Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Gmer.exe stops working


  • This topic is locked This topic is locked
34 replies to this topic

#1 property manager

property manager

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 16 September 2012 - 05:10 PM

Followed guide and installed & ran all programs, saved log files and then when I run gmer.exe file, received "Windows stopped working" error before being able to save file. Tried several times but will not finish.

See attached log files up to this point.

Thank you for any assistance you may be able to offer.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Mike at 17:14:28 on 2012-09-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1162 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Windows\system32\atashost.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Windows Home Server\esClient.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe
C:\Program Files\Windows Home Server\WHSConnector.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hp\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Mike\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn3\YTNavAssist.dll
BHO: AutorunsDisabled - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BrowserHelper Class: {9a065c65-4ee7-4ddd-9918-f129089a894a} - c:\program files\windows home server\WHSDeskBands.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile: {d5233fcd-d258-4903-89b8-fb1568e7413d} - mscoree.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: ShareThis: {6a719530-8443-4898-9bc4-69e76b5f1c89} - c:\program files\sharethis toolbar\share2me.dll
TB: Home Server Banner: {d73e76a3-f902-45bd-8fc8-95ae8e014671} - c:\program files\windows home server\WHSDeskBands.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\mike\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [SynTPStart] c:\program files\synaptics\syntp\SynTPStart.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: marriott.com\www
Trusted Zone: realcap.com\www
Trusted Zone: secureserver.net\email
Trusted Zone: state.sc.us\www.llr
Trusted Zone: verizonwireless.com\ebillpay
Trusted Zone: verizonwireless.com\www
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8332DFE8-8E49-48A9-B2D5-61840ABBE733} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{F19F866A-83CA-4DBD-BE6C-291142CBA099} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~3\GOEC62~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 171064]
R1 MpKsl896970cb;MpKsl896970cb;c:\programdata\microsoft\microsoft antimalware\definition updates\{dc95552a-5d2b-4ef4-a462-c2d2315f8c9b}\MpKsl896970cb.sys [2012-9-15 29904]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;c:\program files\windows home server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 239472]
R2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-8-16 20376]
R2 esClient;Windows Media Center Client Service;c:\program files\windows home server\esClient.exe [2011-1-10 97136]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-14 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-4 1361288]
R2 HPMSSConnectorSvc;HPMSSConnectorService;c:\program files\hewlett-packard\hp mediasmart server\MSSConnectorService.exe [2009-10-5 20992]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-10-1 374152]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-11-7 47640]
R2 MediaCollectorService;MediaCollectorService;c:\program files\hewlett-packard\hp mediasmart server\MediaCollectorClient.exe [2009-10-5 81920]
R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2010-12-10 29293408]
R2 WHSConnector;Windows Home Server Connector Service;c:\program files\windows home server\WHSConnector.exe [2011-1-10 376688]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2011-9-3 227896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c8b18043707efe;Google Update Service (gupdate1c8b18043707efe);c:\program files\google\update\GoogleUpdate.exe [2008-7-19 133104]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 ACT! Scheduler;ACT! Scheduler;c:\program files\act\act for windows\Act.Scheduler.exe [2009-2-24 81920]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-5-4 30192]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2008-7-19 133104]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 74112]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-3-26 214952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-15 22:19:30 29904 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc95552a-5d2b-4ef4-a462-c2d2315f8c9b}\MpKsl896970cb.sys
2012-09-15 21:13:45 56200 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc95552a-5d2b-4ef4-a462-c2d2315f8c9b}\offreg.dll
2012-09-15 21:05:33 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dc95552a-5d2b-4ef4-a462-c2d2315f8c9b}\mpengine.dll
2012-09-14 21:53:41 7022536 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-05 02:35:28 -------- d-----r- c:\program files\Skype
2012-09-05 01:42:29 -------- d-----w- c:\users\mike\appdata\roaming\WildTangent
2012-09-05 00:54:54 -------- d-----w- c:\users\mike\appdata\local\{B44AA53E-9574-436F-B72A-400CE90F0C0F}
2012-09-03 21:23:54 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 18:35:51 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-08-29 00:24:56 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24:53 473072 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 17:18:25.22 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 16 September 2012 - 10:32 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 September 2012 - 07:27 AM

Security Check results:

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 8 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

#4 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 September 2012 - 08:23 AM

# AdwCleaner v2.002 - Logfile created 09/17/2012 at 08:31:42
# Updated 16/09/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Mike - MIKE-COMPAQ
# Boot Mode : Normal
# Running from : C:\Users\Mike\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\Ellen\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\Ellen\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ellen\Documents\Billeo
Folder Deleted : C:\Users\Kathryn\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\Kathryn\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Mike\AppData\LocalLow\Billeo
Folder Deleted : C:\Users\Mike\Documents\Billeo
Folder Deleted : C:\Users\Visitor\AppData\LocalLow\Conduit

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{465E08E7-F005-4389-980F-1D8764B3486C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

*************************

AdwCleaner[S1].txt - [1844 octets] - [17/09/2012 08:31:42]

########## EOF - C:\AdwCleaner[S1].txt - [1904 octets] ##########




#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 17 September 2012 - 08:40 AM

very good now let me have the RogueKiller when it is ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 September 2012 - 10:28 AM

After running AdwCleaner v2.002, IE 9 is freezing up on the computer. I'm sending this from another computer. I have rebooted the infected computer but when I try to log into the forum, IE freezes. I will try again later today or if you can suggest how to work around problem with IE freezing, please let me know.

Thank you,

Mike

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 17 September 2012 - 11:24 AM

Greetings,

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on "safety"
  • click on "Delete Browsing History"
  • make sure all boxes are checked
  • click on "Delete"
  • click on "Tools",
  • click "Internet Options".
  • On the "Advanced" tab, click "Reset"
  • put a check mark next to "Delete Personal Settings"
  • click "Reset" to confirm
  • when complete click the "Close" button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 September 2012 - 12:38 PM

Working better now. Here's the Rogue2iller log:

RogueKiller V8.0.3 [09/13/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Mike [Admin rights]
Mode : Scan -- Date : 09/17/2012 13:32:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS541680J9SA00 ATA Device +++++
--- User ---
[MBR] db94554e01aa930412836e23e377da6d
[BSP] d1a057ebef405bb16a9f11e8f2f7da7e : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 68080 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 139428135 | Size: 8236 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt



Mike



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 17 September 2012 - 01:08 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 17 September 2012 - 07:34 PM

IE 9 continues to hang up and pages need to be recovered on infected computer. I'm using another computer to respond. Here is the ComboFix log:

ComboFix 12-09-16.01 - Mike 09/17/2012 20:05:32.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2037.1178 [GMT -4:00]
Running from: c:\users\Mike\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\%APPDATA%
c:\program files\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\programdata\A47AB50832.sys
c:\users\Mike\%appda~1
c:\users\Mike\%appda~1\Microsoft\Windows\IETldCache\index.dat
c:\users\Public\videos\HoustonMedical-1.exe
c:\users\Public\videos\HoustonMedical-2.exe
c:\users\Public\videos\HoustonMedical-3.exe
c:\users\Public\videos\HoustonMedical-4.exe
c:\users\Public\videos\HoustonMedical-5.exe
c:\users\Public\videos\HoustonMedical-6.exe
c:\windows\system32\drivers\etc\hosts.txt
c:\windows\system32\logs
c:\windows\system32\logs\billeoSysTrayIcon.log
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\users\Visitor\AppData\Local\temp
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\users\Kathryn\AppData\Local\temp
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-18 00:15 . 2012-09-18 00:15 -------- d-----w- c:\users\Ellen\AppData\Local\temp
2012-09-17 23:57 . 2012-09-17 23:57 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1939B3BF-B1E7-40FE-A8C9-E71B77D18A37}\offreg.dll
2012-09-17 23:22 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1939B3BF-B1E7-40FE-A8C9-E71B77D18A37}\mpengine.dll
2012-09-16 21:40 . 2012-08-23 04:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-16 21:12 . 2012-09-16 21:12 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\hpqLog
2012-09-05 02:35 . 2012-09-05 02:35 -------- d-----w- c:\program files\Common Files\Skype
2012-09-05 02:35 . 2012-09-05 02:35 -------- d-----r- c:\program files\Skype
2012-09-05 01:42 . 2012-09-05 01:42 -------- d-----w- c:\users\Mike\AppData\Roaming\WildTangent
2012-09-03 21:23 . 2012-07-04 14:02 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-09-03 18:35 . 2012-05-11 15:57 623616 ----a-w- c:\windows\system32\localspl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-29 00:24 . 2012-07-15 23:17 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-08-29 00:24 . 2011-09-15 00:19 473072 ----a-w- c:\windows\system32\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\ShareThis Toolbar\share2me.dll" [2009-12-28 81920]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{53D72D5E-9198-4632-A6D5-7E183E8BF385}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{6A719530-8443-4898-9BC4-69E76B5F1C89}"= "c:\program files\ShareThis Toolbar\share2me.dll" [2009-12-28 81920]
.
[HKEY_CLASSES_ROOT\clsid\{6a719530-8443-4898-9bc4-69e76b5f1c89}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{53D72D5E-9198-4632-A6D5-7E183E8BF385}]
[HKEY_CLASSES_ROOT\DKIBand.DKIBandObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-03-29 176128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 133656]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2006-11-08 44128]
.
c:\users\Ellen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act! Preloader]
2009-02-24 15:05 393216 ----a-w- c:\program files\ACT\Act for Windows\ActSage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Act.Outlook.Service]
2009-02-24 15:05 28672 ----a-w- c:\program files\ACT\Act for Windows\Act.Outlook.Service.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
2010-11-17 00:15 30192 ----a-w- c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Health Check Scheduler]
2007-09-19 21:30 66816 ----a-w- c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 21:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 17:41 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-08-04 18:34 1955208 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 04:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3355726787-1364254155-1381470430-1000]
"EnableNotificationsRef"=dword:00000006
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3355726787-1364254155-1381470430-1001]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3355726787-1364254155-1381470430-1007]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 ACT! Scheduler;ACT! Scheduler;c:\program files\ACT\Act for Windows\Act.Scheduler.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-19 21:20]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-19 21:20]
.
2012-09-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355726787-1364254155-1381470430-1000Core.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:21]
.
2012-09-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3355726787-1364254155-1381470430-1000UA.job
- c:\users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-12 23:21]
.
2012-04-21 c:\windows\Tasks\HPCeeScheduleForMike.job
- c:\program files\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2007-04-24 21:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=PRESARIO&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: google.com\mail
Trusted Zone: google.com\www
Trusted Zone: marriott.com\www
Trusted Zone: realcap.com\www
Trusted Zone: secureserver.net\email
Trusted Zone: state.sc.us\www.llr
Trusted Zone: verizonwireless.com\ebillpay
Trusted Zone: verizonwireless.com\www
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-17 20:16
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-09-17 20:21:19
ComboFix-quarantined-files.txt 2012-09-18 00:21
.
Pre-Run: 11,350,261,760 bytes free
Post-Run: 11,451,404,288 bytes free
.
- - End Of File - - 460B59B643BA7785AE8205399B1836C9

Thank you for assisting,
Mike

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 17 September 2012 - 08:38 PM

greetings


run the fixit here on this page and reinstall ie9 - http://support.microsoft.com/kb/2579295


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 18 September 2012 - 07:44 AM

Gringo,
I had problems updating IE9 afer using the fixit link. I'm now using the IE8 and it is working well with not hang ups. Thank you for your assistance and I'm going to make a donation. Also having a problem another computer that I'll be needing assistance with. Great work!

Thank you very much!
Mike

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 18 September 2012 - 11:22 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 property manager

property manager
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:17 PM

Posted 18 September 2012 - 12:17 PM

13:12:39.0530 4936 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

13:12:39.0857 4936 ============================================================

13:12:39.0857 4936 Current date / time: 2012/09/18 13:12:39.0857

13:12:39.0857 4936 SystemInfo:

13:12:39.0857 4936

13:12:39.0857 4936 OS Version: 6.0.6002 ServicePack: 2.0

13:12:39.0857 4936 Product type: Workstation

13:12:39.0857 4936 ComputerName: MIKE-COMPAQ

13:12:39.0857 4936 UserName: Mike

13:12:39.0857 4936 Windows directory: C:\Windows

13:12:39.0857 4936 System windows directory: C:\Windows

13:12:39.0857 4936 Processor architecture: Intel x86

13:12:39.0857 4936 Number of processors: 2

13:12:39.0857 4936 Page size: 0x1000

13:12:39.0857 4936 Boot type: Normal boot

13:12:39.0857 4936 ============================================================

13:12:43.0430 4936 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:12:43.0430 4936 ============================================================

13:12:43.0430 4936 \Device\Harddisk0\DR0:

13:12:43.0430 4936 MBR partitions:

13:12:43.0430 4936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x84F80E8

13:12:43.0430 4936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x84F8127, BlocksNum 0x101639A

13:12:43.0430 4936 ============================================================

13:12:43.0445 4936 C: <-> \Device\Harddisk0\DR0\Partition1

13:12:43.0492 4936 D: <-> \Device\Harddisk0\DR0\Partition2

13:12:43.0492 4936 ============================================================

13:12:43.0492 4936 Initialize success

13:12:43.0492 4936 ============================================================

13:13:01.0370 4520 ============================================================

13:13:01.0370 4520 Scan started

13:13:01.0370 4520 Mode: Manual;

13:13:01.0370 4520 ============================================================

13:13:02.0103 4520 ================ Scan system memory ========================

13:13:02.0103 4520 System memory - ok

13:13:02.0103 4520 ================ Scan services =============================

13:13:02.0805 4520 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys

13:13:02.0836 4520 ACPI - ok

13:13:03.0039 4520 [ 04FA07C4EED949B3BA64B536D1438130 ] ACT! Scheduler C:\Program Files\ACT\Act for Windows\Act.Scheduler.exe

13:13:03.0117 4520 ACT! Scheduler - ok

13:13:03.0413 4520 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

13:13:03.0444 4520 AdobeARMservice - ok

13:13:03.0522 4520 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

13:13:03.0569 4520 adp94xx - ok

13:13:03.0694 4520 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys

13:13:03.0850 4520 adpahci - ok

13:13:03.0912 4520 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys

13:13:03.0944 4520 adpu160m - ok

13:13:03.0990 4520 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys

13:13:04.0037 4520 adpu320 - ok

13:13:04.0224 4520 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

13:13:04.0271 4520 AeLookupSvc - ok

13:13:04.0599 4520 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys

13:13:04.0724 4520 AFD - ok

13:13:04.0973 4520 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys

13:13:05.0004 4520 agp440 - ok

13:13:05.0114 4520 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys

13:13:05.0176 4520 aic78xx - ok

13:13:05.0301 4520 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe

13:13:05.0379 4520 ALG - ok

13:13:05.0410 4520 [ 90395B64600EBB4552E26E178C94B2E4 ] aliide C:\Windows\system32\drivers\aliide.sys

13:13:05.0426 4520 aliide - ok

13:13:05.0550 4520 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys

13:13:05.0597 4520 amdagp - ok

13:13:05.0644 4520 [ 0577DF1D323FE75A739C787893D300EA ] amdide C:\Windows\system32\drivers\amdide.sys

13:13:05.0660 4520 amdide - ok

13:13:05.0753 4520 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys

13:13:05.0847 4520 AmdK7 - ok

13:13:05.0909 4520 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

13:13:05.0956 4520 AmdK8 - ok

13:13:06.0143 4520 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll

13:13:06.0159 4520 Appinfo - ok

13:13:07.0157 4520 [ 4B5AE15E5C73EB4DC8DBEC2788230D41 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

13:13:07.0266 4520 Apple Mobile Device - ok

13:13:07.0625 4520 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys

13:13:07.0703 4520 arc - ok

13:13:07.0890 4520 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys

13:13:07.0984 4520 arcsas - ok

13:13:08.0561 4520 [ 0EF69443881CDE7D8354408F05CF23DF ] arXfrSvc C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

13:13:08.0577 4520 arXfrSvc - ok

13:13:08.0702 4520 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

13:13:08.0764 4520 AsyncMac - ok

13:13:08.0920 4520 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys

13:13:08.0920 4520 atapi - ok

13:13:09.0154 4520 [ 40767B965A8D575D794F1F95E2E017E9 ] atashost C:\Windows\system32\atashost.exe

13:13:09.0216 4520 atashost - ok

13:13:09.0466 4520 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

13:13:09.0591 4520 AudioEndpointBuilder - ok

13:13:09.0669 4520 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll

13:13:09.0669 4520 Audiosrv - ok

13:13:10.0496 4520 [ 34A0A6386256080F52C74076C6157026 ] BCM43XV C:\Windows\system32\DRIVERS\bcmwl6.sys

13:13:10.0511 4520 BCM43XV - ok

13:13:11.0307 4520 [ 34A0A6386256080F52C74076C6157026 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys

13:13:11.0307 4520 BCM43XX - ok

13:13:11.0463 4520 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys

13:13:11.0525 4520 Beep - ok

13:13:11.0744 4520 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll

13:13:11.0837 4520 BFE - ok

13:13:12.0430 4520 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\system32\qmgr.dll

13:13:12.0711 4520 BITS - ok

13:13:12.0726 4520 blbdrive - ok

13:13:12.0836 4520 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys

13:13:12.0851 4520 bowser - ok

13:13:12.0992 4520 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys

13:13:13.0023 4520 BrFiltLo - ok

13:13:13.0101 4520 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys

13:13:13.0132 4520 BrFiltUp - ok

13:13:13.0194 4520 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll

13:13:13.0257 4520 Browser - ok

13:13:13.0382 4520 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys

13:13:13.0413 4520 Brserid - ok

13:13:13.0460 4520 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys

13:13:13.0460 4520 BrSerWdm - ok

13:13:13.0491 4520 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys

13:13:13.0491 4520 BrUsbMdm - ok

13:13:13.0522 4520 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys

13:13:13.0522 4520 BrUsbSer - ok

13:13:13.0553 4520 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

13:13:13.0553 4520 BTHMODEM - ok

13:13:13.0928 4520 catchme - ok

13:13:13.0990 4520 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

13:13:14.0006 4520 cdfs - ok

13:13:14.0037 4520 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

13:13:14.0037 4520 cdrom - ok

13:13:14.0099 4520 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll

13:13:14.0099 4520 CertPropSvc - ok

13:13:14.0146 4520 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys

13:13:14.0146 4520 circlass - ok

13:13:14.0224 4520 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys

13:13:14.0224 4520 CLFS - ok

13:13:14.0318 4520 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:13:14.0333 4520 clr_optimization_v2.0.50727_32 - ok

13:13:14.0708 4520 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:13:14.0708 4520 clr_optimization_v4.0.30319_32 - ok

13:13:14.0817 4520 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

13:13:14.0832 4520 CmBatt - ok

13:13:14.0879 4520 [ 45201046C776FFDAF3FC8A0029C581C8 ] cmdide C:\Windows\system32\drivers\cmdide.sys

13:13:14.0879 4520 cmdide - ok

13:13:14.0973 4520 [ B6E7991E3D6146C04C85CD31AF22A381 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys

13:13:15.0035 4520 CnxtHdAudService - ok

13:13:15.0347 4520 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

13:13:15.0378 4520 Com4QLBEx - ok

13:13:15.0456 4520 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

13:13:15.0456 4520 Compbatt - ok

13:13:15.0472 4520 COMSysApp - ok

13:13:15.0550 4520 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

13:13:15.0550 4520 crcdisk - ok

13:13:15.0628 4520 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys

13:13:15.0644 4520 Crusoe - ok

13:13:15.0753 4520 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll

13:13:15.0768 4520 CryptSvc - ok

13:13:15.0987 4520 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll

13:13:16.0018 4520 DcomLaunch - ok

13:13:16.0065 4520 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys

13:13:16.0065 4520 DfsC - ok

13:13:16.0502 4520 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe

13:13:16.0595 4520 DFSR - ok

13:13:16.0985 4520 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll

13:13:17.0016 4520 Dhcp - ok

13:13:17.0094 4520 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys

13:13:17.0126 4520 disk - ok

13:13:17.0204 4520 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll

13:13:17.0235 4520 Dnscache - ok

13:13:17.0328 4520 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll

13:13:17.0344 4520 dot3svc - ok

13:13:17.0500 4520 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll

13:13:17.0516 4520 DPS - ok

13:13:17.0625 4520 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

13:13:17.0656 4520 drmkaud - ok

13:13:17.0765 4520 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

13:13:17.0781 4520 DXGKrnl - ok

13:13:17.0937 4520 [ C0B00E55CF82D122D25983C7A6A53DEA ] E100B C:\Windows\system32\DRIVERS\e100b325.sys

13:13:17.0952 4520 E100B - ok

13:13:18.0046 4520 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys

13:13:18.0077 4520 E1G60 - ok

13:13:18.0171 4520 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll

13:13:18.0202 4520 EapHost - ok

13:13:18.0405 4520 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys

13:13:18.0420 4520 Ecache - ok

13:13:18.0686 4520 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

13:13:18.0701 4520 ehRecvr - ok

13:13:18.0779 4520 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe

13:13:18.0810 4520 ehSched - ok

13:13:18.0842 4520 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll

13:13:18.0873 4520 ehstart - ok

13:13:19.0013 4520 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys

13:13:19.0044 4520 elxstor - ok

13:13:19.0247 4520 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll

13:13:19.0372 4520 EMDMgmt - ok

13:13:19.0512 4520 [ 27AA2C6917C94F6636563D416C8EE24F ] esClient C:\Program Files\Windows Home Server\esClient.exe

13:13:19.0575 4520 esClient - ok

13:13:19.0778 4520 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll

13:13:19.0793 4520 EventSystem - ok

13:13:19.0902 4520 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys

13:13:19.0902 4520 exfat - ok

13:13:19.0980 4520 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys

13:13:20.0105 4520 fastfat - ok

13:13:20.0183 4520 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys

13:13:20.0214 4520 fdc - ok

13:13:20.0261 4520 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll

13:13:20.0277 4520 fdPHost - ok

13:13:20.0370 4520 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll

13:13:20.0386 4520 FDResPub - ok

13:13:20.0511 4520 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

13:13:20.0526 4520 FileInfo - ok

13:13:20.0604 4520 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys

13:13:20.0636 4520 Filetrace - ok

13:13:20.0667 4520 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

13:13:20.0698 4520 flpydisk - ok

13:13:20.0823 4520 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

13:13:20.0885 4520 FltMgr - ok

13:13:21.0088 4520 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll

13:13:21.0182 4520 FontCache - ok

13:13:21.0400 4520 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:13:21.0416 4520 FontCache3.0.0.0 - ok

13:13:21.0478 4520 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

13:13:21.0509 4520 Fs_Rec - ok

13:13:21.0572 4520 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

13:13:21.0603 4520 gagp30kx - ok

13:13:21.0806 4520 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files\WildTangent Games\App\GamesAppService.exe

13:13:21.0852 4520 GamesAppService - ok

13:13:21.0915 4520 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:13:21.0915 4520 GEARAspiWDM - ok

13:13:22.0398 4520 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

13:13:22.0414 4520 GoogleDesktopManager-051210-111108 - ok

13:13:22.0648 4520 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll

13:13:22.0710 4520 gpsvc - ok

13:13:23.0007 4520 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c8b18043707efe C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:23.0038 4520 gupdate1c8b18043707efe - ok

13:13:23.0054 4520 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe

13:13:23.0054 4520 gupdatem - ok

13:13:23.0178 4520 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

13:13:23.0210 4520 gusvc - ok

13:13:23.0303 4520 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys

13:13:23.0334 4520 hamachi - ok

13:13:24.0036 4520 [ D1C12332326D7F4AB5CB57C660FEED0B ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

13:13:24.0224 4520 Hamachi2Svc - ok

13:13:24.0348 4520 [ 93AEE3434935FC2F805FEFD8DC5ED1B4 ] HBtnKey C:\Windows\system32\DRIVERS\cpqbttn.sys

13:13:24.0348 4520 HBtnKey - ok

13:13:24.0489 4520 [ 07EEE11D6E2B78122E17DB3878B4C687 ] HdAudAddService C:\Windows\system32\drivers\CHDART.sys

13:13:24.0504 4520 HdAudAddService - ok

13:13:24.0738 4520 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

13:13:24.0801 4520 HDAudBus - ok

13:13:24.0879 4520 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys

13:13:24.0894 4520 HidBth - ok

13:13:24.0926 4520 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys

13:13:24.0941 4520 HidIr - ok

13:13:25.0066 4520 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll

13:13:25.0097 4520 hidserv - ok

13:13:25.0128 4520 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys

13:13:25.0144 4520 HidUsb - ok

13:13:25.0222 4520 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll

13:13:25.0253 4520 hkmsvc - ok

13:13:25.0456 4520 [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

13:13:25.0456 4520 HP Health Check Service - ok

13:13:25.0503 4520 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys

13:13:25.0534 4520 HpCISSs - ok

13:13:25.0690 4520 [ 4092496C2E1B1438665B086548512B13 ] HPMSSConnectorSvc C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MSSConnectorService.exe

13:13:25.0690 4520 HPMSSConnectorSvc - ok

13:13:25.0846 4520 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

13:13:25.0862 4520 HpqKbFiltr - ok

13:13:26.0018 4520 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe

13:13:26.0064 4520 hpqwmiex - ok

13:13:26.0142 4520 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS

13:13:26.0174 4520 HSFHWAZL - ok

13:13:26.0501 4520 [ 1882827F41DEE51C70E24C567C35BFB5 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys

13:13:26.0548 4520 HSF_DPV - ok

13:13:26.0595 4520 [ A44DDF3BA83E4664BF4DE9220097578C ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys

13:13:26.0626 4520 HSXHWAZL - ok

13:13:26.0813 4520 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys

13:13:26.0844 4520 HTTP - ok

13:13:26.0922 4520 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys

13:13:26.0938 4520 i2omp - ok

13:13:27.0063 4520 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

13:13:27.0078 4520 i8042prt - ok

13:13:27.0702 4520 [ E5490AEA3B791C454E9933BF749CA3D8 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys

13:13:29.0200 4520 ialm - ok

13:13:29.0294 4520 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys

13:13:29.0325 4520 iaStorV - ok

13:13:29.0434 4520 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

13:13:29.0450 4520 IDriverT - ok

13:13:29.0715 4520 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:13:29.0777 4520 idsvc - ok

13:13:30.0401 4520 [ E5490AEA3B791C454E9933BF749CA3D8 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys

13:13:30.0432 4520 igfx - ok

13:13:30.0464 4520 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys

13:13:30.0464 4520 iirsp - ok

13:13:30.0651 4520 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll

13:13:30.0713 4520 IKEEXT - ok

13:13:30.0760 4520 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys

13:13:30.0760 4520 intelide - ok

13:13:30.0869 4520 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

13:13:30.0869 4520 intelppm - ok

13:13:30.0916 4520 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll

13:13:30.0947 4520 IPBusEnum - ok

13:13:31.0010 4520 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:13:31.0025 4520 IpFilterDriver - ok

13:13:31.0134 4520 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

13:13:31.0228 4520 iphlpsvc - ok

13:13:31.0244 4520 IpInIp - ok

13:13:31.0337 4520 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys

13:13:31.0337 4520 IPMIDRV - ok

13:13:31.0415 4520 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys

13:13:31.0431 4520 IPNAT - ok

13:13:31.0556 4520 [ 7A3611564FCE7C8BE50B03F58CB3EB7D ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

13:13:31.0587 4520 iPod Service - ok

13:13:31.0634 4520 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

13:13:31.0634 4520 IRENUM - ok

13:13:31.0696 4520 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys

13:13:31.0712 4520 isapnp - ok

13:13:31.0774 4520 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys

13:13:31.0774 4520 iScsiPrt - ok

13:13:31.0805 4520 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys

13:13:31.0821 4520 iteatapi - ok

13:13:31.0852 4520 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys

13:13:31.0868 4520 iteraid - ok

13:13:31.0946 4520 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

13:13:31.0946 4520 kbdclass - ok

13:13:32.0039 4520 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

13:13:32.0055 4520 kbdhid - ok

13:13:32.0117 4520 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe

13:13:32.0148 4520 KeyIso - ok

13:13:32.0570 4520 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

13:13:32.0616 4520 KSecDD - ok

13:13:32.0788 4520 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll

13:13:32.0850 4520 KtmRm - ok

13:13:32.0944 4520 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll

13:13:32.0960 4520 LanmanServer - ok

13:13:33.0069 4520 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

13:13:33.0100 4520 LanmanWorkstation - ok

13:13:33.0194 4520 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe

13:13:33.0209 4520 LightScribeService - ok

13:13:33.0303 4520 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

13:13:33.0318 4520 lltdio - ok

13:13:33.0396 4520 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll

13:13:33.0428 4520 lltdsvc - ok

13:13:33.0506 4520 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll

13:13:33.0521 4520 lmhosts - ok

13:13:33.0802 4520 [ FDEA00D7B13211FEC24E411FDA43D9BA ] LMIGuardianSvc C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

13:13:33.0849 4520 LMIGuardianSvc - ok

13:13:33.0911 4520 [ 4F69FAAABB7DB0D43E327C0B6AAB40FC ] LMIInfo C:\Program Files\LogMeIn\x86\RaInfo.sys

13:13:33.0911 4520 LMIInfo - ok

13:13:33.0974 4520 [ E67977626735C9033AA6EB264329CE98 ] LMIMaint C:\Program Files\LogMeIn\x86\RaMaint.exe

13:13:34.0005 4520 LMIMaint - ok

13:13:34.0036 4520 [ 4477689E2D8AE6B78BA34C9AF4CC1ED1 ] lmimirr C:\Windows\system32\DRIVERS\lmimirr.sys

13:13:34.0052 4520 lmimirr - ok

13:13:34.0067 4520 LMIRfsClientNP - ok

13:13:34.0130 4520 [ 3FAA563DDF853320F90259D455A01D79 ] LMIRfsDriver C:\Windows\system32\drivers\LMIRfsDriver.sys

13:13:34.0130 4520 LMIRfsDriver - ok

13:13:34.0192 4520 [ 9015122D04C195BDAB88FEBCBAE229DB ] LogMeIn C:\Program Files\LogMeIn\x86\LogMeIn.exe

13:13:34.0223 4520 LogMeIn - ok

13:13:34.0317 4520 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

13:13:34.0348 4520 LSI_FC - ok

13:13:34.0379 4520 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

13:13:34.0395 4520 LSI_SAS - ok

13:13:34.0410 4520 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

13:13:34.0457 4520 LSI_SCSI - ok

13:13:34.0520 4520 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys

13:13:34.0520 4520 luafv - ok

13:13:34.0738 4520 [ E6CB119EF2E148EAA1A247343550756E ] McciCMService C:\Program Files\Common Files\Motive\McciCMService.exe

13:13:34.0785 4520 McciCMService - ok

13:13:34.0863 4520 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

13:13:34.0878 4520 Mcx2Svc - ok

13:13:34.0972 4520 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:13:34.0972 4520 mdmxsdk - ok

13:13:35.0019 4520 [ 75E31D760FF9A57DA66CB2E336C40316 ] MediaCollectorService C:\Program Files\Hewlett-Packard\HP MediaSmart Server\MediaCollectorClient.exe

13:13:35.0034 4520 MediaCollectorService - ok

13:13:35.0097 4520 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys

13:13:35.0097 4520 megasas - ok

13:13:35.0190 4520 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll

13:13:35.0206 4520 MMCSS - ok

13:13:35.0331 4520 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys

13:13:35.0346 4520 Modem - ok

13:13:35.0456 4520 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys

13:13:35.0456 4520 monitor - ok

13:13:35.0487 4520 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

13:13:35.0487 4520 mouclass - ok

13:13:35.0534 4520 [ A3A6DFF7E9E757DB3DF51A833BC28885 ] mouhid C:\Windows\system32\drivers\mouhid.sys

13:13:35.0565 4520 mouhid - ok

13:13:35.0612 4520 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys

13:13:35.0627 4520 MountMgr - ok

13:13:35.0752 4520 [ D993BEA500E7382DC4E760BF4F35EFCB ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

13:13:35.0768 4520 MpFilter - ok

13:13:35.0892 4520 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys

13:13:35.0908 4520 mpio - ok

13:13:36.0360 4520 [ A69630D039C38018689190234F866D77 ] MpKslf0173e3f c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{374E45EC-09A2-4188-B322-2B549F6624B0}\MpKslf0173e3f.sys

13:13:36.0360 4520 MpKslf0173e3f - ok

13:13:36.0423 4520 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

13:13:36.0438 4520 mpsdrv - ok

13:13:36.0579 4520 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll

13:13:36.0610 4520 MpsSvc - ok

13:13:36.0657 4520 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys

13:13:36.0688 4520 Mraid35x - ok

13:13:36.0719 4520 [ 9BD4DCB5412921864A7AACDEDFBD1923 ] MREMP50 C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

13:13:36.0719 4520 MREMP50 - ok

13:13:36.0719 4520 MREMPR5 - ok

13:13:36.0735 4520 MRENDIS5 - ok

13:13:36.0766 4520 [ 07C02C892E8E1A72D6BF35004F0E9C5E ] MRESP50 C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

13:13:36.0797 4520 MRESP50 - ok

13:13:36.0844 4520 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

13:13:36.0844 4520 MRxDAV - ok

13:13:36.0906 4520 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

13:13:36.0922 4520 mrxsmb - ok

13:13:37.0047 4520 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:13:37.0078 4520 mrxsmb10 - ok

13:13:37.0125 4520 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:13:37.0156 4520 mrxsmb20 - ok

13:13:37.0281 4520 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys

13:13:37.0281 4520 msahci - ok

13:13:37.0343 4520 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys

13:13:37.0374 4520 msdsm - ok

13:13:37.0468 4520 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe

13:13:37.0484 4520 MSDTC - ok

13:13:37.0515 4520 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys

13:13:37.0546 4520 Msfs - ok

13:13:37.0640 4520 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

13:13:37.0640 4520 msisadrv - ok

13:13:37.0686 4520 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

13:13:37.0686 4520 MSiSCSI - ok

13:13:37.0702 4520 msiserver - ok

13:13:37.0811 4520 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

13:13:37.0842 4520 MSKSSRV - ok

13:13:37.0952 4520 [ 24516BF4E12A46CB67302E2CDCB8CDDF ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

13:13:37.0967 4520 MsMpSvc - ok

13:13:38.0030 4520 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

13:13:38.0045 4520 MSPCLOCK - ok

13:13:38.0076 4520 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

13:13:38.0076 4520 MSPQM - ok

13:13:38.0186 4520 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

13:13:38.0186 4520 MsRPC - ok

13:13:38.0248 4520 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

13:13:38.0248 4520 mssmbios - ok

13:13:38.0373 4520 MSSQL$ACT7 - ok

13:13:38.0466 4520 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe

13:13:38.0482 4520 MSSQLServerADHelper - ok

13:13:38.0529 4520 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

13:13:38.0529 4520 MSTEE - ok

13:13:38.0560 4520 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys

13:13:38.0591 4520 Mup - ok

13:13:38.0654 4520 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll

13:13:38.0685 4520 napagent - ok

13:13:38.0825 4520 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

13:13:38.0856 4520 NativeWifiP - ok

13:13:38.0950 4520 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys

13:13:38.0966 4520 NDIS - ok

13:13:39.0028 4520 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

13:13:39.0044 4520 NdisTapi - ok

13:13:39.0106 4520 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

13:13:39.0106 4520 Ndisuio - ok

13:13:39.0168 4520 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

13:13:39.0168 4520 NdisWan - ok

13:13:39.0231 4520 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

13:13:39.0231 4520 NDProxy - ok

13:13:39.0496 4520 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

13:13:39.0512 4520 NetBIOS - ok

13:13:39.0558 4520 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys

13:13:39.0574 4520 netbt - ok

13:13:39.0590 4520 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe

13:13:39.0590 4520 Netlogon - ok

13:13:39.0683 4520 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll

13:13:39.0699 4520 Netman - ok

13:13:39.0746 4520 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll

13:13:39.0761 4520 netprofm - ok

13:13:39.0808 4520 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:13:39.0808 4520 NetTcpPortSharing - ok

13:13:40.0120 4520 [ EA30BD026A7D1B745A37516880C4AC1B ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys

13:13:40.0370 4520 NETw3v32 - ok

13:13:40.0416 4520 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

13:13:40.0479 4520 nfrd960 - ok

13:13:40.0588 4520 [ B52F26BADE7D7E4A79706E3FD91834CD ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

13:13:40.0619 4520 NisDrv - ok

13:13:40.0697 4520 [ 290C0D4C4889398797F8DF3BE00B9698 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

13:13:40.0728 4520 NisSrv - ok

13:13:40.0838 4520 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll

13:13:40.0884 4520 NlaSvc - ok

13:13:40.0931 4520 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys

13:13:40.0947 4520 Npfs - ok

13:13:41.0009 4520 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll

13:13:41.0040 4520 nsi - ok

13:13:41.0103 4520 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

13:13:41.0165 4520 nsiproxy - ok

13:13:41.0571 4520 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

13:13:41.0633 4520 Ntfs - ok

13:13:41.0680 4520 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys

13:13:41.0711 4520 ntrigdigi - ok

13:13:41.0774 4520 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys

13:13:41.0774 4520 Null - ok

13:13:41.0820 4520 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys

13:13:41.0852 4520 nvraid - ok

13:13:41.0883 4520 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys

13:13:41.0898 4520 nvstor - ok

13:13:41.0945 4520 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

13:13:41.0961 4520 nv_agp - ok

13:13:41.0976 4520 NwlnkFlt - ok

13:13:41.0976 4520 NwlnkFwd - ok

13:13:42.0413 4520 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

13:13:42.0491 4520 odserv - ok

13:13:42.0569 4520 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

13:13:42.0585 4520 ohci1394 - ok

13:13:42.0678 4520 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:13:42.0710 4520 ose - ok

13:13:42.0928 4520 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll

13:13:43.0022 4520 p2pimsvc - ok

13:13:43.0287 4520 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll

13:13:43.0287 4520 p2psvc - ok

13:13:43.0599 4520 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys

13:13:43.0724 4520 Parport - ok

13:13:43.0786 4520 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys

13:13:43.0817 4520 partmgr - ok

13:13:43.0911 4520 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys

13:13:43.0926 4520 Parvdm - ok

13:13:43.0973 4520 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll

13:13:43.0989 4520 PcaSvc - ok

13:13:44.0067 4520 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys

13:13:44.0082 4520 pci - ok

13:13:44.0129 4520 [ 3B1901E401473E03EB8C874271E50C26 ] pciide C:\Windows\system32\drivers\pciide.sys

13:13:44.0145 4520 pciide - ok

13:13:44.0192 4520 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

13:13:44.0192 4520 pcmcia - ok

13:13:44.0301 4520 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys

13:13:44.0379 4520 PEAUTH - ok

13:13:44.0628 4520 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll

13:13:44.0753 4520 pla - ok

13:13:44.0800 4520 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll

13:13:44.0831 4520 PlugPlay - ok

13:13:44.0956 4520 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll

13:13:44.0972 4520 PNRPAutoReg - ok

13:13:45.0003 4520 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll

13:13:45.0018 4520 PNRPsvc - ok

13:13:45.0128 4520 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

13:13:45.0174 4520 PolicyAgent - ok

13:13:45.0268 4520 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

13:13:45.0299 4520 PptpMiniport - ok

13:13:45.0346 4520 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys

13:13:45.0346 4520 Processor - ok

13:13:45.0502 4520 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll

13:13:45.0518 4520 ProfSvc - ok

13:13:45.0564 4520 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe

13:13:45.0580 4520 ProtectedStorage - ok

13:13:45.0627 4520 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys

13:13:45.0658 4520 PSched - ok

13:13:45.0783 4520 [ E0D0CB09AA07B22BE984E4F7EC0326F5 ] PSI_SVC_2 C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

13:13:45.0798 4520 PSI_SVC_2 - ok

13:13:45.0876 4520 [ 03E0FE281823BA64B3782F5B38950E73 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys

13:13:45.0892 4520 PxHelp20 - ok

13:13:46.0079 4520 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys

13:13:46.0188 4520 ql2300 - ok

13:13:46.0220 4520 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

13:13:46.0344 4520 ql40xx - ok

13:13:46.0469 4520 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll

13:13:46.0516 4520 QWAVE - ok

13:13:46.0641 4520 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

13:13:46.0703 4520 QWAVEdrv - ok

13:13:46.0812 4520 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

13:13:46.0859 4520 RasAcd - ok

13:13:46.0922 4520 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll

13:13:46.0984 4520 RasAuto - ok

13:13:47.0031 4520 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

13:13:47.0093 4520 Rasl2tp - ok

13:13:47.0234 4520 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll

13:13:47.0280 4520 RasMan - ok

13:13:47.0358 4520 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

13:13:47.0390 4520 RasPppoe - ok

13:13:47.0436 4520 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

13:13:47.0483 4520 RasSstp - ok

13:13:47.0655 4520 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

13:13:47.0733 4520 rdbss - ok

13:13:47.0795 4520 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

13:13:47.0842 4520 RDPCDD - ok

13:13:47.0936 4520 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys

13:13:47.0998 4520 rdpdr - ok

13:13:48.0029 4520 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

13:13:48.0060 4520 RDPENCDD - ok

13:13:48.0107 4520 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

13:13:48.0138 4520 RDPWD - ok

13:13:48.0279 4520 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll

13:13:48.0310 4520 RemoteAccess - ok

13:13:48.0357 4520 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll

13:13:48.0404 4520 RemoteRegistry - ok

13:13:48.0778 4520 [ 08FB7D968805001C7ADCBB14B0651FA2 ] RoxMediaDB9 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

13:13:49.0418 4520 RoxMediaDB9 - ok

13:13:49.0542 4520 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe

13:13:49.0620 4520 RpcLocator - ok

13:13:49.0901 4520 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll

13:13:49.0917 4520 RpcSs - ok

13:13:50.0026 4520 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

13:13:50.0135 4520 rspndr - ok

13:13:50.0276 4520 [ 5E01AB8AB1ACF8850B2D64A6FD068E46 ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys

13:13:50.0291 4520 RTL8023xp - ok

13:13:50.0322 4520 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe

13:13:50.0322 4520 SamSs - ok

13:13:50.0400 4520 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

13:13:50.0447 4520 sbp2port - ok

13:13:50.0572 4520 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll

13:13:50.0619 4520 SCardSvr - ok

13:13:50.0853 4520 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll

13:13:51.0212 4520 Schedule - ok

13:13:51.0352 4520 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll

13:13:51.0352 4520 SCPolicySvc - ok

13:13:51.0446 4520 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll

13:13:51.0508 4520 SDRSVC - ok

13:13:51.0867 4520 [ 16A252022535B680046F6E34E136D378 ] SeaPort C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

13:13:52.0070 4520 SeaPort - ok

13:13:52.0194 4520 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys

13:13:52.0210 4520 secdrv - ok

13:13:52.0272 4520 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll

13:13:52.0319 4520 seclogon - ok

13:13:52.0397 4520 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\system32\sens.dll

13:13:52.0413 4520 SENS - ok

13:13:52.0428 4520 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys

13:13:52.0444 4520 Serenum - ok

13:13:52.0553 4520 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys

13:13:52.0600 4520 Serial - ok

13:13:52.0647 4520 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys

13:13:52.0662 4520 sermouse - ok

13:13:52.0756 4520 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll

13:13:52.0772 4520 SessionEnv - ok

13:13:52.0818 4520 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

13:13:52.0834 4520 sffdisk - ok

13:13:52.0850 4520 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

13:13:52.0881 4520 sffp_mmc - ok

13:13:52.0912 4520 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

13:13:52.0928 4520 sffp_sd - ok

13:13:52.0959 4520 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

13:13:52.0974 4520 sfloppy - ok

13:13:53.0146 4520 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll

13:13:53.0193 4520 SharedAccess - ok

13:13:53.0318 4520 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll

13:13:53.0349 4520 ShellHWDetection - ok

13:13:53.0427 4520 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys

13:13:53.0442 4520 sisagp - ok

13:13:53.0661 4520 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys

13:13:53.0692 4520 SiSRaid2 - ok

13:13:53.0723 4520 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

13:13:53.0739 4520 SiSRaid4 - ok

13:13:54.0082 4520 [ 8BD46E8C8A7AA245FC84044DB36180D0 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe

13:13:54.0191 4520 SkypeUpdate - ok

13:13:54.0815 4520 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe

13:13:56.0391 4520 slsvc - ok

13:13:56.0578 4520 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll

13:13:56.0594 4520 SLUINotify - ok

13:13:56.0687 4520 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys

13:13:56.0750 4520 Smb - ok

13:13:56.0906 4520 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe

13:13:56.0937 4520 SNMPTRAP - ok

13:13:57.0015 4520 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys

13:13:57.0015 4520 spldr - ok

13:13:57.0077 4520 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe

13:13:57.0093 4520 Spooler - ok

13:13:57.0218 4520 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:13:57.0374 4520 SQLBrowser - ok

13:13:57.0452 4520 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:13:57.0623 4520 SQLWriter - ok

13:13:57.0795 4520 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys

13:13:57.0857 4520 srv - ok

13:13:57.0951 4520 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

13:13:57.0982 4520 srv2 - ok

13:13:58.0060 4520 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

13:13:58.0122 4520 srvnet - ok

13:13:58.0263 4520 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

13:13:58.0325 4520 SSDPSRV - ok

13:13:58.0419 4520 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll

13:13:58.0466 4520 SstpSvc - ok

13:13:58.0700 4520 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll

13:13:58.0856 4520 stisvc - ok

13:13:58.0856 4520 stllssvr - ok

13:13:58.0902 4520 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

13:13:58.0902 4520 swenum - ok

13:13:59.0136 4520 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll

13:13:59.0370 4520 swprv - ok

13:13:59.0448 4520 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys

13:13:59.0480 4520 Symc8xx - ok

13:13:59.0542 4520 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys

13:13:59.0714 4520 Sym_hi - ok

13:13:59.0760 4520 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys

13:13:59.0792 4520 Sym_u3 - ok

13:13:59.0948 4520 [ 3D6316279C3540AA268BF025F4621EF3 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

13:13:59.0948 4520 SynTP - ok

13:14:00.0135 4520 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll

13:14:00.0462 4520 SysMain - ok

13:14:00.0540 4520 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll

13:14:00.0743 4520 TabletInputService - ok

13:14:00.0868 4520 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll

13:14:00.0962 4520 TapiSrv - ok

13:14:01.0024 4520 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll

13:14:01.0024 4520 TBS - ok

13:14:01.0554 4520 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys

13:14:01.0695 4520 Tcpip - ok

13:14:01.0851 4520 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys

13:14:01.0851 4520 Tcpip6 - ok

13:14:01.0944 4520 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

13:14:01.0976 4520 tcpipreg - ok

13:14:02.0085 4520 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

13:14:02.0132 4520 TDPIPE - ok

13:14:02.0194 4520 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

13:14:02.0210 4520 TDTCP - ok

13:14:02.0256 4520 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

13:14:02.0303 4520 tdx - ok

13:14:02.0334 4520 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

13:14:02.0334 4520 TermDD - ok

13:14:02.0490 4520 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll

13:14:02.0568 4520 TermService - ok

13:14:02.0756 4520 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll

13:14:02.0756 4520 Themes - ok

13:14:02.0818 4520 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll

13:14:02.0818 4520 THREADORDER - ok

13:14:02.0912 4520 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll

13:14:02.0958 4520 TrkWks - ok

13:14:03.0036 4520 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

13:14:03.0068 4520 TrustedInstaller - ok

13:14:03.0114 4520 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

13:14:03.0114 4520 tssecsrv - ok

13:14:03.0177 4520 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys

13:14:03.0177 4520 tunmp - ok

13:14:03.0270 4520 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

13:14:03.0504 4520 tunnel - ok

13:14:03.0551 4520 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

13:14:03.0582 4520 uagp35 - ok

13:14:03.0660 4520 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

13:14:03.0692 4520 udfs - ok

13:14:03.0738 4520 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe

13:14:03.0770 4520 UI0Detect - ok

13:14:03.0816 4520 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

13:14:03.0848 4520 uliagpkx - ok

13:14:03.0910 4520 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys

13:14:03.0957 4520 uliahci - ok

13:14:04.0066 4520 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys

13:14:04.0097 4520 UlSata - ok

13:14:04.0128 4520 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys

13:14:04.0175 4520 ulsata2 - ok

13:14:04.0253 4520 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

13:14:04.0284 4520 umbus - ok

13:14:04.0394 4520 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll

13:14:04.0456 4520 upnphost - ok

13:14:04.0518 4520 [ 8BD3AE150D97BA4E633C6C5C51B41AE1 ] usbccgp C:\Windows\system32\drivers\usbccgp.sys

13:14:04.0518 4520 usbccgp - ok

13:14:04.0565 4520 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys

13:14:04.0596 4520 usbcir - ok

13:14:04.0721 4520 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

13:14:04.0768 4520 usbehci - ok

13:14:04.0830 4520 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

13:14:04.0862 4520 usbhub - ok

13:14:04.0908 4520 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys

13:14:04.0955 4520 usbohci - ok

13:14:04.0986 4520 [ B51E52ACF758BE00EF3A58EA452FE360 ] usbprint C:\Windows\system32\drivers\usbprint.sys

13:14:05.0018 4520 usbprint - ok

13:14:05.0080 4520 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:14:05.0127 4520 USBSTOR - ok

13:14:05.0174 4520 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys

13:14:05.0189 4520 usbuhci - ok

13:14:05.0345 4520 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll

13:14:05.0564 4520 UxSms - ok

13:14:06.0406 4520 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe

13:14:06.0999 4520 vds - ok

13:14:07.0077 4520 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

13:14:07.0124 4520 vga - ok

13:14:07.0248 4520 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys

13:14:07.0280 4520 VgaSave - ok

13:14:07.0311 4520 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys

13:14:07.0342 4520 viaagp - ok

13:14:07.0373 4520 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys

13:14:07.0451 4520 ViaC7 - ok

13:14:07.0701 4520 [ FD2E3175FCADA350C7AB4521DCA187EC ] viaide C:\Windows\system32\drivers\viaide.sys

13:14:07.0763 4520 viaide - ok

13:14:07.0826 4520 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys

13:14:07.0888 4520 volmgr - ok

13:14:08.0075 4520 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

13:14:08.0106 4520 volmgrx - ok

13:14:08.0216 4520 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys

13:14:08.0278 4520 volsnap - ok

13:14:08.0356 4520 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

13:14:08.0403 4520 vsmraid - ok

13:14:08.0840 4520 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe

13:14:09.0698 4520 VSS - ok

13:14:10.0010 4520 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll

13:14:10.0212 4520 W32Time - ok

13:14:10.0306 4520 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys

13:14:10.0322 4520 WacomPen - ok

13:14:10.0384 4520 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys

13:14:10.0415 4520 Wanarp - ok

13:14:10.0431 4520 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

13:14:10.0431 4520 Wanarpv6 - ok

13:14:10.0540 4520 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll

13:14:10.0602 4520 wcncsvc - ok

13:14:10.0680 4520 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

13:14:10.0712 4520 WcsPlugInService - ok

13:14:10.0743 4520 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys

13:14:10.0758 4520 Wd - ok

13:14:10.0914 4520 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

13:14:10.0977 4520 Wdf01000 - ok

13:14:11.0086 4520 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll

13:14:11.0195 4520 WdiServiceHost - ok

13:14:11.0195 4520 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll

13:14:11.0195 4520 WdiSystemHost - ok

13:14:11.0258 4520 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll

13:14:11.0320 4520 WebClient - ok

13:14:11.0476 4520 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll

13:14:11.0975 4520 Wecsvc - ok

13:14:12.0194 4520 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll

13:14:12.0225 4520 wercplsupport - ok

13:14:12.0303 4520 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll

13:14:12.0365 4520 WerSvc - ok

13:14:12.0615 4520 [ 9CBB79BF4786D141096FCDFB2B831690 ] WHSConnector C:\Program Files\Windows Home Server\WHSConnector.exe

13:14:13.0161 4520 WHSConnector - ok

13:14:13.0504 4520 [ E096FFB754F1E45AE1BDDAC1275AE2C5 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys

13:14:13.0613 4520 winachsf - ok

13:14:13.0941 4520 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll

13:14:13.0988 4520 WinDefend - ok

13:14:13.0988 4520 WinHttpAutoProxySvc - ok

13:14:14.0128 4520 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

13:14:14.0159 4520 Winmgmt - ok

13:14:14.0409 4520 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll

13:14:14.0908 4520 WinRM - ok

13:14:15.0158 4520 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll

13:14:15.0438 4520 Wlansvc - ok

13:14:16.0125 4520 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:14:16.0936 4520 wlidsvc - ok

13:14:17.0014 4520 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

13:14:17.0014 4520 WmiAcpi - ok

13:14:17.0123 4520 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

13:14:17.0139 4520 wmiApSrv - ok

13:14:17.0747 4520 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe

13:14:17.0950 4520 WMPNetworkSvc - ok

13:14:18.0028 4520 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll

13:14:18.0044 4520 WPCSvc - ok

13:14:18.0122 4520 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

13:14:18.0168 4520 WPDBusEnum - ok

13:14:18.0605 4520 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe

13:14:18.0964 4520 WPFFontCache_v0400 - ok

13:14:19.0089 4520 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

13:14:19.0089 4520 ws2ifsl - ok

13:14:19.0182 4520 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll

13:14:19.0323 4520 wscsvc - ok

13:14:19.0323 4520 WSearch - ok

13:14:20.0103 4520 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll

13:14:21.0257 4520 wuauserv - ok

13:14:21.0413 4520 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

13:14:21.0413 4520 WUDFRd - ok

13:14:21.0476 4520 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll

13:14:21.0507 4520 wudfsvc - ok

13:14:21.0554 4520 [ 19E7C173B6242AD7521E537AE54768BF ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys

13:14:21.0585 4520 XAudio - ok

13:14:21.0788 4520 [ CDA0BC78672B50C43649FF34E1FD0FF8 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe

13:14:21.0819 4520 XAudioService - ok

13:14:21.0944 4520 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

13:14:21.0975 4520 YahooAUService - ok

13:14:21.0990 4520 ================ Scan global ===============================

13:14:22.0037 4520 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll

13:14:22.0115 4520 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

13:14:22.0178 4520 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll

13:14:22.0256 4520 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe

13:14:22.0271 4520 [Global] - ok

13:14:22.0271 4520 ================ Scan MBR ==================================

13:14:22.0302 4520 [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0

13:14:25.0095 4520 \Device\Harddisk0\DR0 - ok

13:14:25.0095 4520 ================ Scan VBR ==================================

13:14:25.0142 4520 [ 0D85B41575343C70371A0ADDF8DB022A ] \Device\Harddisk0\DR0\Partition1

13:14:25.0157 4520 \Device\Harddisk0\DR0\Partition1 - ok

13:14:25.0235 4520 [ D03296DB056E294746CA56B2428D5C0C ] \Device\Harddisk0\DR0\Partition2

13:14:25.0235 4520 \Device\Harddisk0\DR0\Partition2 - ok

13:14:25.0235 4520 ============================================================

13:14:25.0235 4520 Scan finished

13:14:25.0235 4520 ============================================================

13:14:25.0251 3052 Detected object count: 0

13:14:25.0251 3052 Actual detected object count: 0



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:17 PM

Posted 18 September 2012 - 12:19 PM

ok let me have the aswmbr report next
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users