65bc3c6fcd8) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
22:47:06.0731 4132 TVALZ - ok
22:47:06.0762 4132 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:47:06.0762 4132 uagp35 - ok
22:47:06.0840 4132 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:47:06.0840 4132 udfs - ok
22:47:07.0043 4132 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:47:07.0043 4132 UI0Detect - ok
22:47:07.0136 4132 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:47:07.0136 4132 uliagpkx - ok
22:47:07.0308 4132 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:47:07.0324 4132 uliahci - ok
22:47:07.0433 4132 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:47:07.0433 4132 UlSata - ok
22:47:07.0558 4132 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:47:07.0558 4132 ulsata2 - ok
22:47:07.0620 4132 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:47:07.0620 4132 umbus - ok
22:47:07.0745 4132 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:47:07.0745 4132 upnphost - ok
22:47:07.0979 4132 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
22:47:07.0979 4132 usbaudio - ok
22:47:08.0150 4132 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:47:08.0150 4132 usbccgp - ok
22:47:08.0353 4132 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:47:08.0353 4132 usbcir - ok
22:47:08.0587 4132 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:47:08.0603 4132 usbehci - ok
22:47:08.0728 4132 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:47:08.0743 4132 usbhub - ok
22:47:08.0868 4132 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:47:08.0868 4132 usbohci - ok
22:47:08.0993 4132 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:47:08.0993 4132 usbprint - ok
22:47:09.0196 4132 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:47:09.0196 4132 usbscan - ok
22:47:09.0367 4132 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:47:09.0367 4132 USBSTOR - ok
22:47:09.0476 4132 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:47:09.0476 4132 usbuhci - ok
22:47:09.0570 4132 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
22:47:09.0570 4132 usbvideo - ok
22:47:09.0710 4132 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
22:47:09.0710 4132 UxSms - ok
22:47:09.0788 4132 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
22:47:09.0788 4132 vds - ok
22:47:09.0976 4132 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:47:09.0976 4132 vga - ok
22:47:10.0100 4132 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:47:10.0100 4132 VgaSave - ok
22:47:10.0272 4132 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:47:10.0272 4132 viaide - ok
22:47:10.0412 4132 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:47:10.0428 4132 volmgr - ok
22:47:10.0490 4132 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:47:10.0490 4132 volmgrx - ok
22:47:10.0662 4132 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:47:10.0662 4132 volsnap - ok
22:47:10.0740 4132 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:47:10.0740 4132 vsmraid - ok
22:47:10.0958 4132 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
22:47:10.0974 4132 VSS - ok
22:47:11.0146 4132 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
22:47:11.0161 4132 W32Time - ok
22:47:11.0317 4132 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:47:11.0317 4132 WacomPen - ok
22:47:11.0473 4132 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:47:11.0473 4132 Wanarp - ok
22:47:11.0489 4132 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:47:11.0489 4132 Wanarpv6 - ok
22:47:11.0770 4132 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
22:47:11.0785 4132 wcncsvc - ok
22:47:11.0972 4132 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:47:11.0972 4132 WcsPlugInService - ok
22:47:12.0144 4132 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:47:12.0144 4132 Wd - ok
22:47:12.0316 4132 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:47:12.0394 4132 Wdf01000 - ok
22:47:12.0596 4132 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:47:12.0596 4132 WdiServiceHost - ok
22:47:12.0612 4132 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:47:12.0612 4132 WdiSystemHost - ok
22:47:12.0752 4132 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
22:47:12.0768 4132 WebClient - ok
22:47:12.0799 4132 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:47:12.0815 4132 Wecsvc - ok
22:47:13.0002 4132 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:47:13.0002 4132 wercplsupport - ok
22:47:13.0142 4132 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
22:47:13.0142 4132 WerSvc - ok
22:47:13.0205 4132 WinDefend - ok
22:47:13.0220 4132 WinHttpAutoProxySvc - ok
22:47:13.0470 4132 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
22:47:13.0470 4132 Winmgmt - ok
22:47:13.0751 4132 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:47:13.0782 4132 WinRM - ok
22:47:14.0078 4132 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
22:47:14.0078 4132 Wlansvc - ok
22:47:14.0281 4132 WmBEnum (7a58ba979f7acb3fc5310c771a1cf155) C:\Windows\system32\drivers\WmBEnum.sys
22:47:14.0281 4132 WmBEnum - ok
22:47:14.0390 4132 WmFilter (8693a75c3ffd4a0c9e32be621fda71fb) C:\Windows\system32\drivers\WmFilter.sys
22:47:14.0390 4132 WmFilter - ok
22:47:14.0422 4132 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:47:14.0422 4132 WmiAcpi - ok
22:47:14.0578 4132 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
22:47:14.0578 4132 wmiApSrv - ok
22:47:14.0624 4132 WMPNetworkSvc - ok
22:47:14.0843 4132 WmVirHid (3d9266ccd0f1edb020c7aa24d527942b) C:\Windows\system32\drivers\WmVirHid.sys
22:47:14.0843 4132 WmVirHid - ok
22:47:14.0952 4132 WmXlCore (3cffdf56a00408913b1e51c67f999e2e) C:\Windows\system32\drivers\WmXlCore.sys
22:47:14.0952 4132 WmXlCore - ok
22:47:15.0124 4132 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:47:15.0139 4132 WPCSvc - ok
22:47:15.0280 4132 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
22:47:15.0280 4132 WPDBusEnum - ok
22:47:15.0482 4132 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:47:15.0498 4132 WPFFontCache_v0400 - ok
22:47:15.0623 4132 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:47:15.0623 4132 ws2ifsl - ok
22:47:15.0779 4132 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
22:47:15.0794 4132 wscsvc - ok
22:47:15.0872 4132 WSDPrintDevice (de5f5212ab34221dd1618b5fefe8db6c) C:\Windows\system32\DRIVERS\WSDPrint.sys
22:47:15.0872 4132 WSDPrintDevice - ok
22:47:15.0950 4132 WSearch - ok
22:47:16.0075 4132 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
22:47:16.0231 4132 wuauserv - ok
22:47:16.0403 4132 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:47:16.0403 4132 WUDFRd - ok
22:47:16.0559 4132 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:47:16.0574 4132 wudfsvc - ok
22:47:16.0637 4132 MBR (0x1B8) (5b5e648d12fcadc244c1ec30318e1eb9) \Device\Harddisk0\DR0
22:47:16.0699 4132 \Device\Harddisk0\DR0 - ok
22:47:16.0699 4132 Boot (0x1200) (e3a2eee1988ba847ec5fa4a84c1930ad) \Device\Harddisk0\DR0\Partition0
22:47:16.0699 4132 \Device\Harddisk0\DR0\Partition0 - ok
22:47:16.0715 4132 ============================================================
22:47:16.0715 4132 Scan finished
22:47:16.0715 4132 ============================================================
22:47:16.0715 3360 Detected object count: 0
22:47:16.0715 3360 Actual detected object count: 0
22:47:41.0987 3516 Deinitialize success
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Is my pc clean?

Unread postby askey127 » April 8th, 2012, 6:38 am

blah9,
If this one comes up clean, we can be quite confident about your machine:
This may take quite a while (maybe a couple hours).
-------------------------------------------------
Run the ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.
You will, however, need to disable your current installed Anti-Virus. Additional information on how to do it is shown here.

Vista/Windows 7 users: You will need to to right-click on the either the Internet Explorer or FireFox icon in the Start Menu or Quick Launch Bar and select Run as Administrator.

  • Please go here to run the scan.
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby blah9 » April 9th, 2012, 6:06 pm

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3c6e6af6289fdd478d5ebdeb29897fc1
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-02-12 03:43:50
# local_time=2012-02-11 10:43:50 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 0 165608334 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=223895
# found=10
# cleaned=10
# scan_time=8601
C:\Users\Alex\AppData\Local\Temp\ICReinstall\cnet2_kl-2_6_1-windows-setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v236B29B5\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe probably a variant of Win32/Agent.BKPXXMH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v236B29B5\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe probably a variant of Win32/Agent.CTLFQHC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v236B29B5\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe probably a variant of Win32/Agent.CEGEMYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\Local\Xenocode\ApplianceCaches\HoldemManager.exe_v236B29B5\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe probably a variant of Win32/Agent.BCNHEGK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\73769d5f-6a9a838f Java/Agent.BU trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\Downloads\cnet2_kl-2_6_1-windows-setup_exe.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\Downloads\gb3-setup.exe a variant of Win32/Toolbar.Widgi application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\Downloads\guiminer-20110701.exe Win32/BitCoinMiner application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Alex\Downloads\guiminer\miners\ufasoft\bitcoin-miner.exe Win32/BitCoinMiner application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=3c6e6af6289fdd478d5ebdeb29897fc1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-04-09 03:47:28
# local_time=2012-04-08 11:47:28 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776573 100 56 0 170531015 0 0
# compatibility_mode=8192 67108863 100 0 4004867 4004867 0 0
# scanned=266442
# found=0
# cleaned=0
# scan_time=10939
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Is my pc clean?

Unread postby askey127 » April 9th, 2012, 6:19 pm

blah9,
You had some infections from "Holdem Manager".
Since you chose to remove them, they are gone.
Tells you something about poker sites.
I would do a fresh System Restore Point now.
You should now be clean and good to go.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby blah9 » April 9th, 2012, 7:01 pm

Thank you for all your help again Askey. I have removed all previous restore points and created a new one for today.

Yup holdem manger is all gone. FWIW My son told me the infections from the poker sites are false positives. But he had already decided he was done playing online poker though so I didn't need to debate him on how malware removal forums trumps his knowledge. So all of those are gone and we're good to go.

Thanks again Askey.
blah9
Regular Member
 
Posts: 19
Joined: January 14th, 2012, 8:50 pm

Re: Is my pc clean?

Unread postby askey127 » April 9th, 2012, 7:33 pm

blah9,
Better decide for yourself that the indications from poker sites are NOT false positives.
Only the aficianados believe that. They are a bit one-eyed.

Many poker sites either sell your information, track your internet browser, or post unwanted ads on your machine.
The worst ones put files on your computer to redirect your searches so they get paid extra for their efforts.
There are no poker sites with YOUR best interest at heart.
Some of the site owners have gone to jail for competition-fixing.
Trust me on this.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Is my pc clean?

Unread postby askey127 » April 9th, 2012, 7:41 pm

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13904
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 10 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware