Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Web searches hijacked - 2008R2 Remote Desktop Server


  • Please log in to reply
11 replies to this topic

#1 Stung One

Stung One

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 07 January 2012 - 05:16 AM

Windows 2008 R2 server running Remote Desktop Services

Both Firefox and Internet Explorer lead users to 95p.com pages. For example, searching for "Hello World" within Google takes me to legit search engine results but when I click on the Wikipedia link, I get a link to http://95p.com/?search=hello%20world&subid=25&key=f10a8a2532c7caa708d7 instead.

Tried both TDSSKiller (renamed to iexplorer.exe before being copied to this server - nothing found) and MalwareBytes (one Trojen.Agent found in Temporary Internet Files) but the problem remains.

Proxy server settings in both browsers appear correct (blank) as do DNS and router settings.

The browser hijacking appears to affect all users.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 07 January 2012 - 01:43 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

====================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 Stung One

Stung One
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 08 January 2012 - 12:29 PM

Download Security Check from HERE, and save it to your Desktop.


Results of screen317's Security Check version 0.99.24
Service Pack 2 x86 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 30
Adobe Flash Player ( 10.2.152.26) Flash Player Out of Date!
Mozilla Firefox (x86 en-US..)
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````


Please download Farbar Service Scanner and run it on the computer with the issue.[list]


Farbar Service Scanner
Ran by administrator on 07-01-2012 at 23:56:35
Microsoft® Windows Server® 2008 Standard Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.

mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.


Firewall Disabled Policy:
==================


System Restore:
============
SDRSVC Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open SDRSVC registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open SDRSVC registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open SDRSVC registry key. The service key does not exist.


System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
===========

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys
[2008-01-19 00:55] - [2008-01-19 00:55] - 0016384 ____A (Microsoft Corporation) 609773E344A97410CE4EBF74A8914FCF

C:\Windows\system32\Drivers\afd.sys
[2011-06-16 02:07] - [2011-04-21 08:58] - 0273408 ____A (Microsoft Corporation)

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
Attention! C:\Windows\system32\SDRSVC.dll is missing.
C:\Windows\system32\vssvc.exe => MD5 is legit
Attention! C:\Windows\system32\wscsvc.dll is missing.
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll
[2009-04-11 07:57] - [2009-04-11 07:57] - 0758784 ____A (Microsoft Corporation) 93952506C6D67330367F7E7934B6A02F

C:\Windows\system32\es.dll
[2009-04-11 07:57] - [2009-04-11 07:57] - 0268800 ____A (Microsoft Corporation) 67058C46504BC12D821F38CF99B7B28F

C:\Windows\system32\cryptsvc.dll
[2009-04-11 07:57] - [2009-04-11 07:57] - 0129024 ____A (Microsoft Corporation) FB27772BEAF8E1D28CCD825C09DA939B

C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

Please download MiniToolBox and run it.


Received "The ordinal 1108 could not be located in the dynamic link library WSOCK32.dll" three times.

MiniToolBox by Farbar
Ran by administrator on 07-01-2012 at 23:58:01
Microsoft® Windows Server® 2008 Standard Service Pack 2 (X86)
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0
========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

Intel® PRO/1000 MT Network Connection = Local Area Connection (Connected)
The following helper DLL cannot be loaded: WSHELPER.DLL.
The following helper DLL cannot be loaded: IFMON.DLL.
The following command was not found: int ip dump.

Windows IP Configuration

Host Name . . . . . . . . . . . . : TS1
Primary Dns Suffix . . . . . . . : company.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : company.local

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/1000 MT Network Connection
Physical Address. . . . . . . . . : 00-0C-29-B6-5F-54
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::715a:4536:1a7d:a941%10(Preferred)
IPv4 Address. . . . . . . . . . . : 10.1.1.22(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.1.1
DHCPv6 IAID . . . . . . . . . . . : 234884137
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-B8-DB-81-00-0C-29-B6-5F-54
DNS Servers . . . . . . . . . . . : 10.1.1.2
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 8:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{FFF4DA51-AB4D-4299-A310-4B924BCECD86}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Pinging google.com [74.125.115.106] with 32 bytes of data:
Reply from 74.125.115.106: bytes=32 time=38ms TTL=48
Reply from 74.125.115.106: bytes=32 time=55ms TTL=48

Ping statistics for 74.125.115.106:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 55ms, Average = 46ms

Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=88ms TTL=48
Reply from 72.30.2.43: bytes=32 time=89ms TTL=48

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 88ms, Maximum = 89ms, Average = 88ms

Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10 ...00 0c 29 b6 5f 54 ...... Intel® PRO/1000 MT Network Connection
1 ........................... Software Loopback Interface 1
11 ...00 00 00 00 00 00 00 e0 isatap.{FFF4DA51-AB4D-4299-A310-4B924BCECD86}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.1.1.1 10.1.1.22 266
10.1.1.0 255.255.255.0 On-link 10.1.1.22 266
10.1.1.22 255.255.255.255 On-link 10.1.1.22 266
10.1.1.255 255.255.255.255 On-link 10.1.1.22 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.1.1.22 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.1.1.22 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.1.1.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 266 fe80::/64 On-link
10 266 fe80::715a:4536:1a7d:a941/128
On-link
1 306 ff00::/8 On-link
10 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 mswsock.dll [File Not found] ()
Catalog5 04 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll [413696] (VMware, Inc.)
Catalog9 12 C:\Program Files\VMware\VMware Tools\VSock SDK\bin\win32\vsocklib.dll [413696] (VMware, Inc.)
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/07/2012 11:58:57 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x1120, application start time 0xnslookup.exe0.

Error: (01/07/2012 11:58:49 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xefc, application start time 0xnslookup.exe0.

Error: (01/07/2012 11:58:41 PM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x880, application start time 0xnslookup.exe0.

Error: (01/07/2012 03:38:50 AM) (Source: Application Error) (User: )
Description: Faulting application mbamservice.exe, version 1.60.0.25, time stamp 0x4eea3ac1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0045660b,
process id 0xeac, application start time 0xmbamservice.exe0.

Error: (01/07/2012 03:38:22 AM) (Source: Application Error) (User: )
Description: Faulting application mbamservice.exe, version 1.60.0.25, time stamp 0x4eea3ac1, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0045660b,
process id 0x314, application start time 0xmbamservice.exe0.

Error: (01/07/2012 03:36:53 AM) (Source: Application Error) (User: )
Description: Faulting application XrxFaxServer.exe, version 1.4.2.0, time stamp 0x4ba3291b, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xbb8, application start time 0xXrxFaxServer.exe0.

Error: (01/07/2012 03:36:35 AM) (Source: Application Error) (User: )
Description: Faulting application XrxFaxServer.exe, version 1.4.2.0, time stamp 0x4ba3291b, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x624, application start time 0xXrxFaxServer.exe0.

Error: (01/07/2012 03:34:28 AM) (Source: Application Error) (User: )
Description: Faulting application winlogon.exe, version 6.0.6002.18005, time stamp 0x49e01d05, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000005, fault offset 0x00035d44,
process id 0x248, application start time 0xwinlogon.exe0.

Error: (01/07/2012 03:13:23 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0x2408, application start time 0xnslookup.exe0.

Error: (01/07/2012 03:13:16 AM) (Source: Application Error) (User: )
Description: Faulting application nslookup.exe, version 6.0.6002.18005, time stamp 0x49e01d63, faulting module ntdll.dll, version 6.0.6002.18327, time stamp 0x4cb73436, exception code 0xc0000138, fault offset 0x00009f7d,
process id 0xfec, application start time 0xnslookup.exe0.


System errors:
=============
Error: (01/07/2012 07:24:10 AM) (Source: UmrdpService) (User: )
Description: Driver hp LaserJet 1300 PCL 6 required for printer !!5.69.220.104!Hamachi Print is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/07/2012 07:23:40 AM) (Source: DCOM) (User: )
Description: SLAPTOP

Error: (01/07/2012 07:22:39 AM) (Source: DCOM) (User: )
Description: SLAPTOP

Error: (01/07/2012 07:21:39 AM) (Source: DCOM) (User: )
Description: SLAPTOP

Error: (01/07/2012 07:20:39 AM) (Source: UmrdpService) (User: )
Description: Driver Brother PC-FAX v.2 required for printer Brother PC-FAX v.2 is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/07/2012 07:20:35 AM) (Source: UmrdpService) (User: )
Description: Driver HP Color LaserJet 3800 PCL 6 required for printer !!RECEPTION!HP Color is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/07/2012 07:20:34 AM) (Source: UmrdpService) (User: )
Description: Driver Brother MFC-5890CN Printer required for printer Brother MFC-5890CN Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/07/2012 07:20:34 AM) (Source: UmrdpService) (User: )
Description: Driver Nuance Image Printer Driver required for printer PaperPort Image Printer is unknown. Contact the administrator to install the driver before you log in again.

Error: (01/07/2012 07:20:21 AM) (Source: DCOM) (User: )
Description: SLAPTOP

Error: (01/07/2012 07:19:22 AM) (Source: DCOM) (User: )
Description: SLAPTOP


Microsoft Office Sessions:
=========================
Error: (12/22/2011 11:39:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 11253 seconds with 2340 seconds of active time. This session ended with a crash.

Error: (10/10/2011 10:56:25 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 10013 seconds with 1260 seconds of active time. This session ended with a crash.

Error: (09/09/2011 11:06:37 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2431485 seconds with 1680 seconds of active time. This session ended with a crash.

Error: (08/31/2011 06:48:25 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 1421672 seconds with 9060 seconds of active time. This session ended with a crash.

Error: (08/26/2011 06:23:27 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 21653 seconds with 6420 seconds of active time. This session ended with a crash.

Error: (07/17/2011 02:27:19 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 134367 seconds with 60 seconds of active time. This session ended with a crash.

Error: (07/05/2011 07:33:07 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 108 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/24/2011 03:41:26 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6557.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 14514 seconds with 3540 seconds of active time. This session ended with a crash.

Error: (04/29/2011 10:51:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 11567 seconds with 1800 seconds of active time. This session ended with a crash.

Error: (04/27/2011 03:51:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6555.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 29544 seconds with 5880 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

32 Bit HP CIO Components Installer (Version: 6.1.2)
Adobe Flash Player 10 ActiveX (Version: 10.0.42.34)
Adobe Flash Player 10 Plugin (Version: 10.2.152.26)
Adobe Reader 9.2 (Version: 9.2.0)
American Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.32012.0)
American Module for Microsoft Dynamics NAV Documentation (Version: 6.0.32012.0)
American Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.32012.0)
Apple Application Support (Version: 1.1.0)
Apple Software Update (Version: 2.1.1.116)
Canadian Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.32012.0)
Canadian Module for Microsoft Dynamics NAV Documentation (Version: 6.0.32012.0)
Canadian Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.32012.0)
Carbonite (Version: 4.1.1 build 406 (Sep-08-2011))
DeltaCopy (Version: 1.40.0000)
Documentation (Version: 6.0.29626.0)
Enterprise (Version: 50.0.165.000)
IsoBuster 2.8 (Version: 2.8)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
LivePerson
Malwarebytes Anti-Malware version 1.60.0.1800 (Version: 1.60.0.1800)
Mexican Module for Microsoft Dynamics NAV Classic Client (Version: 6.0.32012.0)
Mexican Module for Microsoft Dynamics NAV Documentation (Version: 6.0.32012.0)
Mexican Module for Microsoft Dynamics NAV Role Tailored Client (Version: 6.0.32012.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0)
Microsoft Dynamics NAV 2009 Classic (Version: 6.0.32012.0)
Microsoft Dynamics NAV 2009 R2 (Version: 6.0.32012.0)
Microsoft Dynamics NAV 2009 RoleTailored Client (Version: 6.0.32012.0)
Microsoft Dynamics NAV 6.0 Setup (Version: 6.0.32012.0)
Microsoft Dynamics NAV Components for Microsoft SQL Server (Version: 6.0.32012.0)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6425.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Live Meeting 2007 (Version: 8.0.6362.190)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 (KB971119) (Version: 9.0.30731)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft Report Viewer Redistributable 2008 SP1 (Version: 9.0.30729)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server 2008 R2 Setup (English) (Version: 10.50.1600.1)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual J# 2.0 Redistributable Package - SE
Microsoft Visual J# 2.0 Redistributable Package - SE (Version: 2.0.50728)
Mozilla Firefox 9.0.1 (x86 en-US) (Version: 9.0.1)
Mozilla Thunderbird (2.0.0.23) (Version: 2.0.0.23 (en-US))
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network (Version: 120.0.194.000)
Network Scan
PowerChute Network Shutdown
QuickBooks Pro 2008 (Version: 18.0.4010.606)
QuickTime (Version: 7.65.17.80)
Retrospect 7.7 (Version: 7.70.325)
SupportSoft Assisted Service (Version: 15)
VMware Tools (Version: 8.0.1.12458)
VMware vSphere Client 4.0 (Version: 4.0.0.7797)
Windows Internal Database (MICROSOFT##SSEE) (Version: 9.4.5000.00)
Xerox MFP PC Fax (Version: 1.04.002)
Xerox WorkCentre 3550

========================= Memory info: ===================================

Percentage of memory in use: 47%
Total physical RAM: 4094.6 MB
Available physical RAM: 2164.31 MB
Total Pagefile: 8410.16 MB
Available Pagefile: 6950.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.38 MB

========================= Partitions: =====================================

2 Drive c: () (Fixed) (Total:250 GB) (Free:199.09 GB) NTFS
4 Drive e: (Data) (Fixed) (Total:499.99 GB) (Free:388.73 GB) NTFS

========================= Users: ========================================

User accounts for \\TS1

Administrator Guest QBDataServiceUser18


**** End of log ****

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.


Malwarebytes Anti-Malware (Trial) 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.07.01

Windows Server 2008 Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
administrator :: TS1 [administrator]

Protection: Disabled

1/8/2012 12:01:57 AM
mbam-log-2012-01-08 (00-01-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 463962
Time elapsed: 3 minute(s), 34 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Note - as noted in the original post, I had previous run MBAM. The only finding from that session is
Files Detected: 1
C:\Users\user1\Local Settings\Temporary Internet Files\Content.IE5\FJ796DBT\info[1].exe (Trojan.Agent) -> Quarantined and deleted successfully.

Please download GMER from one of the following locations and save it to your desktop:


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-08 11:55:01
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000055 VMware__ rev.1.0_
Running: m113pviu.exe; Driver: C:\Users\admin\AppData\Local\Temp\pxldipow.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\drivers\bnqlumn.sys The system cannot find the path specified. !
.text dfsc.sys 92759302 501 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text dfsc.sys 927594FD 340 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text dfsc.sys 92759652 1027 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text dfsc.sys 92759A60 181 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text dfsc.sys 92759B17 35 Bytes [00, 00, 00, 00, 00, 00, 00, ...]
.text ...
.INIT C:\Windows\System32\Drivers\dfsc.sys entry point in ".INIT" section [0x92766922]
? C:\Windows\System32\Drivers\dfsc.sys suspicious PE modification

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgrN.exe[244] @ C:\Windows\system32\IpHlpApi.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareTray.exe[2632] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\VMware\VMware Tools\VMwareUser.exe[2740] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe[2996] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [735FA3C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [735FA44C] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)
IAT C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3132] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [735FA4C9] C:\Windows\system32\tsappcmp.dll (Terminal Services Application Compatibility DLL/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 9274B000-92759000 (57344 bytes)
Module (noname) (*** hidden *** ) 92792000-9279C000 (40960 bytes)

---- Threads - GMER 1.0.15 ----

Thread System [4:420] 92796E40
Thread System [4:424] 85D7A520

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB45907$\2745626378 0 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\@ 2048 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\L 0 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\L\iqvahbdf 75264 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\loader.tlb 2632 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U 0 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@00000001 45968 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@000000c0 3072 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@000000cb 3072 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@000000cf 1536 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@80000000 26112 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@800000c0 32768 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@800000cb 24064 bytes
File C:\Windows\$NtUninstallKB45907$\2745626378\U\@800000cf 31232 bytes
File C:\Windows\$NtUninstallKB45907$\646048435 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\list_bullet[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\city.css.pagespeed.ce.A2Oj9EtpsY[1].css 5643 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\top-curvebotr.gif.pagespeed.ce.i424HwbCCO[1].gif 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\jquery-1.7.min.js.pagespeed.jm.23AGiqcFTn[1].js 93967 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\homeScript.js.pagespeed.jm.wBjzPdlly6[1].js 15175 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6CJXMVWE\xblog_btn_lft.gif.pagespeed.ic.6SA2YK7vF3[1].png 1126 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2L0U0ZT\likeCADW525Z.php 0 bytes
File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O2L0U0ZT\likeCAGGXTMY.php 0 bytes

---- EOF - GMER 1.0.15 ----

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 08 January 2012 - 01:01 PM

You have number of issues there.

Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Stung One

Stung One
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 08 January 2012 - 06:04 PM

Download TDSSKiller and save it to your desktop.


Ran that previously...

13:34:24.0541 2828 TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
13:34:25.0254 2828 ============================================================
13:34:25.0255 2828 Current date / time: 2012/01/06 13:34:25.0254
13:34:25.0255 2828 SystemInfo:
13:34:25.0255 2828
13:34:25.0255 2828 OS Version: 6.0.6002 ServicePack: 2.0
13:34:25.0255 2828 Product type: Server
13:34:25.0255 2828 ComputerName: TS1
13:34:25.0255 2828 UserName: admin
13:34:25.0255 2828 Windows directory: C:\Users\admin\WINDOWS
13:34:25.0255 2828 System windows directory: C:\Windows
13:34:25.0255 2828 Processor architecture: Intel x86
13:34:25.0255 2828 Number of processors: 1
13:34:25.0255 2828 Page size: 0x1000
13:34:25.0255 2828 Boot type: Normal boot
13:34:25.0255 2828 ============================================================
13:34:25.0807 2828 Initialize success
13:34:28.0275 4256 ============================================================
13:34:28.0275 4256 Scan started
13:34:28.0275 4256 Mode: Manual;
13:34:28.0275 4256 ============================================================
13:34:34.0085 4256 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:34:34.0107 4256 ACPI - ok
13:34:34.0391 4256 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:34:34.0424 4256 adp94xx - ok
13:34:34.0705 4256 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:34:34.0712 4256 adpahci - ok
13:34:34.0933 4256 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:34:34.0936 4256 adpu160m - ok
13:34:35.0163 4256 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:34:35.0167 4256 adpu320 - ok
13:34:35.0771 4256 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:34:35.0810 4256 AFD - ok
13:34:36.0124 4256 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\DRIVERS\agp440.sys
13:34:36.0127 4256 agp440 - ok
13:34:36.0347 4256 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:34:36.0370 4256 aic78xx - ok
13:34:36.0629 4256 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:34:36.0631 4256 aliide - ok
13:34:36.0839 4256 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:34:36.0843 4256 amdagp - ok
13:34:37.0054 4256 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
13:34:37.0058 4256 amdide - ok
13:34:37.0273 4256 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:34:37.0275 4256 AmdK7 - ok
13:34:37.0505 4256 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:34:37.0508 4256 AmdK8 - ok
13:34:37.0756 4256 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:34:37.0760 4256 arc - ok
13:34:37.0998 4256 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:34:38.0009 4256 arcsas - ok
13:34:38.0211 4256 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:34:38.0213 4256 AsyncMac - ok
13:34:38.0516 4256 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:34:38.0518 4256 atapi - ok
13:34:38.0798 4256 b06bdrv (8dae187d78be2790fb4995937fd04743) C:\Windows\system32\drivers\bxvbdx.sys
13:34:38.0833 4256 b06bdrv - ok
13:34:39.0003 4256 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:34:39.0005 4256 Beep - ok
13:34:39.0201 4256 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\DRIVERS\blbdrive.sys
13:34:39.0203 4256 blbdrive - ok
13:34:39.0411 4256 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:34:39.0416 4256 bowser - ok
13:34:39.0671 4256 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:34:39.0673 4256 BrFiltLo - ok
13:34:39.0847 4256 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:34:39.0849 4256 BrFiltUp - ok
13:34:40.0061 4256 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:34:40.0065 4256 Brserid - ok
13:34:40.0254 4256 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:34:40.0257 4256 BrSerWdm - ok
13:34:40.0435 4256 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:34:40.0437 4256 BrUsbMdm - ok
13:34:40.0627 4256 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:34:40.0628 4256 BrUsbSer - ok
13:34:40.0840 4256 BTHMODEM - ok
13:34:41.0046 4256 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:34:41.0050 4256 cdfs - ok
13:34:41.0244 4256 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:34:41.0247 4256 cdrom - ok
13:34:41.0427 4256 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:34:41.0428 4256 circlass - ok
13:34:41.0598 4256 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:34:41.0634 4256 CLFS - ok
13:34:41.0816 4256 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
13:34:41.0818 4256 CmBatt - ok
13:34:41.0993 4256 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:34:41.0995 4256 cmdide - ok
13:34:42.0172 4256 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
13:34:42.0175 4256 Compbatt - ok
13:34:42.0423 4256 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:34:42.0425 4256 crcdisk - ok
13:34:42.0618 4256 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:34:42.0620 4256 Crusoe - ok
13:34:42.0864 4256 CSC (9bdb2e89be8d0ef37b1f25c3d3fc192c) C:\Windows\system32\drivers\csc.sys
13:34:42.0986 4256 CSC - ok
13:34:43.0268 4256 DfsC (c7f297aef0c09c2a85227240b1e2285f) C:\Windows\system32\Drivers\dfsc.sys
13:34:43.0273 4256 DfsC - ok
13:34:43.0486 4256 DgiVecp - ok
13:34:43.0697 4256 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:34:43.0700 4256 disk - ok
13:34:44.0287 4256 DXGKrnl (5c7e2097b91d689ded7a6ff90f0f3a25) C:\Windows\System32\drivers\dxgkrnl.sys
13:34:44.0334 4256 DXGKrnl - ok
13:34:44.0508 4256 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:34:44.0511 4256 E1G60 - ok
13:34:44.0700 4256 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:34:44.0723 4256 elxstor - ok
13:34:44.0888 4256 ErrDev (a81ab23eddb4693612014d87367d014c) C:\Windows\system32\drivers\errdev.sys
13:34:44.0894 4256 ErrDev - ok
13:34:45.0082 4256 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:34:45.0099 4256 exfat - ok
13:34:45.0449 4256 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:34:45.0454 4256 fastfat - ok
13:34:45.0661 4256 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:34:45.0663 4256 fdc - ok
13:34:45.0825 4256 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:34:45.0827 4256 FileInfo - ok
13:34:45.0971 4256 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:34:45.0973 4256 Filetrace - ok
13:34:46.0131 4256 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:34:46.0133 4256 flpydisk - ok
13:34:46.0288 4256 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:34:46.0294 4256 FltMgr - ok
13:34:46.0620 4256 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
13:34:46.0623 4256 Fs_Rec - ok
13:34:46.0818 4256 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:34:46.0826 4256 gagp30kx - ok
13:34:47.0002 4256 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\drivers\hdaudbus.sys
13:34:47.0053 4256 HDAudBus - ok
13:34:47.0213 4256 HidBth (204c3b1846e9cbaaef88b8e1f86782f8) C:\Windows\system32\drivers\hidbth.sys
13:34:47.0215 4256 HidBth - ok
13:34:47.0378 4256 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\drivers\hidir.sys
13:34:47.0380 4256 HidIr - ok
13:34:47.0828 4256 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:34:47.0830 4256 HidUsb - ok
13:34:47.0995 4256 HpCISSs (7ebec5eb56b90ed65a8bbd91464e5cfb) C:\Windows\system32\drivers\hpcisss.sys
13:34:47.0999 4256 HpCISSs - ok
13:34:48.0190 4256 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:34:48.0202 4256 HTTP - ok
13:34:48.0348 4256 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:34:48.0351 4256 i2omp - ok
13:34:48.0488 4256 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:34:48.0492 4256 i8042prt - ok
13:34:48.0651 4256 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:34:48.0669 4256 iaStorV - ok
13:34:48.0850 4256 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:34:48.0852 4256 iirsp - ok
13:34:49.0004 4256 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:34:49.0007 4256 intelide - ok
13:34:49.0155 4256 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:34:49.0157 4256 intelppm - ok
13:34:49.0319 4256 ioatdma (1e662dd13baa2c7ab7412c7da8294626) C:\Windows\system32\drivers\qd26032.sys
13:34:49.0322 4256 ioatdma - ok
13:34:49.0494 4256 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:34:49.0496 4256 IpFilterDriver - ok
13:34:49.0671 4256 IPMIDRV (4b9c0f4d4a3acc535f9771039ecd6365) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:34:49.0674 4256 IPMIDRV - ok
13:34:49.0855 4256 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\drivers\ipnat.sys
13:34:49.0859 4256 IPNAT - ok
13:34:49.0997 4256 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:34:49.0999 4256 IRENUM - ok
13:34:50.0145 4256 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:34:50.0149 4256 isapnp - ok
13:34:50.0307 4256 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:34:50.0331 4256 iScsiPrt - ok
13:34:50.0496 4256 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:34:50.0499 4256 iteatapi - ok
13:34:50.0647 4256 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:34:50.0649 4256 iteraid - ok
13:34:50.0813 4256 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:34:50.0820 4256 kbdclass - ok
13:34:50.0977 4256 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:34:50.0980 4256 kbdhid - ok
13:34:51.0150 4256 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
13:34:51.0188 4256 KSecDD - ok
13:34:51.0362 4256 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:34:51.0365 4256 lltdio - ok
13:34:51.0529 4256 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:34:51.0532 4256 LSI_FC - ok
13:34:51.0704 4256 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:34:51.0704 4256 LSI_SAS - ok
13:34:51.0870 4256 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:34:51.0873 4256 LSI_SCSI - ok
13:34:52.0024 4256 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:34:52.0028 4256 luafv - ok
13:34:52.0174 4256 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:34:52.0177 4256 megasas - ok
13:34:52.0324 4256 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:34:52.0334 4256 MegaSR - ok
13:34:52.0668 4256 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:34:52.0669 4256 Modem - ok
13:34:52.0842 4256 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:34:52.0844 4256 monitor - ok
13:34:53.0011 4256 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:34:53.0012 4256 mouclass - ok
13:34:53.0161 4256 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:34:53.0163 4256 mouhid - ok
13:34:53.0313 4256 mountmgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:34:53.0315 4256 mountmgr - ok
13:34:53.0469 4256 mpio (5da347912fd3af24d7bfb3de519d4bd0) C:\Windows\system32\drivers\mpio.sys
13:34:53.0473 4256 mpio - ok
13:34:53.0608 4256 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:34:53.0616 4256 mpsdrv - ok
13:34:53.0753 4256 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:34:53.0754 4256 Mraid35x - ok
13:34:53.0943 4256 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:34:53.0951 4256 mrxsmb - ok
13:34:54.0160 4256 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:34:54.0168 4256 mrxsmb10 - ok
13:34:54.0312 4256 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:34:54.0317 4256 mrxsmb20 - ok
13:34:54.0457 4256 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
13:34:54.0460 4256 msahci - ok
13:34:54.0577 4256 msdsm (2c563aef15b8d0014c36c5f27742ac7b) C:\Windows\system32\drivers\msdsm.sys
13:34:54.0583 4256 msdsm - ok
13:34:54.0726 4256 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:34:54.0728 4256 Msfs - ok
13:34:54.0860 4256 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:34:54.0862 4256 msisadrv - ok
13:34:54.0987 4256 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:34:54.0992 4256 MsRPC - ok
13:34:55.0101 4256 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:34:55.0103 4256 mssmbios - ok
13:34:55.0235 4256 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:34:55.0238 4256 Mup - ok
13:34:55.0365 4256 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:34:55.0378 4256 NDIS - ok
13:34:55.0499 4256 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:34:55.0502 4256 NdisTapi - ok
13:34:55.0642 4256 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:34:55.0645 4256 Ndisuio - ok
13:34:55.0765 4256 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:34:55.0769 4256 NdisWan - ok
13:34:55.0934 4256 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:34:55.0936 4256 NDProxy - ok
13:34:56.0071 4256 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:34:56.0073 4256 NetBIOS - ok
13:34:56.0185 4256 NetBT (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:34:56.0190 4256 NetBT - ok
13:34:56.0327 4256 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:34:56.0330 4256 nfrd960 - ok
13:34:56.0489 4256 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:34:56.0490 4256 Npfs - ok
13:34:56.0642 4256 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:34:56.0644 4256 nsiproxy - ok
13:34:56.0783 4256 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:34:56.0860 4256 Ntfs - ok
13:34:56.0998 4256 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:34:57.0000 4256 ntrigdigi - ok
13:34:57.0109 4256 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:34:57.0111 4256 Null - ok
13:34:57.0225 4256 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:34:57.0230 4256 nvraid - ok
13:34:57.0343 4256 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:34:57.0345 4256 nvstor - ok
13:34:57.0485 4256 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:34:57.0489 4256 nv_agp - ok
13:34:57.0778 4256 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\drivers\ohci1394.sys
13:34:57.0782 4256 ohci1394 - ok
13:34:57.0994 4256 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
13:34:57.0999 4256 Parport - ok
13:34:58.0108 4256 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
13:34:58.0112 4256 partmgr - ok
13:34:58.0211 4256 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
13:34:58.0215 4256 Parvdm - ok
13:34:58.0320 4256 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:34:58.0327 4256 pci - ok
13:34:58.0440 4256 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
13:34:58.0442 4256 pciide - ok
13:34:58.0574 4256 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\drivers\pcmcia.sys
13:34:58.0583 4256 pcmcia - ok
13:34:58.0706 4256 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:34:58.0747 4256 PEAUTH - ok
13:34:58.0950 4256 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:34:58.0954 4256 PptpMiniport - ok
13:34:59.0049 4256 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
13:34:59.0052 4256 Processor - ok
13:34:59.0160 4256 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
13:34:59.0164 4256 PSched - ok
13:34:59.0315 4256 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:34:59.0373 4256 ql2300 - ok
13:34:59.0459 4256 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:34:59.0477 4256 ql40xx - ok
13:34:59.0615 4256 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:34:59.0619 4256 RasAcd - ok
13:34:59.0723 4256 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:34:59.0727 4256 Rasl2tp - ok
13:34:59.0807 4256 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:34:59.0809 4256 RasPppoe - ok
13:34:59.0933 4256 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:34:59.0937 4256 RasSstp - ok
13:35:00.0044 4256 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:35:00.0052 4256 rdbss - ok
13:35:00.0138 4256 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:35:00.0139 4256 RDPCDD - ok
13:35:00.0250 4256 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
13:35:00.0259 4256 rdpdr - ok
13:35:00.0344 4256 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:35:00.0346 4256 RDPENCDD - ok
13:35:00.0433 4256 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
13:35:00.0437 4256 RDPWD - ok
13:35:00.0567 4256 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:35:00.0571 4256 rspndr - ok
13:35:00.0655 4256 s3cap (f3fb2f944ab92a791aa66143b1fec565) C:\Windows\system32\drivers\s3cap.sys
13:35:00.0657 4256 s3cap - ok
13:35:00.0741 4256 sacdrv (20c094981b34a20818c17f9576fff20c) C:\Windows\system32\DRIVERS\sacdrv.sys
13:35:00.0744 4256 sacdrv - ok
13:35:00.0837 4256 sbp2port (e0be42226ef2cc26f3e271ae7b00e211) C:\Windows\system32\drivers\sbp2port.sys
13:35:00.0841 4256 sbp2port - ok
13:35:00.0964 4256 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:35:00.0970 4256 secdrv - ok
13:35:01.0089 4256 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:35:01.0090 4256 Serenum - ok
13:35:01.0194 4256 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:35:01.0199 4256 Serial - ok
13:35:01.0281 4256 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:35:01.0283 4256 sermouse - ok
13:35:01.0390 4256 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:35:01.0392 4256 sffdisk - ok
13:35:01.0498 4256 sffp_mmc (e5eafe85815bd89095fef3144a09ab68) C:\Windows\system32\drivers\sffp_mmc.sys
13:35:01.0499 4256 sffp_mmc - ok
13:35:01.0584 4256 sffp_sd (9f66a46c55d6f1ccabc79bb7afccc545) C:\Windows\system32\drivers\sffp_sd.sys
13:35:01.0586 4256 sffp_sd - ok
13:35:01.0676 4256 sfloppy (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\drivers\sfloppy.sys
13:35:01.0678 4256 sfloppy - ok
13:35:01.0772 4256 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:35:01.0778 4256 sisagp - ok
13:35:01.0856 4256 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:35:01.0858 4256 SiSRaid2 - ok
13:35:01.0984 4256 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:35:01.0989 4256 SiSRaid4 - ok
13:35:02.0081 4256 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:35:02.0086 4256 Smb - ok
13:35:02.0300 4256 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:35:02.0305 4256 spldr - ok
13:35:02.0469 4256 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:35:02.0488 4256 srv - ok
13:35:02.0592 4256 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:35:02.0601 4256 srv2 - ok
13:35:02.0740 4256 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:35:02.0745 4256 srvnet - ok
13:35:02.0865 4256 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
13:35:02.0867 4256 SSPORT - ok
13:35:02.0975 4256 storflt (ee0a7849b04511da0caaa9a3aa4bc0b2) C:\Windows\system32\drivers\storflt.sys
13:35:02.0978 4256 storflt - ok
13:35:03.0062 4256 storvsc (52fe263ed75189ac52c340192eb4a9bf) C:\Windows\system32\drivers\storvsc.sys
13:35:03.0063 4256 storvsc - ok
13:35:03.0130 4256 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:35:03.0132 4256 swenum - ok
13:35:03.0243 4256 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:35:03.0245 4256 Symc8xx - ok
13:35:03.0313 4256 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:35:03.0315 4256 Sym_hi - ok
13:35:03.0404 4256 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:35:03.0405 4256 Sym_u3 - ok
13:35:03.0528 4256 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
13:35:03.0588 4256 Tcpip - ok
13:35:03.0779 4256 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
13:35:03.0785 4256 Tcpip6 - ok
13:35:03.0913 4256 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
13:35:03.0916 4256 tcpipreg - ok
13:35:04.0009 4256 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:35:04.0012 4256 TDPIPE - ok
13:35:04.0104 4256 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:35:04.0107 4256 TDTCP - ok
13:35:04.0198 4256 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:35:04.0202 4256 tdx - ok
13:35:04.0283 4256 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:35:04.0287 4256 TermDD - ok
13:35:04.0413 4256 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:35:04.0414 4256 tssecsrv - ok
13:35:04.0480 4256 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:35:04.0482 4256 tunmp - ok
13:35:04.0564 4256 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:35:04.0567 4256 tunnel - ok
13:35:04.0651 4256 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:35:04.0666 4256 uagp35 - ok
13:35:04.0741 4256 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:35:04.0749 4256 udfs - ok
13:35:04.0821 4256 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:35:04.0825 4256 uliagpkx - ok
13:35:04.0908 4256 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:35:04.0921 4256 uliahci - ok
13:35:04.0988 4256 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:35:04.0992 4256 UlSata - ok
13:35:05.0063 4256 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:35:05.0065 4256 ulsata2 - ok
13:35:05.0125 4256 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:35:05.0137 4256 umbus - ok
13:35:05.0201 4256 UMPass (88bd96a1baeed33ee8bdf9499c07a841) C:\Windows\system32\drivers\umpass.sys
13:35:05.0204 4256 UMPass - ok
13:35:05.0296 4256 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\drivers\usbccgp.sys
13:35:05.0302 4256 usbccgp - ok
13:35:05.0369 4256 usbcir (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\drivers\usbcir.sys
13:35:05.0373 4256 usbcir - ok
13:35:05.0504 4256 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:35:05.0507 4256 usbehci - ok
13:35:05.0596 4256 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:35:05.0609 4256 usbhub - ok
13:35:05.0705 4256 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\drivers\usbohci.sys
13:35:05.0708 4256 usbohci - ok
13:35:05.0805 4256 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\drivers\usbprint.sys
13:35:05.0809 4256 usbprint - ok
13:35:05.0938 4256 USBSTOR - ok
13:35:06.0008 4256 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:35:06.0010 4256 usbuhci - ok
13:35:06.0080 4256 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:35:06.0082 4256 vga - ok
13:35:06.0144 4256 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:35:06.0145 4256 VgaSave - ok
13:35:06.0212 4256 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:35:06.0215 4256 viaagp - ok
13:35:06.0266 4256 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:35:06.0275 4256 ViaC7 - ok
13:35:06.0345 4256 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:35:06.0347 4256 viaide - ok
13:35:06.0414 4256 vmbus (01f69ce49090989ccbd3b833c7815ca8) C:\Windows\system32\drivers\vmbus.sys
13:35:06.0420 4256 vmbus - ok
13:35:06.0500 4256 vmci (ad29c96f654eae69520ce6636341a7c0) C:\Windows\system32\DRIVERS\vmci.sys
13:35:06.0503 4256 vmci - ok
13:35:06.0583 4256 vmdebug (098098b96af89ca078ad7d34c7b895db) C:\Windows\system32\Drivers\vmdebug.sys
13:35:06.0587 4256 vmdebug - ok
13:35:06.0645 4256 VMMEMCTL (fe8f75fad7acbd6daeb6f1aff26fc230) C:\Program Files\VMware\VMware Tools\Drivers\memctl\vmmemctl.sys
13:35:06.0670 4256 VMMEMCTL - ok
13:35:06.0735 4256 vmmouse (17cd671136032e3a202b4a9c6c4c9dba) C:\Windows\system32\DRIVERS\vmmouse.sys
13:35:06.0738 4256 vmmouse - ok
13:35:06.0777 4256 vmrawdsk (e928f70772d8efaec328eed76a36e6fc) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys
13:35:06.0778 4256 vmrawdsk - ok
13:35:06.0871 4256 vmx_svga (177870fe830776383489e383cfec016d) C:\Windows\system32\DRIVERS\vmx_svga.sys
13:35:06.0875 4256 vmx_svga - ok
13:35:06.0954 4256 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:35:06.0958 4256 volmgr - ok
13:35:07.0051 4256 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:35:07.0088 4256 volmgrx - ok
13:35:07.0173 4256 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:35:07.0182 4256 volsnap - ok
13:35:07.0235 4256 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:35:07.0238 4256 vsmraid - ok
13:35:07.0311 4256 WacomPen (d35e6095ad0ee3b3393e6f3f1ecf168a) C:\Windows\system32\drivers\wacompen.sys
13:35:07.0316 4256 WacomPen - ok
13:35:07.0375 4256 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:35:07.0378 4256 Wanarp - ok
13:35:07.0390 4256 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:35:07.0391 4256 Wanarpv6 - ok
13:35:07.0467 4256 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:35:07.0479 4256 Wd - ok
13:35:07.0558 4256 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:35:07.0600 4256 Wdf01000 - ok
13:35:07.0720 4256 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:35:07.0723 4256 WmiAcpi - ok
13:35:07.0800 4256 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:35:07.0803 4256 ws2ifsl - ok
13:35:07.0862 4256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:35:07.0892 4256 \Device\Harddisk0\DR0 - ok
13:35:07.0906 4256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1
13:35:07.0916 4256 \Device\Harddisk1\DR1 - ok
13:35:07.0937 4256 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
13:35:07.0943 4256 \Device\Harddisk2\DR2 - ok
13:35:07.0964 4256 Boot (0x1200) (8e016a9b694a48a26f5500d13f173ddb) \Device\Harddisk0\DR0\Partition0
13:35:07.0967 4256 \Device\Harddisk0\DR0\Partition0 - ok
13:35:07.0971 4256 ============================================================
13:35:07.0971 4256 Scan finished
13:35:07.0971 4256 ============================================================
13:35:07.0987 3124 Detected object count: 0
13:35:07.0987 3124 Actual detected object count: 0
13:37:22.0721 10224 Deinitialize success

#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 08 January 2012 - 06:12 PM

It looks like more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 Stung One

Stung One
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 08 January 2012 - 06:35 PM

It looks like more advanced tools will be needed.

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.


Step 6. No CD emulation software installed (or found - I ran the tool anyway).
Step 7. DDS does not support Windows 2008 R2
Step 8. GMER - see above. Though the instructions also say to skip this step on 64-bit systems.
Step 9/10. Thanks in advance for any assistance.

#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 08 January 2012 - 06:43 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#9 Stung One

Stung One
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 12 January 2012 - 06:52 PM

Broni,

Do you have any estimate of reply time in the "Virus, Trojan, Spyware, and Malware Removal Logs" forum? I know it is an average of five days so some will be longer -- just trying to get a sense of what the current lead time is.

http://www.bleepingcomputer.com/forums/topic437042.html

Thanks again.

#10 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 12 January 2012 - 07:08 PM

Honestly I have no idea.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#11 Stung One

Stung One
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 12 January 2012 - 07:18 PM

Thank you for the speedy -- and honest -- answer :P

#12 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:05:01 AM

Posted 12 January 2012 - 07:24 PM

You're very welcome Posted Image

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users