Inactive [A] Win32/Toolbar.Widgi / Win32/OpenCandy

Status
Not open for further replies.
K

kebabby

Posts: 9   +0
Hi

Got a warning from AVG yesterday of a virus detection. I ran ESET last night and got the following results. Unfortunately, I did tick to remove threats but at the end of the test it didnt remove any threats.

C:\Documents and Settings\All Users\Documents\defragsetup.exea variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\All Users\Documents\GAVS HD\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application
C:\Documents and Settings\John Jackson\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application
C:\Documents and Settings\John Jackson\My Documents\GAVS HD\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application
C:\Documents and Settings\John Jackson\My Documents\My Downloads\asc-setup.exea variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\John Jackson\My Documents\My Downloads\defragsetup.exea variant of Win32/Toolbar.Widgi application
C:\Documents and Settings\John Jackson\My Documents\My Downloads\download-youtube-video2.exemultiple threats
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exea variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dlla variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8a variant of Win32/Toolbar.Widgi application
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9a variant of Win32/Toolbar.Widgi application
C:\Program Files\ImTOO Download YouTube Toolbar\UninstallToolbar.exeWin32/Somoto application
C:\Program Files\IObit Toolbar\IE\6.1\iobitToolbarIE.dlla variant of Win32/Toolbar.Widgi application
C:\WINDOWS\Installer\5f22d.msiprobably a variant of Win32/Toolbar.Widgi application
Operating memorya variant of Win32/Toolbar.Widgi application

Any help on how to remove these viruses?

Thanks for any help.

John
 
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5b6d659a4aefa74887e9453b9aad0245
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-07-26 08:04:09
# local_time=2012-07-26 09:04:09 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1024 16777191 100 0 24223801 24223801 0 0
# compatibility_mode=8192 67108863 100 0 307 307 0 0
# scanned=311129
# found=24
# cleaned=0
# scan_time=12201
C:\Documents and Settings\All Users\Documents\defragsetup.exea variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\All Users\Documents\GAVS HD\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\John Jackson\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\John Jackson\My Documents\GAVS HD\My Documents\Downloads\videora-appletv-600-setup.exeWin32/OpenCandy application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\John Jackson\My Documents\My Downloads\asc-setup.exea variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\John Jackson\My Documents\My Downloads\defragsetup.exea variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Documents and Settings\John Jackson\My Documents\My Downloads\download-youtube-video2.exemultiple threats (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exea variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dlla variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\Program Files\ImTOO Download YouTube Toolbar\UninstallToolbar.exeWin32/Somoto application (unable to clean)00000000000000000000000000000000I
C:\Program Files\IObit Toolbar\IE\6.1\iobitToolbarIE.dlla variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
C:\WINDOWS\Installer\5f22d.msiprobably a variant of Win32/Toolbar.Widgi application (unable to clean)00000000000000000000000000000000I
${Memory}a variant of Win32/Toolbar.Widgi application00000000000000000000000000000000I
 
Welcome aboard
yahooo.gif


Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hi,

Sorry for the delay - I have been away all weekend.

I will send logs over tomorrow morning, I need to run the gmer scan overnight.

Thanks

John
 
HI Broni

I'm having difficulties with the GMER and DDS.

DDS just hangs after a certain point, Ive run it 4 times now and hangs at the same point. I have disabled firewall, antivirus, internet. It says should complete in 3 minutes but I'm letting it run for 20, the computer then crashes and I have to reset the PC to continue. It will not close via Task Manager.

I think GMER failed last night so will have to run it again tonight as this one takes ages due to the amount of files on the PC. I have posted the log below in case I am wrong. But I started it yesterday morning and it was going for ages so I had to cancel it as needed to use the PC.

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Malwarebytes produced the following log.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.31.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
John Jackson :: JUICELAN-SERVER [administrator]

31/07/2012 11:57:40
mbam-log-2012-07-31 (11-57-40).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 202106
Time elapsed: 12 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 09:01:27
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Scsi\ahcix861Port2Path0Target4Lun0 WDC____ rev.01.01A01
Running: kse2l739.exe; Driver: C:\DOCUME~1\JOHNJA~1\LOCALS~1\Temp\uwwyrfod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeKey [0xA549C004]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwNotifyChangeMultipleKeys [0xA549C0D4]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xA549BD76]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xA549BE1E]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xA549BEBA]
SSDT \SystemRoot\system32\DRIVERS\avgidsshimx.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xA549BF56]
---- Kernel code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB5371000, 0x2AAE02, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2484] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs avgidsfilterx.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
---- EOF - GMER 1.0.15 ----
Thanks
JOhn
 
  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

====================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com
Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Safe mode
User: John Jackson [Admin rights]
Mode: Scan -- Date: 08/02/2012 01:05:20
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 1 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD5000AADS-00L4B SCSI Disk Device +++++
--- User ---
[MBR] 6166b1f7e4d1d806d5e404de3075fea9
[BSP] a1ea4e84f4f7937e985c2e9eab579892 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 2048 | Size: 125000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 256002048 | Size: 351938 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: WDC WD10EADS-00L5B1 SCSI Disk Device +++++
--- User ---
[MBR] b118bf96ee8406f6fa19189d8fcb86a7
[BSP] 384433c83e8193dee65003719052906c : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 250003 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 512007615 | Size: 20002 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 552973365 | Size: 683860 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
 
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 09:23:57
-----------------------------
09:23:57.781 OS Version: Windows 5.1.2600 Service Pack 3
09:23:57.781 Number of processors: 6 586 0xA00
09:23:57.781 ComputerName: JUICELAN-SERVER UserName: John Jackson
09:23:58.578 Initialize success
09:26:23.546 AVAST engine defs: 12073102
09:26:53.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target1Lun0
09:26:53.171 Disk 0 Vendor: WDC____ 05.04C05 Size: 476940MB BusType: 3
09:26:53.171 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix861Port2Path0Target4Lun0
09:26:53.171 Disk 1 Vendor: WDC____ 01.01A01 Size: 953868MB BusType: 3
09:26:53.187 Disk 1 MBR read successfully
09:26:53.187 Disk 1 MBR scan
09:26:53.218 Disk 1 Windows XP default MBR code
09:26:53.234 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
09:26:53.234 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 20002 MB offset 512007615
09:26:53.234 Disk 1 Partition - 00 0F Extended LBA 683860 MB offset 552973365
09:26:53.250 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 683860 MB offset 552973428
09:26:53.250 Disk 1 scanning sectors +1953520065
09:26:53.328 Disk 1 scanning C:\WINDOWS\system32\drivers
09:27:01.484 Service scanning
09:27:13.765 Modules scanning
09:27:16.906 Disk 1 trace - called modules:
09:27:16.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll ahcix86.sys
09:27:16.921 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a580ab8]
09:27:16.921 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port2Path0Target4Lun0[0x8a581030]
09:27:18.515 AVAST engine scan C:\WINDOWS
09:27:25.593 AVAST engine scan C:\WINDOWS\system32
09:29:46.421 AVAST engine scan C:\WINDOWS\system32\drivers
09:30:00.609 AVAST engine scan C:\Documents and Settings\John Jackson
09:50:16.234 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\John Jackson\Desktop\MBR.dat"
09:50:16.234 The log file has been saved successfully to "C:\Documents and Settings\John Jackson\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 21:45:44
-----------------------------
21:45:44.546 OS Version: Windows 5.1.2600 Service Pack 3
21:45:44.546 Number of processors: 6 586 0xA00
21:45:44.546 ComputerName: JUICELAN-SERVER UserName: John Jackson
21:45:45.171 Initialize success
21:45:55.750 AVAST engine defs: 12073102
22:46:44.953 The log file has been saved successfully to "C:\Documents and Settings\John Jackson\Desktop\aswMBR1.txt"
22:47:16.171 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\ahcix861Port2Path0Target1Lun0
22:47:16.187 Disk 0 Vendor: WDC____ 05.04C05 Size: 476940MB BusType: 3
22:47:16.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\ahcix861Port2Path0Target4Lun0
22:47:16.187 Disk 1 Vendor: WDC____ 01.01A01 Size: 953868MB BusType: 3
22:47:16.203 Disk 1 MBR read successfully
22:47:16.218 Disk 1 MBR scan
22:47:16.250 Disk 1 Windows XP default MBR code
22:47:16.250 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 250003 MB offset 63
22:47:16.265 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 20002 MB offset 512007615
22:47:16.281 Disk 1 Partition - 00 0F Extended LBA 683860 MB offset 552973365
22:47:16.296 Disk 1 Partition 3 00 07 HPFS/NTFS NTFS 683860 MB offset 552973428
22:47:16.312 Disk 1 scanning sectors +1953520065
22:47:16.359 Disk 1 scanning C:\WINDOWS\system32\drivers
22:47:25.375 Service scanning
22:47:44.078 Modules scanning
22:47:46.890 Disk 1 trace - called modules:
22:47:47.015 ntkrnlpa.exe CLASSPNP.SYS disk.sys SCSIPORT.SYS hal.dll ahcix86.sys
22:47:47.125 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a56c0c8]
22:47:47.218 3 CLASSPNP.SYS[b8118fd7] -> nt!IofCallDriver -> \Device\Scsi\ahcix861Port2Path0Target4Lun0[0x8affd030]
22:47:48.156 AVAST engine scan C:\WINDOWS
22:47:55.984 AVAST engine scan C:\WINDOWS\system32
22:50:01.734 AVAST engine scan C:\WINDOWS\system32\drivers
22:50:14.234 AVAST engine scan C:\Documents and Settings\John Jackson
23:18:36.609 AVAST engine scan C:\Documents and Settings\All Users
23:25:12.656 Scan finished successfully
01:02:44.375 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\John Jackson\Desktop\MBR.dat"
01:02:44.390 The log file has been saved successfully to "C:\Documents and Settings\John Jackson\Desktop\aswMBR.txt"
 
Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
09:06:04.0484 4700TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
09:06:05.0562 4700============================================================
09:06:05.0562 4700Current date / time: 2012/08/03 09:06:05.0562
09:06:05.0562 4700SystemInfo:
09:06:05.0562 4700
09:06:05.0562 4700OS Version: 5.1.2600 ServicePack: 3.0
09:06:05.0562 4700Product type: Workstation
09:06:05.0562 4700ComputerName: JUICELAN-SERVER
09:06:05.0562 4700UserName: John Jackson
09:06:05.0562 4700Windows directory: C:\WINDOWS
09:06:05.0562 4700System windows directory: C:\WINDOWS
09:06:05.0562 4700Processor architecture: Intel x86
09:06:05.0562 4700Number of processors: 6
09:06:05.0562 4700Page size: 0x1000
09:06:05.0562 4700Boot type: Normal boot
09:06:05.0562 4700============================================================
09:06:06.0656 4700Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:06:06.0671 4700Drive \Device\Harddisk1\DR1 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
09:06:06.0671 4700============================================================
09:06:06.0671 4700\Device\Harddisk0\DR0:
09:06:06.0671 4700MBR partitions:
09:06:06.0671 4700\Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0x800, BlocksNum 0xF424000
09:06:06.0671 4700\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF424800, BlocksNum 0x2AF61000
09:06:06.0671 4700\Device\Harddisk1\DR1:
09:06:06.0671 4700MBR partitions:
09:06:06.0671 4700\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1E849D80
09:06:06.0671 4700\Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1E849DBF, BlocksNum 0x2711676
09:06:06.0718 4700\Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x20F5B474, BlocksNum 0x537AA54D
09:06:06.0718 4700============================================================
09:06:06.0750 4700C: <-> \Device\Harddisk1\DR1\Partition0
09:06:06.0781 4700E: <-> \Device\Harddisk1\DR1\Partition1
09:06:06.0796 4700F: <-> \Device\Harddisk1\DR1\Partition2
09:06:06.0828 4700G: <-> \Device\Harddisk0\DR0\Partition1
09:06:06.0828 4700============================================================
09:06:06.0828 4700Initialize success
09:06:06.0828 4700============================================================
09:06:27.0140 6584============================================================
09:06:27.0140 6584Scan started
09:06:27.0140 6584Mode: Manual;
09:06:27.0140 6584============================================================
09:06:27.0343 6584Abiosdsk - ok
09:06:27.0343 6584abp480n5 - ok
09:06:27.0375 6584ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
09:06:27.0375 6584ACPI - ok
09:06:27.0375 6584ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
09:06:27.0375 6584ACPIEC - ok
09:06:27.0437 6584AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
09:06:27.0453 6584AdobeFlashPlayerUpdateSvc - ok
09:06:27.0453 6584adpu160m - ok
09:06:27.0593 6584AdvancedSystemCareService5 (e410da575ff48d976b41670c6d262a82) C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
09:06:27.0593 6584AdvancedSystemCareService5 - ok
09:06:27.0671 6584aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
09:06:27.0703 6584aec - ok
09:06:27.0734 6584AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
09:06:27.0734 6584AFD - ok
09:06:27.0734 6584Aha154x - ok
09:06:27.0765 6584ahcix86 (b0343de60ff4d4e799bdff594703f8dc) C:\WINDOWS\system32\DRIVERS\ahcix86.sys
09:06:27.0765 6584ahcix86 - ok
09:06:27.0781 6584aic78u2 - ok
09:06:27.0781 6584aic78xx - ok
09:06:27.0796 6584AiChargerPlus (2ea975ec6985dd2cf8b895efc1e3d9b3) C:\WINDOWS\system32\DRIVERS\AiChargerPlus.sys
09:06:27.0796 6584AiChargerPlus - ok
09:06:27.0812 6584Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
09:06:27.0828 6584Alerter - ok
09:06:27.0843 6584ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
09:06:27.0843 6584ALG - ok
09:06:27.0843 6584AliIde - ok
09:06:27.0937 6584Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys
09:06:27.0968 6584Ambfilt - ok
09:06:28.0078 6584AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
09:06:28.0078 6584AmdPPM - ok
09:06:28.0093 6584amsint - ok
09:06:28.0187 6584Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
09:06:28.0187 6584Apple Mobile Device - ok
09:06:28.0312 6584Application Updater (0805ecf10476a091999e4d59d0db71a2) C:\Program Files\Application Updater\ApplicationUpdater.exe
09:06:28.0328 6584Application Updater - ok
09:06:28.0359 6584AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
09:06:28.0359 6584AppMgmt - ok
09:06:28.0390 6584Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
09:06:28.0406 6584Arp1394 - ok
09:06:28.0406 6584asc - ok
09:06:28.0406 6584asc3350p - ok
09:06:28.0406 6584asc3550 - ok
09:06:28.0515 6584asComSvc (fb03a917c1294d3e6d671f24722e1ba3) C:\Program Files\ASUS\AXSP\1.00.13\atkexComSvc.exe
09:06:28.0546 6584asComSvc - ok
09:06:28.0609 6584asHmComSvc (a63173897ea1a73a75d0e65036de5b15) C:\Program Files\ASUS\AAHM\1.00.14\aaHMSvc.exe
09:06:28.0625 6584asHmComSvc - ok
09:06:28.0671 6584AsIO (419f3128e01b5ac038efd500314f62b8) C:\WINDOWS\system32\drivers\AsIO.sys
09:06:28.0671 6584AsIO - ok
09:06:28.0703 6584asmthub3 (f46bf942a7045ae27adfd039327772bf) C:\WINDOWS\system32\DRIVERS\asmthub3.sys
09:06:28.0703 6584asmthub3 - ok
09:06:28.0734 6584asmtxhci (8695f88fbe5b9938bc8bc5693f710969) C:\WINDOWS\system32\DRIVERS\asmtxhci.sys
09:06:28.0734 6584asmtxhci - ok
09:06:28.0843 6584aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
09:06:28.0859 6584aspnet_state - ok
09:06:28.0953 6584AsSysCtrlService (5c31dfb196cb3a488a041881634d86d2) C:\Program Files\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
09:06:28.0968 6584AsSysCtrlService - ok
09:06:29.0000 6584AsUpIO (a9a565c669786c402752f609afdd0dd5) C:\WINDOWS\system32\drivers\AsUpIO.sys
09:06:29.0000 6584AsUpIO - ok
09:06:29.0015 6584AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
09:06:29.0015 6584AsyncMac - ok
09:06:29.0031 6584atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
09:06:29.0031 6584atapi - ok
09:06:29.0031 6584Atdisk - ok
09:06:29.0093 6584Ati HotKey Poller (288e9f9cb529b4f7c6b58fc53940fb46) C:\WINDOWS\system32\Ati2evxx.exe
09:06:29.0125 6584Ati HotKey Poller - ok
09:06:29.0468 6584ati2mtag (913da327ad22c6fa44c41d36fd8cc570) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
09:06:29.0562 6584ati2mtag - ok
09:06:29.0656 6584AtiHDAudioService (0d6b8359677d05142b624f09c28d643a) C:\WINDOWS\system32\drivers\AtihdXP3.sys
09:06:29.0656 6584AtiHDAudioService - ok
09:06:29.0687 6584Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
09:06:29.0687 6584Atmarpc - ok
09:06:29.0703 6584AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
09:06:29.0703 6584AudioSrv - ok
09:06:29.0734 6584audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
09:06:29.0734 6584audstub - ok
09:06:30.0046 6584AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
09:06:30.0125 6584AVGIDSAgent - ok
09:06:30.0187 6584AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys
09:06:30.0187 6584AVGIDSDriver - ok
09:06:30.0203 6584AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys
09:06:30.0218 6584AVGIDSFilter - ok
09:06:30.0234 6584AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\WINDOWS\system32\DRIVERS\avgidshx.sys
09:06:30.0234 6584AVGIDSHX - ok
09:06:30.0265 6584AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys
09:06:30.0265 6584AVGIDSShim - ok
09:06:30.0281 6584Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
09:06:30.0281 6584Avgldx86 - ok
09:06:30.0281 6584Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
09:06:30.0281 6584Avgmfx86 - ok
09:06:30.0296 6584Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
09:06:30.0296 6584Avgrkx86 - ok
09:06:30.0359 6584Avgtdix (1263f2554ace925c237a40b4c568d815) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
09:06:30.0390 6584Avgtdix - ok
09:06:30.0421 6584avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
09:06:30.0421 6584avgwd - ok
09:06:30.0453 6584Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
09:06:30.0453 6584Beep - ok
09:06:30.0500 6584BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
09:06:30.0500 6584BITS - ok
09:06:30.0562 6584Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
09:06:30.0578 6584Bonjour Service - ok
09:06:30.0609 6584Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
09:06:30.0640 6584Browser - ok
09:06:30.0656 6584BVRPMPR5 (248dfa5762dde38dfddbbd44149e9d7a) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
09:06:30.0656 6584BVRPMPR5 - ok
09:06:30.0875 6584CarboniteService (e581146b4e24601d3b3c60e960de4e3b) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
09:06:30.0937 6584CarboniteService - ok
09:06:31.0015 6584cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
09:06:31.0015 6584cbidf2k - ok
09:06:31.0015 6584cd20xrnt - ok
09:06:31.0046 6584Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
09:06:31.0046 6584Cdaudio - ok
09:06:31.0078 6584Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
09:06:31.0078 6584Cdfs - ok
09:06:31.0109 6584Cdr4_xp (aaf9f526b4b429a894e3e537c008ba60) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
09:06:31.0109 6584Cdr4_xp - ok
09:06:31.0125 6584Cdralw2k (64137df18b9f38d7eb8ee360726ed5bd) C:\WINDOWS\system32\drivers\Cdralw2k.sys
09:06:31.0125 6584Cdralw2k - ok
09:06:31.0140 6584Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
09:06:31.0140 6584Cdrom - ok
09:06:31.0171 6584cdudf_xp (d6af450ee494df67a6d4e26b4ce34f09) C:\WINDOWS\system32\drivers\cdudf_xp.sys
09:06:31.0171 6584cdudf_xp - ok
09:06:31.0171 6584Changer - ok
09:06:31.0203 6584cisvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\System32\cisvc.exe
09:06:31.0203 6584cisvc - ok
09:06:31.0218 6584ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
09:06:31.0218 6584ClipSrv - ok
09:06:31.0296 6584clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
09:06:31.0359 6584clr_optimization_v2.0.50727_32 - ok
09:06:31.0437 6584clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
09:06:31.0453 6584clr_optimization_v4.0.30319_32 - ok
09:06:31.0453 6584CmdIde - ok
09:06:31.0500 6584cmpci (e5842ccf0953d3d46d5e26427b67e901) C:\WINDOWS\system32\drivers\cmaudio.sys
09:06:31.0515 6584cmpci - ok
09:06:31.0515 6584COMSysApp - ok
09:06:31.0515 6584Cpqarray - ok
09:06:31.0546 6584CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
09:06:31.0562 6584CryptSvc - ok
09:06:31.0562 6584dac2w2k - ok
09:06:31.0562 6584dac960nt - ok
09:06:31.0609 6584DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:06:31.0625 6584DcomLaunch - ok
09:06:31.0640 6584Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
09:06:31.0640 6584Dhcp - ok
09:06:31.0656 6584Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
09:06:31.0656 6584Disk - ok
09:06:31.0656 6584dmadmin - ok
09:06:31.0718 6584dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
09:06:31.0734 6584dmboot - ok
09:06:31.0750 6584dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
09:06:31.0812 6584dmio - ok
09:06:31.0828 6584dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
09:06:31.0828 6584dmload - ok
09:06:31.0859 6584dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
09:06:31.0859 6584dmserver - ok
09:06:31.0890 6584DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
09:06:31.0890 6584DMusic - ok
09:06:31.0921 6584Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
09:06:31.0921 6584Dnscache - ok
09:06:31.0953 6584Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
09:06:31.0953 6584Dot3svc - ok
09:06:31.0953 6584dpti2o - ok
09:06:31.0953 6584drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
09:06:31.0968 6584drmkaud - ok
09:06:31.0968 6584dvd_2K (d58a3c236b37a3a1f76b8f9c6288d1c3) C:\WINDOWS\system32\drivers\dvd_2K.sys
09:06:31.0968 6584dvd_2K - ok
09:06:32.0000 6584EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
09:06:32.0000 6584EapHost - ok
09:06:32.0015 6584ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
09:06:32.0015 6584ERSvc - ok
09:06:32.0031 6584Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:06:32.0062 6584Eventlog - ok
09:06:32.0093 6584EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\System32\es.dll
09:06:32.0093 6584EventSystem - ok
09:06:32.0140 6584Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
09:06:32.0140 6584Fastfat - ok
09:06:32.0156 6584FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:06:32.0156 6584FastUserSwitchingCompatibility - ok
09:06:32.0171 6584Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
09:06:32.0171 6584Fdc - ok
09:06:32.0187 6584Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
09:06:32.0187 6584Fips - ok
09:06:32.0281 6584FLEXnet Licensing Service (227846995afeefa70d328bf5334a86a5) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
09:06:32.0312 6584FLEXnet Licensing Service - ok
09:06:32.0312 6584Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
09:06:32.0312 6584Flpydisk - ok
09:06:32.0343 6584FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
09:06:32.0343 6584FltMgr - ok
09:06:32.0406 6584FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
09:06:32.0421 6584FontCache3.0.0.0 - ok
09:06:32.0453 6584Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
09:06:32.0453 6584Fs_Rec - ok
09:06:32.0484 6584Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
09:06:32.0484 6584Ftdisk - ok
09:06:32.0500 6584gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
09:06:32.0500 6584gameenum - ok
09:06:32.0531 6584gdrv (c6e3105b8c68c35cc1eb26a00fd1a8c6) C:\WINDOWS\gdrv.sys
09:06:33.0187 6584gdrv - ok
09:06:33.0203 6584GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
09:06:33.0203 6584GEARAspiWDM - ok
09:06:33.0218 6584Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
09:06:33.0218 6584Gpc - ok
09:06:33.0250 6584hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
09:06:33.0250 6584hamachi - ok
09:06:33.0281 6584HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
09:06:33.0281 6584HDAudBus - ok
09:06:33.0359 6584helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
09:06:33.0359 6584helpsvc - ok
09:06:33.0390 6584HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
09:06:33.0390 6584HidServ - ok
09:06:33.0406 6584hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
09:06:33.0406 6584hidusb - ok
09:06:33.0453 6584hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
09:06:33.0468 6584hkmsvc - ok
09:06:33.0468 6584hpn - ok
09:06:33.0468 6584hpt3xx - ok
09:06:33.0531 6584HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
09:06:33.0531 6584HTTP - ok
09:06:33.0562 6584HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
09:06:33.0562 6584HTTPFilter - ok
09:06:33.0562 6584i2omgmt - ok
09:06:33.0562 6584i2omp - ok
09:06:33.0593 6584i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\drivers\i8042prt.sys
09:06:33.0593 6584i8042prt - ok
09:06:33.0703 6584IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
09:06:33.0750 6584IDriverT - ok
09:06:33.0812 6584idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
09:06:33.0828 6584idsvc - ok
09:06:33.0843 6584Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
09:06:33.0843 6584Imapi - ok
09:06:33.0890 6584ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\System32\imapi.exe
09:06:33.0890 6584ImapiService - ok
09:06:33.0890 6584ini910u - ok
09:06:34.0187 6584IntcAzAudAddService (52b1c4ce44ee58f7e781c561efb22517) C:\WINDOWS\system32\drivers\RtkHDAud.sys
09:06:34.0265 6584IntcAzAudAddService - ok
09:06:34.0328 6584IntelIde - ok
09:06:34.0359 6584ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
09:06:34.0359 6584ip6fw - ok
09:06:34.0375 6584IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
09:06:34.0375 6584IpFilterDriver - ok
09:06:34.0390 6584IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
09:06:34.0390 6584IpInIp - ok
09:06:34.0421 6584IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
09:06:34.0421 6584IpNat - ok
09:06:34.0500 6584iPod Service (ce004777b92dea56fe14ec900d20baa4) C:\Program Files\iPod\bin\iPodService.exe
09:06:34.0515 6584iPod Service - ok
09:06:34.0546 6584IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
09:06:34.0562 6584IPSec - ok
09:06:34.0593 6584IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
09:06:34.0593 6584IRENUM - ok
09:06:34.0593 6584isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
09:06:34.0593 6584isapnp - ok
09:06:34.0703 6584JavaQuickStarterService (4f2143570d2250ca4c4a4c98553c82cd) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
09:06:34.0703 6584JavaQuickStarterService - ok
09:06:34.0734 6584Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
09:06:34.0734 6584Kbdclass - ok
09:06:34.0734 6584kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
09:06:34.0734 6584kbdhid - ok
09:06:34.0765 6584kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
09:06:34.0765 6584kmixer - ok
09:06:34.0781 6584KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
09:06:34.0781 6584KSecDD - ok
09:06:34.0828 6584lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
09:06:34.0828 6584lanmanserver - ok
09:06:34.0859 6584lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
09:06:34.0859 6584lanmanworkstation - ok
09:06:34.0875 6584lbrtfdc - ok
09:06:34.0906 6584LHidKe (31b582394da3290dff300f10952e9a4d) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
09:06:34.0906 6584LHidKe - ok
09:06:34.0937 6584LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
09:06:34.0937 6584LmHosts - ok
09:06:34.0937 6584lmimirr - ok
09:06:34.0937 6584LMouKE (90a794d0a0bf3531c4ba1c0510449629) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
09:06:34.0953 6584LMouKE - ok
09:06:35.0000 6584McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files\Common Files\Motive\McciCMService.exe
09:06:35.0015 6584McciCMService - ok
09:06:35.0093 6584MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
09:06:35.0093 6584MDM - ok
09:06:35.0109 6584Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
09:06:35.0125 6584Messenger - ok
09:06:35.0156 6584mmc_2K (af89fa6cc924729ded21d4c3be413cca) C:\WINDOWS\system32\drivers\mmc_2K.sys
09:06:35.0171 6584mmc_2K - ok
09:06:35.0203 6584mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
09:06:35.0203 6584mnmdd - ok
09:06:35.0234 6584mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\System32\mnmsrvc.exe
09:06:35.0234 6584mnmsrvc - ok
09:06:35.0250 6584Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
09:06:35.0250 6584Modem - ok
09:06:35.0328 6584Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys
09:06:35.0359 6584Monfilt - ok
09:06:35.0484 6584Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
09:06:35.0484 6584Mouclass - ok
09:06:35.0515 6584mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
09:06:35.0515 6584mouhid - ok
09:06:35.0531 6584MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
09:06:35.0531 6584MountMgr - ok
09:06:35.0546 6584mraid35x - ok
09:06:35.0640 6584MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
09:06:35.0640 6584MREMP50 - ok
09:06:35.0640 6584MREMPR5 - ok
09:06:35.0656 6584MRENDIS5 - ok
09:06:35.0656 6584MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
09:06:35.0656 6584MRESP50 - ok
09:06:35.0687 6584MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
09:06:35.0687 6584MRxDAV - ok
09:06:35.0718 6584MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
09:06:35.0718 6584MRxSmb - ok
09:06:35.0750 6584MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\System32\msdtc.exe
09:06:35.0750 6584MSDTC - ok
09:06:35.0765 6584Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
09:06:35.0765 6584Msfs - ok
09:06:35.0781 6584MSIServer - ok
09:06:35.0812 6584MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
09:06:35.0812 6584MSKSSRV - ok
09:06:35.0828 6584MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
09:06:35.0828 6584MSPCLOCK - ok
09:06:35.0843 6584MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
09:06:35.0843 6584MSPQM - ok
09:06:35.0875 6584mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
09:06:35.0875 6584mssmbios - ok
09:06:35.0890 6584Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
09:06:35.0890 6584Mup - ok
09:06:35.0921 6584napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
09:06:35.0921 6584napagent - ok
09:06:35.0937 6584NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
09:06:35.0953 6584NDIS - ok
09:06:35.0968 6584NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
09:06:35.0968 6584NdisTapi - ok
09:06:36.0000 6584Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
09:06:36.0000 6584Ndisuio - ok
09:06:36.0015 6584NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
09:06:36.0031 6584NdisWan - ok
09:06:36.0046 6584NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
09:06:36.0046 6584NDProxy - ok
09:06:36.0078 6584NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
09:06:36.0078 6584NetBIOS - ok
09:06:36.0093 6584NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
09:06:36.0093 6584NetBT - ok
09:06:36.0125 6584NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:06:36.0125 6584NetDDE - ok
09:06:36.0125 6584NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
09:06:36.0125 6584NetDDEdsdm - ok
09:06:36.0140 6584Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:06:36.0140 6584Netlogon - ok
09:06:36.0156 6584Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
09:06:36.0156 6584Netman - ok
09:06:36.0234 6584NetTcpPortSharing (d34612c5d02d026535b3095d620626ae) C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
09:06:36.0234 6584NetTcpPortSharing - ok
09:06:36.0250 6584NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
09:06:36.0250 6584NIC1394 - ok
09:06:36.0250 6584NielGfx - ok
09:06:36.0265 6584nielprt - ok
09:06:36.0296 6584Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
09:06:36.0296 6584Nla - ok
09:06:36.0328 6584nlsX86cc (23688f610a5a16dd8b4d93d2f7bd44f6) C:\WINDOWS\system32\NLSSRV32.EXE
09:06:36.0328 6584nlsX86cc - ok
09:06:36.0343 6584Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
09:06:36.0343 6584Npfs - ok
09:06:36.0390 6584Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
09:06:36.0390 6584Ntfs - ok
09:06:36.0390 6584NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:06:36.0390 6584NtLmSsp - ok
09:06:36.0437 6584NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
09:06:36.0437 6584NtmsSvc - ok
09:06:36.0468 6584Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
09:06:36.0468 6584Null - ok
09:06:36.0953 6584nv (18281a647f8d2a0afd00f4a9f52c59f4) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
09:06:37.0109 6584nv - ok
09:06:37.0218 6584nvatabus (4d6c6b46b3edf6f2e219a86b61d104ae) C:\WINDOWS\system32\drivers\nvatabus.sys
09:06:37.0234 6584nvatabus - ok
09:06:37.0250 6584NVENETFD (1b83b60541be1b6db81641c448007f21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
09:06:37.0265 6584NVENETFD - ok
09:06:37.0296 6584nvnetbus (57b669f9234604a350174b86764444b0) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
09:06:37.0296 6584nvnetbus - ok
09:06:37.0328 6584NVSvc (566fca65a30e5a2817e2ea2879156035) C:\WINDOWS\system32\nvsvc32.exe
09:06:37.0328 6584NVSvc - ok
09:06:37.0359 6584NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
09:06:37.0359 6584NwlnkFlt - ok
09:06:37.0375 6584NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
09:06:37.0375 6584NwlnkFwd - ok
09:06:37.0484 6584odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
09:06:37.0484 6584odserv - ok
09:06:37.0500 6584ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
09:06:37.0500 6584ohci1394 - ok
09:06:37.0531 6584ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
09:06:37.0531 6584ose - ok
09:06:37.0562 6584Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
09:06:37.0562 6584Parport - ok
09:06:37.0562 6584PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
09:06:37.0562 6584PartMgr - ok
09:06:37.0593 6584ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
09:06:37.0593 6584ParVdm - ok
09:06:37.0593 6584PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
09:06:37.0593 6584PCI - ok
09:06:37.0609 6584PCIDump - ok
09:06:37.0625 6584PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
09:06:37.0625 6584PCIIde - ok
09:06:37.0640 6584Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
09:06:37.0640 6584Pcmcia - ok
09:06:37.0656 6584PCPitstop Scheduling - ok
09:06:37.0656 6584PDCOMP - ok
09:06:37.0656 6584PDFRAME - ok
09:06:37.0671 6584PDRELI - ok
09:06:37.0671 6584PDRFRAME - ok
09:06:37.0671 6584perc2 - ok
09:06:37.0671 6584perc2hib - ok
09:06:37.0718 6584PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
09:06:37.0718 6584PlugPlay - ok
09:06:37.0734 6584PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\System32\lsass.exe
09:06:37.0734 6584PolicyAgent - ok
09:06:37.0750 6584PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
09:06:37.0750 6584PptpMiniport - ok
09:06:37.0765 6584Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
09:06:37.0765 6584Processor - ok
09:06:37.0765 6584ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:06:37.0765 6584ProtectedStorage - ok
09:06:37.0765 6584PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
09:06:37.0765 6584PSched - ok
09:06:37.0781 6584Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
09:06:37.0781 6584Ptilink - ok
09:06:37.0796 6584pwd_2k (1c2b63fefbd912055ec885894d001dfd) C:\WINDOWS\system32\drivers\pwd_2k.sys
09:06:37.0812 6584pwd_2k - ok
09:06:37.0812 6584ql1080 - ok
09:06:37.0812 6584Ql10wnt - ok
09:06:37.0812 6584ql12160 - ok
09:06:37.0812 6584ql1240 - ok
09:06:37.0812 6584ql1280 - ok
09:06:37.0828 6584RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
09:06:37.0828 6584RasAcd - ok
09:06:37.0859 6584RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
09:06:37.0859 6584RasAuto - ok
09:06:37.0859 6584Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
09:06:37.0859 6584Rasl2tp - ok
09:06:37.0906 6584RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
09:06:37.0906 6584RasMan - ok
09:06:37.0906 6584RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
09:06:37.0906 6584RasPppoe - ok
09:06:37.0921 6584Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
09:06:37.0921 6584Raspti - ok
09:06:37.0937 6584Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
09:06:37.0937 6584Rdbss - ok
09:06:37.0937 6584RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
09:06:37.0937 6584RDPCDD - ok
09:06:37.0953 6584rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
09:06:37.0953 6584rdpdr - ok
09:06:37.0984 6584RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
09:06:37.0984 6584RDPWD - ok
09:06:38.0015 6584RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
09:06:38.0015 6584RDSessMgr - ok
09:06:38.0031 6584redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
09:06:38.0031 6584redbook - ok
09:06:38.0078 6584RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
09:06:38.0109 6584RemoteAccess - ok
09:06:38.0140 6584RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
09:06:38.0140 6584RemoteRegistry - ok
09:06:38.0156 6584RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\System32\locator.exe
09:06:38.0156 6584RpcLocator - ok
09:06:38.0203 6584RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
09:06:38.0203 6584RpcSs - ok
09:06:38.0234 6584RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\System32\rsvp.exe
09:06:38.0234 6584RSVP - ok
09:06:38.0281 6584RTLE8023xp (eb6caf7c5fccb50c3e62f878640e082e) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
09:06:38.0281 6584RTLE8023xp - ok
09:06:38.0359 6584Sage SData Service (daf4d47e625670f3952687210100d2cb) C:\Program Files\Common Files\Sage SData\Sage.SData.Service.exe
09:06:38.0359 6584Sage SData Service - ok
09:06:38.0375 6584SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
09:06:38.0390 6584SamSs - ok
09:06:38.0421 6584SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
09:06:38.0421 6584SASDIFSV - ok
09:06:38.0437 6584SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
09:06:38.0437 6584SASKUTIL - ok
09:06:38.0484 6584SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
09:06:38.0484 6584SCardSvr - ok
09:06:38.0515 6584Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
09:06:38.0515 6584Schedule - ok
09:06:38.0546 6584Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
09:06:38.0546 6584Secdrv - ok
09:06:38.0578 6584seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
09:06:38.0578 6584seclogon - ok
09:06:38.0609 6584SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
09:06:38.0609 6584SENS - ok
09:06:38.0640 6584serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
09:06:38.0640 6584serenum - ok
09:06:38.0640 6584Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
09:06:38.0656 6584Serial - ok
09:06:38.0671 6584Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
09:06:38.0671 6584Sfloppy - ok
09:06:38.0687 6584SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
09:06:38.0703 6584SharedAccess - ok
09:06:38.0718 6584ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:06:38.0718 6584ShellHWDetection - ok
09:06:38.0718 6584Simbad - ok
09:06:38.0718 6584SmartDefragDriver - ok
09:06:38.0718 6584Sparrow - ok
09:06:38.0796 6584splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
09:06:38.0796 6584splitter - ok
09:06:38.0812 6584Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
09:06:38.0828 6584Spooler - ok
09:06:38.0859 6584sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
09:06:38.0859 6584sr - ok
09:06:38.0890 6584srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\System32\srsvc.dll
09:06:38.0890 6584srservice - ok
09:06:38.0921 6584Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
09:06:38.0921 6584Srv - ok
09:06:38.0953 6584SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
09:06:38.0953 6584SSDPSRV - ok
09:06:38.0968 6584StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
09:06:38.0968 6584StillCam - ok
09:06:39.0015 6584stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
09:06:39.0015 6584stisvc - ok
09:06:39.0046 6584swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
09:06:39.0046 6584swenum - ok
09:06:39.0046 6584swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
09:06:39.0046 6584swmidi - ok
09:06:39.0046 6584SwPrv - ok
09:06:39.0046 6584symc810 - ok
09:06:39.0046 6584symc8xx - ok
09:06:39.0062 6584sym_hi - ok
09:06:39.0062 6584sym_u3 - ok
09:06:39.0078 6584sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
09:06:39.0078 6584sysaudio - ok
09:06:39.0093 6584SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
09:06:39.0109 6584SysmonLog - ok
09:06:39.0125 6584TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
09:06:39.0125 6584TapiSrv - ok
09:06:39.0171 6584Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
09:06:39.0171 6584Tcpip - ok
09:06:39.0203 6584TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
09:06:39.0203 6584TDPIPE - ok
09:06:39.0234 6584TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
09:06:39.0234 6584TDTCP - ok
09:06:39.0234 6584TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
09:06:39.0234 6584TermDD - ok
09:06:39.0281 6584TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
09:06:39.0281 6584TermService - ok
09:06:39.0296 6584Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
09:06:39.0296 6584Themes - ok
09:06:39.0328 6584TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\System32\tlntsvr.exe
09:06:39.0328 6584TlntSvr - ok
09:06:39.0328 6584TosIde - ok
09:06:39.0375 6584TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
09:06:39.0375 6584TrkWks - ok
09:06:39.0406 6584UdfReadr_xp (6b9a26d1cfdd3c9b4623c33637495568) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
09:06:39.0406 6584UdfReadr_xp - ok
09:06:39.0437 6584Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
09:06:39.0453 6584Udfs - ok
09:06:39.0453 6584ultra - ok
09:06:39.0500 6584Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
09:06:39.0500 6584Update - ok
09:06:39.0546 6584upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
09:06:39.0546 6584upnphost - ok
09:06:39.0578 6584UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
09:06:39.0578 6584UPS - ok
09:06:39.0593 6584usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
09:06:39.0593 6584usbccgp - ok
09:06:39.0625 6584usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
09:06:39.0625 6584usbehci - ok
09:06:39.0656 6584usbfilter (933efb453a2c54ce4b2631b318d41959) C:\WINDOWS\system32\DRIVERS\usbfilter.sys
09:06:39.0656 6584usbfilter - ok
09:06:39.0687 6584usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
09:06:39.0687 6584usbhub - ok
09:06:39.0718 6584usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
09:06:39.0718 6584usbohci - ok
09:06:39.0734 6584usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
09:06:39.0734 6584usbprint - ok
09:06:39.0750 6584usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
09:06:39.0750 6584usbscan - ok
09:06:39.0812 6584USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
09:06:39.0812 6584USBSTOR - ok
09:06:39.0828 6584VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
09:06:39.0828 6584VgaSave - ok
09:06:39.0828 6584ViaIde - ok
09:06:39.0859 6584vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
09:06:39.0875 6584vncdrv - ok
09:06:39.0875 6584VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
09:06:39.0875 6584VolSnap - ok
09:06:39.0921 6584VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
09:06:39.0921 6584VSS - ok
09:06:40.0078 6584vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
09:06:40.0093 6584vToolbarUpdater11.2.0 - ok
09:06:40.0125 6584W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\System32\w32time.dll
09:06:40.0125 6584W32Time - ok
09:06:40.0187 6584Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
09:06:40.0187 6584Wanarp - ok
09:06:40.0328 6584Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
09:06:40.0343 6584Wdf01000 - ok
09:06:40.0359 6584WDICA - ok
09:06:40.0421 6584wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
09:06:40.0421 6584wdmaud - ok
09:06:40.0453 6584WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
09:06:40.0453 6584WebClient - ok
09:06:40.0500 6584winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
09:06:40.0500 6584winmgmt - ok
09:06:40.0750 6584WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
09:06:40.0781 6584WinRM - ok
09:06:40.0843 6584WMDM PMSP Service (668056d5c3c11ab7d266819a96b964e8) C:\WINDOWS\system32\MsPMSPSv.exe
09:06:40.0843 6584WMDM PMSP Service - ok
09:06:40.0875 6584WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
09:06:40.0890 6584WmdmPmSN - ok
09:06:40.0921 6584Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
09:06:40.0953 6584Wmi - ok
09:06:41.0000 6584WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
09:06:41.0000 6584WmiAcpi - ok
09:06:41.0046 6584WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\System32\wbem\wmiapsrv.exe
09:06:41.0062 6584WmiApSrv - ok
09:06:41.0171 6584WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
09:06:41.0187 6584WMPNetworkSvc - ok
09:06:41.0390 6584WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
09:06:41.0406 6584WPFFontCache_v0400 - ok
09:06:41.0468 6584wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
09:06:41.0468 6584wscsvc - ok
09:06:41.0468 6584WSearch - ok
09:06:41.0500 6584wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
09:06:41.0500 6584wuauserv - ok
09:06:41.0546 6584WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
09:06:41.0562 6584WudfPf - ok
09:06:41.0562 6584WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
09:06:41.0562 6584WudfRd - ok
09:06:41.0593 6584WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
09:06:41.0609 6584WudfSvc - ok
09:06:41.0640 6584WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
09:06:41.0656 6584WZCSVC - ok
09:06:41.0687 6584xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
09:06:41.0703 6584xmlprov - ok
09:06:41.0718 6584MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
09:06:41.0937 6584\Device\Harddisk0\DR0 - ok
09:06:41.0953 6584MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
09:06:42.0234 6584\Device\Harddisk1\DR1 - ok
09:06:42.0250 6584Boot (0x1200) (ca9e170222149bd0e4cb65356cb99c1d) \Device\Harddisk0\DR0\Partition0
09:06:42.0250 6584\Device\Harddisk0\DR0\Partition0 - ok
09:06:42.0250 6584Boot (0x1200) (6be0082daa16be24f515f23e3e9e2775) \Device\Harddisk0\DR0\Partition1
09:06:42.0250 6584\Device\Harddisk0\DR0\Partition1 - ok
09:06:42.0250 6584Boot (0x1200) (36076df4e7fffd7af41b6d6d3ce7d871) \Device\Harddisk1\DR1\Partition0
09:06:42.0250 6584\Device\Harddisk1\DR1\Partition0 - ok
09:06:42.0281 6584Boot (0x1200) (7af99e101cb85393b19de07d57032a43) \Device\Harddisk1\DR1\Partition1
09:06:42.0281 6584\Device\Harddisk1\DR1\Partition1 - ok
09:06:42.0281 6584Boot (0x1200) (6ae7e4c0aea5b6b3a407ed1cc274b43f) \Device\Harddisk1\DR1\Partition2
09:06:42.0281 6584\Device\Harddisk1\DR1\Partition2 - ok
09:06:42.0281 6584============================================================
09:06:42.0281 6584Scan finished
09:06:42.0281 6584============================================================
09:06:42.0296 4576Detected object count: 0
09:06:42.0296 4576Actual detected object count: 0
 
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Just to update, I am having problems with the last program. I have uninstalled AVG with Appremover but Combofix still detects it and hangs when running. Same in safe mode, and same with rKill. I am going to try the other 2 rKill downloads next.
 
This topic is marked as abandoned and closed due to inactivity.
This member will NOT be eligible to receive any more help in malware removal forum.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
794
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back