Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili redirect


  • Please log in to reply
26 replies to this topic

#1 bmcdowell99

bmcdowell99

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 April 2012 - 10:19 AM

My computer has a redirect to happilli. I have not made any changes to my computer....please help!

Thank you!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 02 April 2012 - 10:29 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#3 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 April 2012 - 02:28 PM

10:32:58.0426 4524 TDSS rootkit removing tool 2.7.24.0 Apr 2 2012 10:31:48
10:32:58.0861 4524 ============================================================
10:32:58.0861 4524 Current date / time: 2012/04/02 10:32:58.0861
10:32:58.0861 4524 SystemInfo:
10:32:58.0861 4524
10:32:58.0861 4524 OS Version: 6.1.7601 ServicePack: 1.0
10:32:58.0861 4524 Product type: Workstation
10:32:58.0861 4524 ComputerName: BRANDON-PC
10:32:58.0861 4524 UserName: Brandon
10:32:58.0861 4524 Windows directory: C:\Windows
10:32:58.0861 4524 System windows directory: C:\Windows
10:32:58.0861 4524 Running under WOW64
10:32:58.0861 4524 Processor architecture: Intel x64
10:32:58.0861 4524 Number of processors: 3
10:32:58.0861 4524 Page size: 0x1000
10:32:58.0861 4524 Boot type: Normal boot
10:32:58.0861 4524 ============================================================
10:32:59.0285 4524 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:32:59.0289 4524 \Device\Harddisk0\DR0:
10:32:59.0290 4524 MBR used
10:32:59.0290 4524 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
10:32:59.0290 4524 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
10:32:59.0333 4524 Initialize success
10:32:59.0333 4524 ============================================================
10:33:15.0039 9052 ============================================================
10:33:15.0039 9052 Scan started
10:33:15.0039 9052 Mode: Manual; TDLFS;
10:33:15.0039 9052 ============================================================
10:33:20.0890 9052 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
10:33:20.0891 9052 1394ohci - ok
10:33:20.0971 9052 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
10:33:20.0973 9052 ACPI - ok
10:33:21.0083 9052 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
10:33:21.0085 9052 AcpiPmi - ok
10:33:21.0184 9052 Adobe LM Service (5ddc0a8d2cd60bda593ddaf45821ce08) C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
10:33:21.0186 9052 Adobe LM Service - ok
10:33:21.0283 9052 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
10:33:21.0291 9052 adp94xx - ok
10:33:21.0418 9052 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
10:33:21.0421 9052 adpahci - ok
10:33:21.0473 9052 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
10:33:21.0475 9052 adpu320 - ok
10:33:21.0511 9052 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
10:33:21.0512 9052 AeLookupSvc - ok
10:33:21.0575 9052 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
10:33:21.0578 9052 AESTFilters - ok
10:33:21.0724 9052 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
10:33:21.0727 9052 AFD - ok
10:33:21.0808 9052 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
10:33:21.0809 9052 agp440 - ok
10:33:21.0978 9052 Akamai (1125c7d9fb8898015829c387c1bc87c7) c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll
10:33:21.0979 9052 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll. md5: 1125c7d9fb8898015829c387c1bc87c7
10:33:21.0985 9052 Akamai ( HiddenFile.Multi.Generic ) - warning
10:33:21.0985 9052 Akamai - detected HiddenFile.Multi.Generic (1)
10:33:22.0093 9052 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
10:33:22.0095 9052 ALG - ok
10:33:22.0172 9052 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
10:33:22.0173 9052 aliide - ok
10:33:22.0288 9052 AMD External Events Utility (c6469ced96fedef508aeb74553135cdc) C:\Windows\system32\atiesrxx.exe
10:33:22.0292 9052 AMD External Events Utility - ok
10:33:22.0348 9052 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
10:33:22.0348 9052 amdide - ok
10:33:22.0400 9052 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
10:33:22.0401 9052 AmdK8 - ok
10:33:22.0662 9052 amdkmdag (18ad9ad00ffad95dc820762fb7f4b80f) C:\Windows\system32\DRIVERS\atikmdag.sys
10:33:22.0718 9052 amdkmdag - ok
10:33:23.0183 9052 amdkmdap (dbf0db9a8b60a2c029eb70824afccbda) C:\Windows\system32\DRIVERS\atikmpag.sys
10:33:23.0187 9052 amdkmdap - ok
10:33:23.0523 9052 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
10:33:23.0525 9052 AmdPPM - ok
10:33:24.0068 9052 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
10:33:24.0070 9052 amdsata - ok
10:33:24.0436 9052 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
10:33:24.0438 9052 amdsbs - ok
10:33:24.0618 9052 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
10:33:24.0618 9052 amdxata - ok
10:33:24.0809 9052 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
10:33:24.0810 9052 AppID - ok
10:33:24.0893 9052 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
10:33:24.0894 9052 AppIDSvc - ok
10:33:25.0029 9052 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
10:33:25.0030 9052 Appinfo - ok
10:33:25.0193 9052 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:33:25.0194 9052 Apple Mobile Device - ok
10:33:25.0342 9052 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
10:33:25.0344 9052 arc - ok
10:33:25.0515 9052 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
10:33:25.0516 9052 arcsas - ok
10:33:25.0651 9052 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
10:33:25.0652 9052 aspnet_state - ok
10:33:26.0316 9052 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
10:33:26.0316 9052 AsyncMac - ok
10:33:26.0460 9052 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
10:33:26.0461 9052 atapi - ok
10:33:26.0592 9052 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
10:33:26.0594 9052 AtiHdmiService - ok
10:33:26.0712 9052 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
10:33:26.0714 9052 AtiPcie - ok
10:33:26.0829 9052 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:33:26.0834 9052 AudioEndpointBuilder - ok
10:33:26.0862 9052 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
10:33:26.0866 9052 AudioSrv - ok
10:33:27.0015 9052 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
10:33:27.0018 9052 AxInstSV - ok
10:33:27.0092 9052 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
10:33:27.0095 9052 b06bdrv - ok
10:33:27.0249 9052 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
10:33:27.0254 9052 b57nd60a - ok
10:33:27.0553 9052 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys
10:33:27.0555 9052 BCM42RLY - ok
10:33:27.0723 9052 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys
10:33:27.0742 9052 BCM43XX - ok
10:33:27.0906 9052 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys
10:33:27.0907 9052 BcmVWL - ok
10:33:27.0967 9052 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
10:33:27.0969 9052 BDESVC - ok
10:33:28.0078 9052 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
10:33:28.0078 9052 Beep - ok
10:33:28.0225 9052 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
10:33:28.0237 9052 BFE - ok
10:33:28.0273 9052 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
10:33:28.0279 9052 BITS - ok
10:33:28.0362 9052 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
10:33:28.0363 9052 blbdrive - ok
10:33:28.0476 9052 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
10:33:28.0484 9052 Bonjour Service - ok
10:33:28.0606 9052 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
10:33:28.0607 9052 bowser - ok
10:33:28.0689 9052 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:33:28.0690 9052 BrFiltLo - ok
10:33:28.0725 9052 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:33:28.0725 9052 BrFiltUp - ok
10:33:28.0767 9052 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
10:33:28.0771 9052 Browser - ok
10:33:28.0872 9052 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
10:33:28.0875 9052 Brserid - ok
10:33:28.0967 9052 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
10:33:28.0968 9052 BrSerWdm - ok
10:33:28.0999 9052 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:33:28.0999 9052 BrUsbMdm - ok
10:33:29.0025 9052 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
10:33:29.0026 9052 BrUsbSer - ok
10:33:29.0166 9052 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
10:33:29.0166 9052 BTHMODEM - ok
10:33:29.0452 9052 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
10:33:29.0453 9052 bthserv - ok
10:33:29.0493 9052 c2wts - ok
10:33:29.0764 9052 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
10:33:29.0765 9052 cdfs - ok
10:33:29.0893 9052 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
10:33:29.0894 9052 cdrom - ok
10:33:30.0014 9052 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:33:30.0017 9052 CertPropSvc - ok
10:33:30.0133 9052 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
10:33:30.0134 9052 circlass - ok
10:33:30.0223 9052 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
10:33:30.0226 9052 CLFS - ok
10:33:30.0313 9052 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:33:30.0315 9052 clr_optimization_v2.0.50727_32 - ok
10:33:30.0418 9052 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:33:30.0419 9052 clr_optimization_v2.0.50727_64 - ok
10:33:30.0614 9052 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:33:30.0616 9052 clr_optimization_v4.0.30319_32 - ok
10:33:30.0748 9052 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:33:30.0749 9052 clr_optimization_v4.0.30319_64 - ok
10:33:30.0873 9052 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
10:33:30.0873 9052 CmBatt - ok
10:33:30.0950 9052 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
10:33:30.0951 9052 cmdide - ok
10:33:31.0061 9052 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
10:33:31.0068 9052 CNG - ok
10:33:31.0211 9052 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
10:33:31.0211 9052 Compbatt - ok
10:33:31.0771 9052 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
10:33:31.0772 9052 CompositeBus - ok
10:33:31.0886 9052 COMSysApp - ok
10:33:31.0944 9052 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
10:33:31.0944 9052 crcdisk - ok
10:33:32.0076 9052 CrmSqlStartupSvc (fad039e43ed85bc887d42d824f286684) C:\Program Files (x86)\Microsoft Dynamics CRM\Client\bin\CrmSqlStartupSvc.exe
10:33:32.0077 9052 CrmSqlStartupSvc - ok
10:33:32.0208 9052 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
10:33:32.0209 9052 CryptSvc - ok
10:33:32.0297 9052 CtClsFlt (ed5cf92396a62f4c15110dcdb5e854d9) C:\Windows\system32\DRIVERS\CtClsFlt.sys
10:33:32.0298 9052 CtClsFlt - ok
10:33:32.0434 9052 dc3d (7f61fbe259c18666d8ddf862f13a5eb0) C:\Windows\system32\DRIVERS\dc3d.sys
10:33:32.0434 9052 dc3d - ok
10:33:32.0584 9052 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:33:32.0589 9052 DcomLaunch - ok
10:33:32.0702 9052 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
10:33:32.0704 9052 defragsvc - ok
10:33:32.0816 9052 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
10:33:32.0817 9052 DfsC - ok
10:33:32.0959 9052 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
10:33:32.0962 9052 Dhcp - ok
10:33:33.0070 9052 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
10:33:33.0070 9052 discache - ok
10:33:33.0227 9052 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
10:33:33.0228 9052 Disk - ok
10:33:33.0349 9052 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
10:33:33.0351 9052 Dnscache - ok
10:33:33.0451 9052 DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
10:33:33.0453 9052 DockLoginService - ok
10:33:33.0610 9052 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
10:33:33.0613 9052 dot3svc - ok
10:33:33.0743 9052 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
10:33:33.0744 9052 Dot4 - ok
10:33:33.0882 9052 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\drivers\Dot4Prt.sys
10:33:33.0883 9052 Dot4Print - ok
10:33:33.0982 9052 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
10:33:33.0982 9052 dot4usb - ok
10:33:34.0088 9052 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
10:33:34.0090 9052 DPS - ok
10:33:34.0189 9052 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
10:33:34.0190 9052 drmkaud - ok
10:33:34.0330 9052 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
10:33:34.0336 9052 DXGKrnl - ok
10:33:34.0443 9052 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
10:33:34.0447 9052 EapHost - ok
10:33:34.0629 9052 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
10:33:34.0648 9052 ebdrv - ok
10:33:34.0783 9052 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
10:33:34.0785 9052 EFS - ok
10:33:34.0895 9052 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
10:33:34.0899 9052 ehRecvr - ok
10:33:35.0010 9052 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
10:33:35.0012 9052 ehSched - ok
10:33:35.0124 9052 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
10:33:35.0129 9052 elxstor - ok
10:33:35.0779 9052 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
10:33:35.0779 9052 ErrDev - ok
10:33:35.0941 9052 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
10:33:35.0952 9052 EventSystem - ok
10:33:36.0078 9052 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
10:33:36.0083 9052 exfat - ok
10:33:36.0196 9052 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
10:33:36.0202 9052 fastfat - ok
10:33:36.0337 9052 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
10:33:36.0346 9052 Fax - ok
10:33:36.0478 9052 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
10:33:36.0480 9052 fdc - ok
10:33:36.0642 9052 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
10:33:36.0645 9052 fdPHost - ok
10:33:36.0690 9052 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
10:33:36.0692 9052 FDResPub - ok
10:33:36.0792 9052 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
10:33:36.0795 9052 FileInfo - ok
10:33:36.0866 9052 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
10:33:36.0968 9052 Filetrace - ok
10:33:37.0045 9052 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
10:33:37.0058 9052 FLEXnet Licensing Service - ok
10:33:37.0155 9052 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
10:33:37.0157 9052 flpydisk - ok
10:33:37.0309 9052 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
10:33:37.0316 9052 FltMgr - ok
10:33:37.0498 9052 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
10:33:37.0535 9052 FontCache - ok
10:33:37.0679 9052 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:33:37.0682 9052 FontCache3.0.0.0 - ok
10:33:37.0792 9052 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
10:33:37.0794 9052 FsDepends - ok
10:33:37.0911 9052 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
10:33:37.0912 9052 Fs_Rec - ok
10:33:38.0060 9052 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
10:33:38.0065 9052 fvevol - ok
10:33:38.0182 9052 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:33:38.0185 9052 gagp30kx - ok
10:33:38.0332 9052 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:33:38.0334 9052 GEARAspiWDM - ok
10:33:38.0408 9052 GoToAssist (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
10:33:38.0410 9052 GoToAssist - ok
10:33:38.0562 9052 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
10:33:38.0580 9052 gpsvc - ok
10:33:38.0697 9052 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:33:38.0699 9052 gupdate - ok
10:33:38.0717 9052 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
10:33:38.0718 9052 gupdatem - ok
10:33:38.0789 9052 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
10:33:38.0792 9052 gusvc - ok
10:33:38.0886 9052 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
10:33:38.0888 9052 hcw85cir - ok
10:33:39.0043 9052 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
10:33:39.0047 9052 HdAudAddService - ok
10:33:39.0204 9052 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
10:33:39.0207 9052 HDAudBus - ok
10:33:39.0333 9052 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
10:33:39.0334 9052 HidBatt - ok
10:33:39.0449 9052 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
10:33:39.0451 9052 HidBth - ok
10:33:39.0811 9052 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
10:33:39.0812 9052 HidIr - ok
10:33:39.0927 9052 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
10:33:39.0928 9052 hidserv - ok
10:33:40.0091 9052 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
10:33:40.0092 9052 HidUsb - ok
10:33:40.0231 9052 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
10:33:40.0236 9052 hkmsvc - ok
10:33:40.0367 9052 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
10:33:40.0371 9052 HomeGroupListener - ok
10:33:40.0505 9052 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
10:33:40.0513 9052 HomeGroupProvider - ok
10:33:40.0701 9052 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
10:33:40.0706 9052 hpqcxs08 - ok
10:33:40.0725 9052 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
10:33:40.0729 9052 hpqddsvc - ok
10:33:40.0874 9052 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
10:33:40.0877 9052 HpSAMD - ok
10:33:41.0017 9052 HPSLPSVC (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
10:33:41.0044 9052 HPSLPSVC - ok
10:33:41.0236 9052 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
10:33:41.0244 9052 HTTP - ok
10:33:41.0446 9052 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
10:33:41.0448 9052 hwpolicy - ok
10:33:41.0680 9052 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
10:33:41.0683 9052 i8042prt - ok
10:33:41.0940 9052 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
10:33:41.0945 9052 iaStorV - ok
10:33:42.0380 9052 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:33:42.0392 9052 idsvc - ok
10:33:42.0765 9052 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
10:33:42.0915 9052 igfx - ok
10:33:43.0225 9052 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
10:33:43.0227 9052 iirsp - ok
10:33:43.0931 9052 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
10:33:44.0003 9052 IKEEXT - ok
10:33:44.0384 9052 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
10:33:44.0387 9052 intelide - ok
10:33:44.0817 9052 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
10:33:44.0818 9052 intelppm - ok
10:33:45.0604 9052 IntuitUpdateService (1a263bd87c082fa7ab38093014c8fc79) C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
10:33:45.0605 9052 IntuitUpdateService - ok
10:33:46.0095 9052 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
10:33:46.0097 9052 IPBusEnum - ok
10:33:46.0516 9052 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:33:46.0519 9052 IpFilterDriver - ok
10:33:46.0836 9052 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
10:33:46.0843 9052 iphlpsvc - ok
10:33:47.0275 9052 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
10:33:47.0428 9052 IPMIDRV - ok
10:33:47.0963 9052 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
10:33:47.0965 9052 IPNAT - ok
10:33:48.0531 9052 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe
10:33:48.0600 9052 iPod Service - ok
10:33:48.0741 9052 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
10:33:48.0742 9052 IRENUM - ok
10:33:48.0897 9052 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
10:33:48.0898 9052 isapnp - ok
10:33:49.0126 9052 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
10:33:49.0131 9052 iScsiPrt - ok
10:33:49.0407 9052 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
10:33:49.0409 9052 kbdclass - ok
10:33:49.0812 9052 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
10:33:49.0813 9052 kbdhid - ok
10:33:50.0127 9052 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:33:50.0129 9052 KeyIso - ok
10:33:50.0285 9052 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
10:33:50.0287 9052 KSecDD - ok
10:33:50.0560 9052 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
10:33:50.0564 9052 KSecPkg - ok
10:33:50.0958 9052 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
10:33:50.0960 9052 ksthunk - ok
10:33:51.0089 9052 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
10:33:51.0094 9052 KtmRm - ok
10:33:51.0609 9052 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
10:33:51.0618 9052 LanmanServer - ok
10:33:51.0982 9052 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
10:33:51.0986 9052 LanmanWorkstation - ok
10:33:52.0486 9052 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
10:33:52.0488 9052 lltdio - ok
10:33:52.0822 9052 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
10:33:52.0826 9052 lltdsvc - ok
10:33:53.0095 9052 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
10:33:53.0097 9052 lmhosts - ok
10:33:54.0097 9052 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:33:54.0134 9052 LSI_FC - ok
10:33:54.0528 9052 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:33:54.0535 9052 LSI_SAS - ok
10:33:54.0823 9052 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:33:54.0824 9052 LSI_SAS2 - ok
10:33:54.0868 9052 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:33:54.0874 9052 LSI_SCSI - ok
10:33:54.0991 9052 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
10:33:54.0993 9052 luafv - ok
10:33:55.0192 9052 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
10:33:55.0194 9052 Mcx2Svc - ok
10:33:55.0340 9052 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
10:33:55.0342 9052 megasas - ok
10:33:55.0665 9052 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
10:33:55.0670 9052 MegaSR - ok
10:33:55.0930 9052 Microsoft SharePoint Workspace Audit Service - ok
10:33:56.0228 9052 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:33:56.0231 9052 MMCSS - ok
10:33:56.0397 9052 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
10:33:56.0398 9052 Modem - ok
10:33:56.0648 9052 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
10:33:56.0649 9052 monitor - ok
10:33:56.0826 9052 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
10:33:56.0828 9052 mouclass - ok
10:33:56.0995 9052 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
10:33:56.0996 9052 mouhid - ok
10:33:57.0111 9052 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
10:33:57.0113 9052 mountmgr - ok
10:33:57.0820 9052 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
10:33:57.0822 9052 mpio - ok
10:33:58.0236 9052 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
10:33:58.0238 9052 mpsdrv - ok
10:33:58.0317 9052 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
10:33:58.0334 9052 MpsSvc - ok
10:33:58.0461 9052 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
10:33:58.0464 9052 MRxDAV - ok
10:33:58.0516 9052 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:33:58.0519 9052 mrxsmb - ok
10:33:58.0568 9052 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:33:58.0573 9052 mrxsmb10 - ok
10:33:58.0677 9052 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:33:58.0679 9052 mrxsmb20 - ok
10:33:58.0741 9052 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
10:33:58.0743 9052 msahci - ok
10:33:58.0871 9052 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
10:33:58.0873 9052 msdsm - ok
10:33:58.0913 9052 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
10:33:58.0918 9052 MSDTC - ok
10:33:59.0051 9052 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
10:33:59.0055 9052 Msfs - ok
10:33:59.0101 9052 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
10:33:59.0105 9052 mshidkmdf - ok
10:33:59.0160 9052 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
10:33:59.0165 9052 msisadrv - ok
10:33:59.0996 9052 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
10:34:00.0000 9052 MSiSCSI - ok
10:34:00.0217 9052 msiserver - ok
10:34:00.0290 9052 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
10:34:00.0291 9052 MSKSSRV - ok
10:34:00.0422 9052 msoidsvc (3d9df5c79abe835e58df426b14600a33) C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
10:34:00.0484 9052 msoidsvc - ok
10:34:00.0620 9052 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
10:34:00.0621 9052 MSPCLOCK - ok
10:34:00.0745 9052 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
10:34:00.0747 9052 MSPQM - ok
10:34:00.0879 9052 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
10:34:00.0884 9052 MsRPC - ok
10:34:01.0034 9052 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
10:34:01.0035 9052 mssmbios - ok
10:34:01.0119 9052 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
10:34:01.0120 9052 MSTEE - ok
10:34:01.0180 9052 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
10:34:01.0181 9052 MTConfig - ok
10:34:01.0293 9052 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
10:34:01.0294 9052 Mup - ok
10:34:01.0419 9052 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
10:34:01.0426 9052 napagent - ok
10:34:01.0792 9052 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
10:34:01.0797 9052 NativeWifiP - ok
10:34:01.0939 9052 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
10:34:01.0953 9052 NDIS - ok
10:34:02.0131 9052 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
10:34:02.0132 9052 NdisCap - ok
10:34:02.0209 9052 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
10:34:02.0217 9052 NdisTapi - ok
10:34:02.0293 9052 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
10:34:02.0295 9052 Ndisuio - ok
10:34:02.0371 9052 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
10:34:02.0374 9052 NdisWan - ok
10:34:02.0440 9052 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
10:34:02.0442 9052 NDProxy - ok
10:34:02.0488 9052 Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
10:34:02.0490 9052 Net Driver HPZ12 - ok
10:34:02.0551 9052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
10:34:02.0553 9052 NetBIOS - ok
10:34:02.0677 9052 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
10:34:02.0681 9052 NetBT - ok
10:34:02.0794 9052 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:02.0796 9052 Netlogon - ok
10:34:02.0924 9052 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
10:34:02.0930 9052 Netman - ok
10:34:03.0079 9052 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:03.0083 9052 NetMsmqActivator - ok
10:34:03.0096 9052 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:03.0098 9052 NetPipeActivator - ok
10:34:03.0219 9052 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
10:34:03.0227 9052 netprofm - ok
10:34:03.0358 9052 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:03.0360 9052 NetTcpActivator - ok
10:34:03.0377 9052 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
10:34:03.0378 9052 NetTcpPortSharing - ok
10:34:03.0464 9052 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
10:34:03.0465 9052 nfrd960 - ok
10:34:03.0538 9052 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
10:34:03.0543 9052 NlaSvc - ok
10:34:03.0654 9052 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
10:34:03.0655 9052 Npfs - ok
10:34:03.0763 9052 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
10:34:03.0765 9052 nsi - ok
10:34:03.0877 9052 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
10:34:03.0879 9052 nsiproxy - ok
10:34:04.0046 9052 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
10:34:04.0092 9052 Ntfs - ok
10:34:04.0216 9052 NuidFltr (9924bdc1882f8c92335e26483bd1fb24) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:34:04.0217 9052 NuidFltr - ok
10:34:04.0326 9052 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
10:34:04.0327 9052 Null - ok
10:34:04.0450 9052 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
10:34:04.0455 9052 nvraid - ok
10:34:04.0633 9052 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
10:34:04.0637 9052 nvstor - ok
10:34:04.0773 9052 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
10:34:04.0777 9052 nv_agp - ok
10:34:04.0871 9052 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
10:34:04.0872 9052 ohci1394 - ok
10:34:04.0961 9052 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:34:04.0964 9052 ose - ok
10:34:05.0151 9052 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:34:05.0299 9052 osppsvc - ok
10:34:05.0914 9052 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:05.0918 9052 p2pimsvc - ok
10:34:06.0392 9052 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
10:34:06.0398 9052 p2psvc - ok
10:34:06.0491 9052 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
10:34:06.0492 9052 Parport - ok
10:34:06.0649 9052 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
10:34:06.0650 9052 partmgr - ok
10:34:06.0735 9052 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
10:34:06.0737 9052 PcaSvc - ok
10:34:06.0842 9052 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
10:34:06.0843 9052 pci - ok
10:34:06.0943 9052 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
10:34:06.0943 9052 pciide - ok
10:34:07.0036 9052 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
10:34:07.0038 9052 pcmcia - ok
10:34:07.0118 9052 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
10:34:07.0120 9052 pcw - ok
10:34:07.0542 9052 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
10:34:07.0547 9052 PEAUTH - ok
10:34:07.0623 9052 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
10:34:07.0624 9052 PerfHost - ok
10:34:07.0752 9052 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
10:34:07.0763 9052 pla - ok
10:34:07.0920 9052 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
10:34:07.0925 9052 PlugPlay - ok
10:34:08.0052 9052 Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
10:34:08.0054 9052 Pml Driver HPZ12 - ok
10:34:08.0181 9052 pnpnptool (1ec64dc82ef22e4acebfa326d8a7c216) C:\Windows\system32\Drivers\pnpnptool.sys
10:34:08.0183 9052 pnpnptool - ok
10:34:08.0278 9052 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
10:34:08.0280 9052 PNRPAutoReg - ok
10:34:08.0366 9052 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
10:34:08.0369 9052 PNRPsvc - ok
10:34:08.0498 9052 pnusbd (792609b81e9d20d611b655cdac4dd66b) C:\Windows\system32\Drivers\pnusbd.sys
10:34:08.0499 9052 pnusbd - ok
10:34:09.0091 9052 pnusbvirtualhubwssrv (ee1612b03486874a7052f8b339ec8507) C:\Windows\system32\pnusbvirtualhubwssrv.exe
10:34:09.0096 9052 pnusbvirtualhubwssrv - ok
10:34:09.0619 9052 Point64 (33328fa8a580885ab0065be6db266e9f) C:\Windows\system32\DRIVERS\point64.sys
10:34:09.0621 9052 Point64 - ok
10:34:09.0730 9052 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
10:34:09.0739 9052 PolicyAgent - ok
10:34:09.0871 9052 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
10:34:09.0878 9052 Power - ok
10:34:10.0023 9052 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
10:34:10.0024 9052 PptpMiniport - ok
10:34:10.0126 9052 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
10:34:10.0127 9052 Processor - ok
10:34:10.0252 9052 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
10:34:10.0255 9052 ProfSvc - ok
10:34:10.0372 9052 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:10.0375 9052 ProtectedStorage - ok
10:34:10.0521 9052 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
10:34:10.0524 9052 Psched - ok
10:34:10.0687 9052 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:34:10.0688 9052 PxHlpa64 - ok
10:34:11.0190 9052 QBCFMonitorService (4080e220eb20d87ae74d12570b8a8027) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
10:34:11.0190 9052 QBCFMonitorService - ok
10:34:12.0248 9052 QBFCService (6bee1814470dc12fa20c53dfc3c97ebb) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
10:34:12.0249 9052 QBFCService - ok
10:34:12.0370 9052 QBVSS (8f5b666c7035deeb6d945f4e4647c96a) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
10:34:12.0379 9052 QBVSS - ok
10:34:12.0499 9052 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
10:34:12.0509 9052 ql2300 - ok
10:34:12.0567 9052 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
10:34:12.0568 9052 ql40xx - ok
10:34:12.0624 9052 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
10:34:12.0627 9052 QWAVE - ok
10:34:12.0719 9052 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
10:34:12.0721 9052 QWAVEdrv - ok
10:34:12.0810 9052 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
10:34:12.0812 9052 RasAcd - ok
10:34:12.0934 9052 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:34:12.0936 9052 RasAgileVpn - ok
10:34:13.0027 9052 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
10:34:13.0031 9052 RasAuto - ok
10:34:13.0130 9052 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:34:13.0132 9052 Rasl2tp - ok
10:34:13.0300 9052 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
10:34:13.0312 9052 RasMan - ok
10:34:13.0376 9052 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
10:34:13.0378 9052 RasPppoe - ok
10:34:13.0409 9052 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
10:34:13.0411 9052 RasSstp - ok
10:34:13.0449 9052 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
10:34:13.0453 9052 rdbss - ok
10:34:13.0608 9052 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
10:34:13.0609 9052 rdpbus - ok
10:34:13.0649 9052 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:34:13.0650 9052 RDPCDD - ok
10:34:13.0733 9052 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
10:34:13.0734 9052 RDPENCDD - ok
10:34:13.0816 9052 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
10:34:13.0818 9052 RDPREFMP - ok
10:34:13.0872 9052 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
10:34:13.0878 9052 RDPWD - ok
10:34:13.0957 9052 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
10:34:13.0962 9052 rdyboost - ok
10:34:14.0054 9052 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
10:34:14.0056 9052 RemoteAccess - ok
10:34:14.0077 9052 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
10:34:14.0081 9052 RemoteRegistry - ok
10:34:14.0179 9052 RimUsb (71b48ddaf5e9c2b40e64de5c405f5aac) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
10:34:14.0181 9052 RimUsb - ok
10:34:14.0297 9052 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:34:14.0299 9052 RimVSerPort - ok
10:34:14.0419 9052 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
10:34:14.0421 9052 ROOTMODEM - ok
10:34:14.0536 9052 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
10:34:14.0539 9052 RpcEptMapper - ok
10:34:14.0641 9052 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
10:34:14.0643 9052 RpcLocator - ok
10:34:14.0773 9052 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
10:34:14.0778 9052 RpcSs - ok
10:34:14.0888 9052 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
10:34:14.0892 9052 rspndr - ok
10:34:15.0007 9052 RSUSBSTOR (30f463768d5143bfd7b2df822b53cf4d) C:\Windows\system32\Drivers\RtsUStor.sys
10:34:15.0013 9052 RSUSBSTOR - ok
10:34:15.0483 9052 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\Windows\system32\DRIVERS\Rt64win7.sys
10:34:15.0716 9052 RTL8167 - ok
10:34:16.0061 9052 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:16.0065 9052 SamSs - ok
10:34:16.0182 9052 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
10:34:16.0186 9052 sbp2port - ok
10:34:16.0289 9052 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
10:34:16.0298 9052 SCardSvr - ok
10:34:16.0424 9052 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
10:34:16.0426 9052 scfilter - ok
10:34:16.0629 9052 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
10:34:16.0648 9052 Schedule - ok
10:34:16.0802 9052 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
10:34:16.0803 9052 SCPolicySvc - ok
10:34:16.0882 9052 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
10:34:16.0886 9052 SDRSVC - ok
10:34:16.0962 9052 SeaPort (16a252022535b680046f6e34e136d378) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
10:34:16.0965 9052 SeaPort - ok
10:34:17.0092 9052 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:34:17.0094 9052 secdrv - ok
10:34:17.0188 9052 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
10:34:17.0482 9052 seclogon - ok
10:34:18.0058 9052 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
10:34:18.0064 9052 SENS - ok
10:34:18.0180 9052 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
10:34:18.0183 9052 SensrSvc - ok
10:34:18.0251 9052 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
10:34:18.0252 9052 Serenum - ok
10:34:18.0355 9052 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
10:34:18.0359 9052 Serial - ok
10:34:18.0432 9052 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
10:34:18.0434 9052 sermouse - ok
10:34:18.0562 9052 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
10:34:18.0565 9052 SessionEnv - ok
10:34:18.0693 9052 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
10:34:18.0695 9052 sffdisk - ok
10:34:18.0838 9052 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
10:34:18.0839 9052 sffp_mmc - ok
10:34:18.0975 9052 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
10:34:18.0976 9052 sffp_sd - ok
10:34:19.0090 9052 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
10:34:19.0092 9052 sfloppy - ok
10:34:19.0358 9052 SftService (38f88f0df46c4d42125ef721abd7f6b9) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
10:34:19.0378 9052 SftService - ok
10:34:19.0729 9052 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
10:34:19.0737 9052 SharedAccess - ok
10:34:19.0867 9052 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
10:34:19.0878 9052 ShellHWDetection - ok
10:34:20.0018 9052 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:34:20.0020 9052 SiSRaid2 - ok
10:34:20.0150 9052 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
10:34:20.0153 9052 SiSRaid4 - ok
10:34:20.0300 9052 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
10:34:20.0302 9052 Smb - ok
10:34:20.0400 9052 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
10:34:20.0405 9052 SNMPTRAP - ok
10:34:20.0532 9052 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
10:34:20.0536 9052 spldr - ok
10:34:20.0650 9052 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
10:34:20.0672 9052 Spooler - ok
10:34:20.0913 9052 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
10:34:21.0014 9052 sppsvc - ok
10:34:21.0235 9052 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
10:34:21.0250 9052 sppuinotify - ok
10:34:21.0758 9052 sprtsvc_DellComms (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
10:34:21.0760 9052 sprtsvc_DellComms - ok
10:34:21.0861 9052 sprtsvc_DellSupportCenter (d630b6f2e8379b6f10dc16e82a426552) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
10:34:21.0864 9052 sprtsvc_DellSupportCenter - ok
10:34:22.0002 9052 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
10:34:22.0014 9052 srv - ok
10:34:22.0187 9052 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
10:34:22.0192 9052 srv2 - ok
10:34:22.0340 9052 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
10:34:22.0342 9052 srvnet - ok
10:34:22.0438 9052 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
10:34:22.0442 9052 SSDPSRV - ok
10:34:22.0479 9052 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
10:34:22.0482 9052 SstpSvc - ok
10:34:22.0571 9052 STacSV (463e33b1ea7af1e6eb87b66b831db41a) C:\Program Files\IDT\WDM\STacSV64.exe
10:34:22.0574 9052 STacSV - ok
10:34:22.0689 9052 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
10:34:22.0690 9052 stexstor - ok
10:34:22.0825 9052 STHDA (4304b75094e106fb5423a290c95841e5) C:\Windows\system32\DRIVERS\stwrt64.sys
10:34:22.0832 9052 STHDA - ok
10:34:22.0926 9052 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
10:34:22.0927 9052 StillCam - ok
10:34:23.0033 9052 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
10:34:23.0374 9052 stisvc - ok
10:34:24.0049 9052 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
10:34:24.0050 9052 swenum - ok
10:34:24.0136 9052 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
10:34:24.0144 9052 swprv - ok
10:34:24.0266 9052 SynTP (8a3fbcb3d6d4710730d27da4392a4863) C:\Windows\system32\DRIVERS\SynTP.sys
10:34:24.0271 9052 SynTP - ok
10:34:24.0384 9052 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
10:34:24.0430 9052 SysMain - ok
10:34:24.0540 9052 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
10:34:24.0543 9052 TabletInputService - ok
10:34:24.0649 9052 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
10:34:24.0655 9052 TapiSrv - ok
10:34:24.0751 9052 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
10:34:24.0758 9052 TBS - ok
10:34:24.0918 9052 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
10:34:25.0006 9052 Tcpip - ok
10:34:25.0351 9052 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
10:34:25.0363 9052 TCPIP6 - ok
10:34:25.0539 9052 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
10:34:25.0540 9052 tcpipreg - ok
10:34:25.0640 9052 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
10:34:25.0641 9052 TDPIPE - ok
10:34:25.0759 9052 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
10:34:25.0761 9052 TDTCP - ok
10:34:25.0891 9052 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
10:34:25.0893 9052 tdx - ok
10:34:26.0017 9052 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
10:34:26.0019 9052 TermDD - ok
10:34:26.0148 9052 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
10:34:26.0154 9052 TermService - ok
10:34:26.0249 9052 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
10:34:26.0251 9052 Themes - ok
10:34:26.0350 9052 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
10:34:26.0354 9052 THREADORDER - ok
10:34:26.0471 9052 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
10:34:26.0475 9052 TrkWks - ok
10:34:26.0564 9052 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
10:34:26.0566 9052 TrustedInstaller - ok
10:34:26.0904 9052 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:34:26.0906 9052 tssecsrv - ok
10:34:27.0074 9052 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
10:34:27.0075 9052 TsUsbFlt - ok
10:34:27.0333 9052 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
10:34:27.0337 9052 tunnel - ok
10:34:27.0409 9052 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
10:34:27.0410 9052 uagp35 - ok
10:34:27.0550 9052 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
10:34:27.0555 9052 udfs - ok
10:34:27.0684 9052 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
10:34:27.0687 9052 UI0Detect - ok
10:34:27.0826 9052 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
10:34:27.0829 9052 uliagpkx - ok
10:34:27.0964 9052 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
10:34:27.0965 9052 umbus - ok
10:34:28.0092 9052 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
10:34:28.0093 9052 UmPass - ok
10:34:28.0192 9052 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
10:34:28.0198 9052 upnphost - ok
10:34:28.0326 9052 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:34:28.0328 9052 USBAAPL64 - ok
10:34:28.0454 9052 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
10:34:28.0457 9052 usbccgp - ok
10:34:28.0630 9052 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
10:34:28.0632 9052 usbcir - ok
10:34:28.0717 9052 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
10:34:28.0718 9052 usbehci - ok
10:34:28.0775 9052 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
10:34:28.0777 9052 usbfilter - ok
10:34:28.0971 9052 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
10:34:29.0001 9052 usbhub - ok
10:34:29.0101 9052 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
10:34:29.0103 9052 usbohci - ok
10:34:29.0169 9052 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
10:34:29.0170 9052 usbprint - ok
10:34:29.0291 9052 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
10:34:29.0293 9052 usbscan - ok
10:34:29.0430 9052 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:34:29.0432 9052 USBSTOR - ok
10:34:29.0561 9052 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
10:34:29.0563 9052 usbuhci - ok
10:34:29.0702 9052 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
10:34:29.0705 9052 usbvideo - ok
10:34:29.0792 9052 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
10:34:29.0798 9052 UxSms - ok
10:34:29.0916 9052 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
10:34:29.0917 9052 VaultSvc - ok
10:34:30.0072 9052 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
10:34:30.0074 9052 vdrvroot - ok
10:34:30.0213 9052 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
10:34:30.0221 9052 vds - ok
10:34:30.0366 9052 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
10:34:30.0369 9052 vga - ok
10:34:30.0498 9052 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
10:34:30.0500 9052 VgaSave - ok
10:34:30.0680 9052 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
10:34:30.0683 9052 vhdmp - ok
10:34:30.0812 9052 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
10:34:30.0813 9052 viaide - ok
10:34:30.0959 9052 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
10:34:30.0962 9052 volmgr - ok
10:34:31.0124 9052 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
10:34:31.0134 9052 volmgrx - ok
10:34:31.0284 9052 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
10:34:31.0286 9052 volsnap - ok
10:34:31.0427 9052 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
10:34:31.0435 9052 vsmraid - ok
10:34:31.0595 9052 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
10:34:31.0653 9052 VSS - ok
10:34:32.0032 9052 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
10:34:32.0033 9052 vwifibus - ok
10:34:32.0173 9052 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
10:34:32.0176 9052 vwififlt - ok
10:34:32.0333 9052 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
10:34:32.0334 9052 vwifimp - ok
10:34:32.0477 9052 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
10:34:32.0484 9052 W32Time - ok
10:34:32.0639 9052 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
10:34:32.0640 9052 WacomPen - ok
10:34:32.0817 9052 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:32.0819 9052 WANARP - ok
10:34:32.0823 9052 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
10:34:32.0825 9052 Wanarpv6 - ok
10:34:33.0014 9052 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
10:34:33.0059 9052 WatAdminSvc - ok
10:34:33.0565 9052 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
10:34:33.0647 9052 wbengine - ok
10:34:33.0811 9052 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
10:34:33.0816 9052 WbioSrvc - ok
10:34:33.0941 9052 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
10:34:33.0947 9052 wcncsvc - ok
10:34:34.0441 9052 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
10:34:34.0444 9052 WcsPlugInService - ok
10:34:34.0578 9052 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
10:34:34.0579 9052 Wd - ok
10:34:34.0739 9052 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
10:34:34.0741 9052 WDC_SAM - ok
10:34:34.0844 9052 WDDMService (e6050fe6b60fa91188b8abdb5b1e339f) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
10:34:34.0849 9052 WDDMService - ok
10:34:34.0965 9052 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
10:34:34.0973 9052 Wdf01000 - ok
10:34:35.0194 9052 WDFME (b83d5071b32a70bebdb3330bfa7acb80) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
10:34:35.0222 9052 WDFME - ok
10:34:35.0357 9052 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:35.0364 9052 WdiServiceHost - ok
10:34:35.0373 9052 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
10:34:35.0379 9052 WdiSystemHost - ok
10:34:35.0539 9052 WDSC (517de2c5568cba6b2a24a557ac60c30b) C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
10:34:35.0544 9052 WDSC - ok
10:34:35.0782 9052 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
10:34:35.0793 9052 WebClient - ok
10:34:35.0960 9052 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
10:34:35.0971 9052 Wecsvc - ok
10:34:36.0090 9052 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
10:34:36.0093 9052 wercplsupport - ok
10:34:36.0224 9052 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
10:34:36.0231 9052 WerSvc - ok
10:34:36.0365 9052 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
10:34:36.0367 9052 WfpLwf - ok
10:34:36.0550 9052 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
10:34:36.0552 9052 WimFltr - ok
10:34:36.0793 9052 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
10:34:36.0794 9052 WIMMount - ok
10:34:36.0836 9052 WinDefend - ok
10:34:36.0849 9052 WinHttpAutoProxySvc - ok
10:34:36.0945 9052 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
10:34:36.0949 9052 Winmgmt - ok
10:34:37.0116 9052 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
10:34:37.0164 9052 WinRM - ok
10:34:37.0388 9052 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
10:34:37.0389 9052 WinUsb - ok
10:34:37.0531 9052 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
10:34:37.0599 9052 Wlansvc - ok
10:34:37.0827 9052 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:34:37.0922 9052 wlidsvc - ok
10:34:38.0027 9052 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
10:34:38.0030 9052 wltrysvc - ok
10:34:38.0170 9052 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
10:34:38.0171 9052 WmiAcpi - ok
10:34:38.0302 9052 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
10:34:38.0306 9052 wmiApSrv - ok
10:34:38.0368 9052 WMPNetworkSvc - ok
10:34:38.0429 9052 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
10:34:38.0432 9052 WPCSvc - ok
10:34:38.0554 9052 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
10:34:38.0563 9052 WPDBusEnum - ok
10:34:38.0751 9052 WRkrn (fe968f708d64be5d92ebfcdbb89b0425) C:\Windows\system32\drivers\WRkrn.sys
10:34:38.0754 9052 WRkrn - ok
10:34:38.0887 9052 WRSVC (5d378c81545d4780a3b0dec4242987e8) C:\Program Files\Webroot\WRSA.exe
10:34:38.0900 9052 WRSVC - ok
10:34:39.0003 9052 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
10:34:39.0006 9052 ws2ifsl - ok
10:34:39.0106 9052 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
10:34:39.0110 9052 wscsvc - ok
10:34:39.0803 9052 WSearch - ok
10:34:40.0385 9052 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
10:34:40.0443 9052 wuauserv - ok
10:34:40.0556 9052 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
10:34:40.0558 9052 WudfPf - ok
10:34:40.0678 9052 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:34:40.0683 9052 WUDFRd - ok
10:34:40.0755 9052 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
10:34:40.0759 9052 wudfsvc - ok
10:34:40.0793 9052 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
10:34:40.0798 9052 WwanSvc - ok
10:34:40.0910 9052 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
10:34:40.0918 9052 yukonw7 - ok
10:34:40.0985 9052 MBR (0x1B8) (26c611ce4c493ac0e047e7ca91fe7637) \Device\Harddisk0\DR0
10:34:41.0011 9052 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
10:34:41.0011 9052 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
10:34:42.0702 9052 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
10:34:42.0702 9052 \Device\Harddisk0\DR0 - detected TDSS File System (1)
10:34:42.0737 9052 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
10:34:42.0738 9052 \Device\Harddisk0\DR0\Partition0 - ok
10:34:42.0749 9052 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
10:34:42.0752 9052 \Device\Harddisk0\DR0\Partition1 - ok
10:34:42.0753 9052 ============================================================
10:34:42.0753 9052 Scan finished
10:34:42.0753 9052 ============================================================
10:34:42.0783 3320 Detected object count: 3
10:34:42.0784 3320 Actual detected object count: 3
10:35:05.0794 3320 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
10:35:05.0794 3320 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
10:35:05.0925 3320 \Device\Harddisk0\DR0\# - copied to quarantine
10:35:05.0929 3320 \Device\Harddisk0\DR0 - copied to quarantine
10:35:05.0998 3320 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
10:35:06.0006 3320 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
10:35:06.0047 3320 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
10:35:06.0064 3320 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
10:35:06.0070 3320 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
10:35:06.0077 3320 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
10:35:06.0083 3320 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
10:35:06.0094 3320 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
10:35:06.0112 3320 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
10:35:06.0485 3320 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
10:35:06.0512 3320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
10:35:06.0513 3320 \Device\Harddisk0\DR0 - ok
10:35:07.0397 3320 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
10:35:07.0397 3320 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
10:35:07.0397 3320 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-04-02 12:10:40
Windows 6.1.7601 Service Pack 1
Running: pn6xxrgp.exe


---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\quantv2[6].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\logCA324L1F.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\logCA9VQ9H3.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\logCAFYNC3P.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\logCAMSZBS5.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\service[9].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\svrGP[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\adc_boost_7000_linedesk_300x250[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\healthcare-featured-solutions[1].aspx 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\hp-med-archiving-120[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\p_29647_128_72[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\3f607664de721290a5b7ebb42b399096[1].gif 36025 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\accountable-care-120x130[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\AdId=2624228;BnId=1;ct=4063324743;st=812;adcid=1;itime=389544977;reqtype=5;[1] 1 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\right_column_header_bg[2].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\gradient_browse_light[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\adserver_adtechus_com[1].xml 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\play-free-flash-game-dark-cut[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0MKMY7OZ\play-free-flash-game-skill-stack[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\AdId=2450037;BnId=1;ct=4090042499;st=967;adcid=1;itime=389571637;reqtype=5;[1] 1 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1333389646390[1] 619 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\CC667_Cityscape55Off_728x90_LA[1].jpg 35352 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\c[3].gif 43 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\4ed95b6c7b9aa11f65001408_1328751751_cFdcaTy7bIhuGdv1iZQv24B5NGE-150x150[1].jpg 11227 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\300x250_mock28_triad_greyBG[1].png 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\ads[10].js 9368 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\adriana-lima-smiling-picture[1].jpg 7994 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\1[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\form_bg[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\smart_tag[2].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\1-Sapphire_AC_D_Zenith_88231_TravelDine40K_160x600_Banner[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1M0YKHFZ\inpageGlobalTemplate_v2_67_05[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75FHBDJ\flc[1].htm 999 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75FHBDJ\adsCABWN1HF 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75FHBDJ\play-free-flash-game-3dsuperball[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\A75FHBDJ\play-free-flash-game-jeeves[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\control[2].xml 39090 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\p-01-0VIaSjnOLg[1].gif 35 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\CSG_GSL_ENG_20120125_01_engadgetFeed_V2_728x90[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\c[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\st[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\surly[3].js 2078 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\t2d-healthcare[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\gogopets[1].swf 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\search[1].htm 233 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\ADTECH;loc=100;target=_blank;misc=1333389667161[1] 286 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\%7Bcommon,util,geocoder%7D[1].js 57068 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\3_15_728x90-RidingToys[1].jpg 39751 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\ping[5].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\pixel!t=1469![1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\timthumb[6].php 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\state[1].css 957 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\icon_comment[2].gif 94 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\play-free-sports-flash-game-skater-boy[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\3389576,12697f24fc8d249,noc,ax.;;sz=300x250;net=cm;ord1=903984;dcopt=ist;cmw=owl;contx=noc;an=;bu=;br=;dc=d;btg=;ord=0[1].26974100491752506 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\GeocodeService[1].Search 3537 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\x[3].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\init[2] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\pixel_adsafeprotected_com[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H1FTFDI4\play-free-flash-game-hotbloodboxing[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\%7Bmarker%7D[1].js 18274 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\st[1].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\ExternalAdNetworkViewlogLogServlet[1].txt 10 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\creative[2].xml 2549 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\ViewportInfoService[1].GetViewportInfo 16051 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\vt[6].png 27535 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\log[11].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\play-free-flash-game-microboats[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\play-free-flash-game-rebounce[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\getSegment[3].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\logCAMZDW3D.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\ADTECH;loc=100;target=_blank;misc=1333389666734[1] 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\ad_imp[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\ad_imp[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\p-01-0VIaSjnOLg[2].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\new-york[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\datapair[1].gif 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\r[1].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\search[1].htm 233 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\if[1].txt 367 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M0MBYP1B\service[9].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\logCAQ66STD.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\7270_PennzoilTim160x600[1].jpg 27885 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\1308851785837[1].png 3915 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\search[2].htm 2152 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\25057_c_clickpayz_com[1].txt 155 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\anna-paquin-10179-1[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\anna-paquin-699-5[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\wpop[1].pli 13517 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\80deefc84b721a52cd8d543d5d40a505[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\tr-clk[1].htm 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PDHT7EUD\true-blood-030511-10[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\4e4e97755e73d6699a00001b_1319712722_underworld-new-dawn-original-136x190[1].jpg 11168 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\AdId=2450037;BnId=1;ct=4132737542;st=822;adcid=1;itime=389614156;reqtype=5;[1] 1 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\ADTECH;loc=100;target=_blank;key=key1+key2+key3+key4;grp=[group];misc=1333389690499[1] 398 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\4ef9152b19c2957669004cd4_1328751903_djB0SEm6nQcxqbGD93CzZpdoZdk-136x190[1].jpg 13324 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\4ef9c9c619c295766900582c_1328751909_dBNNQD9jQzOkVM43oBb4NqujULb-136x190[1].jpg 9025 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\getjs[5].aspx 8929 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\Android_Walking_109479_160x600_032112[1].swf 44066 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\count[3].json 140 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\log[11].txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\jilsander-eve[1].jpg 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Q52567EN\dvtp_src[4].js 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MF2KM2G7.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QCQ1VH64.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\GU8HHPIH.txt 0 bytes

---- EOF - GMER 1.0.15 ----

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 12:11:39
-----------------------------
12:11:39.138 OS Version: Windows x64 6.1.7601 Service Pack 1
12:11:39.139 Number of processors: 3 586 0x503
12:11:39.140 ComputerName: BRANDON-PC UserName: Brandon
12:11:44.135 Initialize success
12:12:40.465 AVAST engine defs: 12040201
12:12:47.372 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
12:12:47.377 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
12:12:47.383 Device \Driver\atapi -> MajorFunction fffffa80052e35c4
12:12:47.390 Disk 0 MBR read successfully
12:12:47.396 Disk 0 MBR scan
12:12:47.401 Disk 0 MBR:Alureon-M [Rtk]
12:12:47.404 Disk 0 TDL4@MBR code has been found
12:12:47.407 Disk 0 Windows 7 default MBR code found via API
12:12:47.410 Disk 0 MBR hidden
12:12:47.427 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
12:12:47.445 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
12:12:47.467 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
12:12:47.481 Disk 0 MBR [TDL4] **ROOTKIT**
12:12:47.490 Disk 0 trace - called modules:
12:12:47.496
12:12:52.157 AVAST engine scan C:\Windows
12:12:57.745 AVAST engine scan C:\Windows\system32
12:18:45.112 AVAST engine scan C:\Windows\system32\drivers
12:19:04.245 AVAST engine scan C:\Users\Brandon
12:23:47.978 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
12:23:47.985 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 02 April 2012 - 04:19 PM

Restart the PC and run aswmbr again and post the new log

good luck

#5 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 April 2012 - 08:15 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-02 18:31:57
-----------------------------
18:31:57.389 OS Version: Windows x64 6.1.7601 Service Pack 1
18:31:57.389 Number of processors: 3 586 0x503
18:31:57.389 ComputerName: BRANDON-PC UserName: Brandon
18:32:03.349 Initialize success
18:32:09.417 AVAST engine defs: 12040201
18:32:21.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:32:21.335 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
18:32:21.335 Device \Driver\atapi -> MajorFunction fffffa800529f5c4
18:32:21.367 Disk 0 MBR read successfully
18:32:21.382 Disk 0 MBR scan
18:32:21.585 Disk 0 MBR:Alureon-M [Rtk]
18:32:21.585 Disk 0 TDL4@MBR code has been found
18:32:21.601 Disk 0 Windows 7 default MBR code found via API
18:32:21.601 Disk 0 MBR hidden
18:32:21.632 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
18:32:21.679 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
18:32:21.757 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
18:32:21.819 Disk 0 MBR [TDL4] **ROOTKIT**
18:32:21.835 Disk 0 trace - called modules:
18:32:21.850 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa800529f5c4]<<
18:32:21.850 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004860060]
18:32:21.866 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047cf060]
18:32:21.866 \Driver\atapi[0xfffffa8004df6cb0] -> IRP_MJ_CREATE -> 0xfffffa800529f5c4
18:32:32.458 AVAST engine scan C:\Windows
18:33:25.704 AVAST engine scan C:\Windows\system32
18:40:31.757 AVAST engine scan C:\Windows\system32\drivers
18:40:49.385 AVAST engine scan C:\Users\Brandon
18:59:50.406 File: C:\Users\Brandon\AppData\Local\Temp\3817.tmp **INFECTED** Win32:Malware-gen
19:04:45.029 File: C:\Users\Brandon\AppData\Roaming\Remote\dllx4.dll **INFECTED** Win32:Malware-gen
19:11:47.436 AVAST engine scan C:\ProgramData
19:14:11.814 Scan finished successfully
19:14:43.186 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
19:14:43.232 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"
19:15:37.496 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
19:15:37.512 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 02 April 2012 - 08:52 PM

Download

FIXTDSS

Launch it ,It may ask for restart,reboot the PC

On reboot let me know what it finds

#7 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 April 2012 - 09:28 PM

***Infected MBR detected

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 02 April 2012 - 10:39 PM

Click on repair

Run TDSSkiller now and post the log

Restart the PC and post the aswmbr log

good luck

#9 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 02 April 2012 - 11:06 PM

My computer powered down on its own without me clicking repair. When I powered it back on, I had to run TDSS Fix Tool again. This time it said:
Suspicious use of kernal callback but MBR appears intact. Repair not done. No infections were found.

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 02 April 2012 - 11:35 PM

Run TDSSkiller now

restart the PC

Run aswmbr and post the new log

Edited by narenxp, 02 April 2012 - 11:37 PM.


#11 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 03 April 2012 - 11:39 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 11:51:59
-----------------------------
11:51:59.149 OS Version: Windows x64 6.1.7601 Service Pack 1
11:51:59.149 Number of processors: 3 586 0x503
11:51:59.149 ComputerName: BRANDON-PC UserName: Brandon
11:52:04.858 Initialize success
11:52:16.934 AVAST engine defs: 12040201
11:52:20.880 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:52:20.880 Disk 0 Vendor: WDC_WD5000BEVT-75A0RT0 01.01A01 Size: 476940MB BusType: 11
11:52:20.896 Disk 0 MBR read successfully
11:52:20.912 Disk 0 MBR scan
11:52:20.912 Disk 0 Windows 7 default MBR code
11:52:20.974 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 100 MB offset 2048
11:52:20.990 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 206848
11:52:21.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461838 MB offset 30926848
11:52:21.146 Disk 0 scanning C:\Windows\system32\drivers
11:52:47.385 Service scanning
11:53:49.036 Modules scanning
11:53:49.036 Disk 0 trace - called modules:
11:53:49.052 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
11:53:49.052 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004886060]
11:53:49.067 3 CLASSPNP.SYS[fffff8800195743f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047f9060]
11:53:52.140 AVAST engine scan C:\Windows
11:54:00.970 AVAST engine scan C:\Windows\system32
12:02:00.064 AVAST engine scan C:\Windows\system32\drivers
12:02:21.529 AVAST engine scan C:\Users\Brandon
12:18:41.914 File: C:\Users\Brandon\AppData\Local\Temp\3817.tmp **INFECTED** Win32:Malware-gen
12:23:36.833 File: C:\Users\Brandon\AppData\Roaming\Remote\dllx4.dll **INFECTED** Win32:Malware-gen
12:34:10.823 AVAST engine scan C:\ProgramData
12:39:06.538 Scan finished successfully
12:39:32.324 Disk 0 MBR has been saved successfully to "C:\Users\Brandon\Desktop\MBR.dat"
12:39:32.324 The log file has been saved successfully to "C:\Users\Brandon\Desktop\aswMBR.txt"

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 03 April 2012 - 11:49 AM

good

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply


Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#13 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 03 April 2012 - 01:47 PM

C:\ProgramData\Microsoft\Windows\DRM\3612.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\ProgramData\Microsoft\Windows\DRM\3623.tmp Win64/Olmarik.AH trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.28.56\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\02.04.2012_10.32.58\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0000.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AD trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.KS trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AF trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AWO trojan cleaned by deleting - quarantined
C:\TDSSKiller_Quarantine\03.04.2012_11.42.18\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.X trojan cleaned by deleting - quarantined
C:\Users\Brandon\AppData\Roaming\Remote\dllx4.dll probably a variant of Win32/AutoRun.Spy.Ambler.NAH worm cleaned by deleting (after the next restart) - quarantined
Operating memory a variant of Win32/AutoRun.Spy.Ambler.NAH worm



MiniToolBox by Farbar Version: 18-01-2012
Ran by Brandon (administrator) on 03-04-2012 at 14:46:35
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "*.local,127.0.0.1:9421,"
"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

DW1501 Wireless-N WLAN Half-Mini Card = Wireless Network Connection (Connected)
Broadcom Virtual Wireless Adapter = Local Area Connection 2 (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Brandon-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : oc.cox.net

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 70-F1-A1-4C-2D-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom Virtual Wireless Adapter
Physical Address. . . . . . . . . : 70-F1-A1-4C-2D-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : oc.cox.net
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 70-F1-A1-4C-2D-93
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::51d8:56e6:e43d:5c5c%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.104(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, April 03, 2012 11:48:33 AM
Lease Expires . . . . . . . . . . : Wednesday, April 04, 2012 1:06:39 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 242282913
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-6C-C4-B5-F0-4D-A2-A9-AD-5B
DNS Servers . . . . . . . . . . . : 68.105.28.12
68.105.29.12
68.105.28.11
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.oc.cox.net:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{5EF5B77A-D585-4CFF-B943-5585FFB90564}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{58F15451-15C2-4E91-A7E2-064D79D2F637}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:24fc:101c:bbfb:781(Preferred)
Link-local IPv6 Address . . . . . : fe80::24fc:101c:bbfb:781%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: cdns2.cox.net
Address: 68.105.28.12

Name: google.com
Addresses: 74.125.227.0
74.125.227.1
74.125.227.2
74.125.227.3
74.125.227.4
74.125.227.5
74.125.227.6
74.125.227.7
74.125.227.8
74.125.227.9
74.125.227.14


Pinging google.com [74.125.227.14] with 32 bytes of data:
Reply from 74.125.227.14: bytes=32 time=47ms TTL=52
Reply from 74.125.227.14: bytes=32 time=45ms TTL=52

Ping statistics for 74.125.227.14:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 47ms, Average = 46ms
Server: cdns2.cox.net
Address: 68.105.28.12

Name: yahoo.com
Addresses: 209.191.122.70
72.30.38.140
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=427ms TTL=52
Reply from 98.139.183.24: bytes=32 time=449ms TTL=52

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 427ms, Maximum = 449ms, Average = 438ms
Server: cdns2.cox.net
Address: 68.105.28.12

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Request timed out.
Request timed out.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...70 f1 a1 4c 2d 93 ......Microsoft Virtual WiFi Miniport Adapter
13...70 f1 a1 4c 2d 93 ......Broadcom Virtual Wireless Adapter
12...70 f1 a1 4c 2d 93 ......DW1501 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
14...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.104 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.104 281
192.168.1.104 255.255.255.255 On-link 192.168.1.104 281
192.168.1.255 255.255.255.255 On-link 192.168.1.104 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.104 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.104 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:4137:9e76:24fc:101c:bbfb:781/128
On-link
12 281 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::24fc:101c:bbfb:781/128
On-link
12 281 fe80::51d8:56e6:e43d:5c5c/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/03/2012 01:09:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/03/2012 01:09:46 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2012 00:25:11 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Faulting module name: Skype.exe, version: 5.5.0.124, time stamp: 0x4e96a02b
Exception code: 0xc0000005
Fault offset: 0x001dae87
Faulting process id: 0x1144
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3

Error: (04/02/2012 05:47:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2012 05:47:53 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2012 05:47:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/02/2012 05:47:34 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1474943

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1474943

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (04/03/2012 01:06:44 PM) (Source: Service Control Manager) (User: )
Description: The Quest USB Hub Client Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/03/2012 11:36:41 AM) (Source: Service Control Manager) (User: )
Description: The WD File Management Shadow Engine service failed to start due to the following error:
%%1053

Error: (04/03/2012 11:36:41 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the WD File Management Shadow Engine service to connect.

Error: (04/03/2012 11:34:55 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 11:07:54 PM on ?4/?2/?2012 was unexpected.

Error: (04/02/2012 10:10:18 PM) (Source: Service Control Manager) (User: )
Description: The Server service terminated with the following error:
%%1115

Error: (04/02/2012 10:10:18 PM) (Source: Service Control Manager) (User: )
Description: The Power service terminated with service-specific error %%0.

Error: (04/02/2012 10:10:17 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1115

Error: (04/02/2012 10:09:58 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89919871e, 0xb3b7465eeb97c044, 0xfffff80000bc382c, 0x0000000000000001)C:\Windows\MEMORY.DMP040212-19250-01

Error: (04/02/2012 10:09:53 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:08:21 PM on ?4/?2/?2012 was unexpected.

Error: (04/02/2012 09:19:44 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:17:27 PM on ?4/?2/?2012 was unexpected.


Microsoft Office Sessions:
=========================
Error: (04/03/2012 01:09:50 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Brandon\Downloads\esetsmartinstaller_enu.exe

Error: (04/03/2012 01:09:46 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Brandon\Downloads\esetsmartinstaller_enu.exe

Error: (04/02/2012 00:25:11 PM) (Source: Application Error)(User: )
Description: Skype.exe5.5.0.1244e96a02bSkype.exe5.5.0.1244e96a02bc0000005001dae87114401cd10f569d1fb7bC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe9027dec5-7cf9-11e1-a908-935358f2bf37

Error: (04/02/2012 05:47:53 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (04/02/2012 05:47:53 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (04/02/2012 05:47:38 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (04/02/2012 05:47:34 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1474943

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1474943

Error: (04/01/2012 02:04:46 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


=========================== Installed Programs ============================

StoneRiver Life Portraits® ES
64 Bit HP CIO Components Installer (Version: 7.2.8)
6500_E709_eDocs (Version: 1.00.0000)
6500_E709_Help (Version: 1.00.0000)
6500_E709n (Version: 50.0.165.000)
Adobe Acrobat 9 Pro (Version: 9.5.0)
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR (Version: 2.5.1.17730)
Adobe Community Help (Version: 3.0.0)
Adobe Community Help (Version: 3.0.0.400)
Adobe Download Assistant (Version: 1.6.32)
Adobe Download Assistant (Version: v1.6beta.test32)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.1.102.55)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.62)
Adobe Media Player (Version: 1.8)
Adobe Photoshop CS (Version: CS)
Adobe Reader 9.2 (Version: 9.2.0)
Advanced Audio FX Engine (Version: 1.12.05)
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ATI Catalyst Install Manager (Version: 3.0.774.0)
Best Buy pc app (Version: 3.0.0.0)
BlackBerry Desktop Software 6.0.1 (Version: 6.0.1.18)
BlackBerry Device Software Updater (Version: 6.0.1.27)
Bonjour (Version: 3.0.0.10)
bpd_scan (Version: 3.00.0000)
BPDSoftware (Version: 50.0.165.000)
BPDSoftware_Ini (Version: 1.00.0000)
BufferChm (Version: 130.0.331.000)
businessKillers®ESv75 (Version: 7.5.0)
BusinessOfMedicine™v21 (Version: 2.1.0)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2010.0427.2150.37350)
Catalyst Control Center Graphics Full Existing (Version: 2010.0427.2150.37350)
Catalyst Control Center Graphics Full New (Version: 2010.0427.2150.37350)
Catalyst Control Center Graphics Light (Version: 2010.0427.2150.37350)
Catalyst Control Center Graphics Previews Common (Version: 2010.0427.2150.37350)
Catalyst Control Center Graphics Previews Vista (Version: 2010.0427.2150.37350)
Catalyst Control Center InstallProxy (Version: 2010.0427.2150.37350)
Catalyst Control Center Localization All (Version: 2010.0427.2150.37350)
ccc-core-static (Version: 2010.0427.2150.37350)
ccc-utility64 (Version: 2010.0427.2150.37350)
CCC Help Chinese Standard (Version: 2010.0427.2149.37350)
CCC Help Chinese Traditional (Version: 2010.0427.2149.37350)
CCC Help Czech (Version: 2010.0427.2149.37350)
CCC Help Danish (Version: 2010.0427.2149.37350)
CCC Help Dutch (Version: 2010.0427.2149.37350)
CCC Help English (Version: 2010.0427.2149.37350)
CCC Help Finnish (Version: 2010.0427.2149.37350)
CCC Help French (Version: 2010.0427.2149.37350)
CCC Help German (Version: 2010.0427.2149.37350)
CCC Help Greek (Version: 2010.0427.2149.37350)
CCC Help Hungarian (Version: 2010.0427.2149.37350)
CCC Help Italian (Version: 2010.0427.2149.37350)
CCC Help Japanese (Version: 2010.0427.2149.37350)
CCC Help Korean (Version: 2010.0427.2149.37350)
CCC Help Norwegian (Version: 2010.0427.2149.37350)
CCC Help Polish (Version: 2010.0427.2149.37350)
CCC Help Portuguese (Version: 2010.0427.2149.37350)
CCC Help Russian (Version: 2010.0427.2149.37350)
CCC Help Spanish (Version: 2010.0427.2149.37350)
CCC Help Swedish (Version: 2010.0427.2149.37350)
CCC Help Thai (Version: 2010.0427.2149.37350)
CCC Help Turkish (Version: 2010.0427.2149.37350)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
CSRS-FERS Benefits Calculator and Retirement Analyzer 2011 v11.05 (Version: v11.05)
D3DX10 (Version: 15.4.2368.0902)
D4300 (Version: 130.0.365.000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Communications (Support Software) (Version: 1.0.09094)
Dell DataSafe Local Backup - Support Software
Dell DataSafe Local Backup (Version: 9.4.51)
Dell Dock (Version: 2.0)
Dell Getting Started Guide (Version: 1.00.0000)
Dell Support Center (Support Software) (Version: 2.5.09100)
Dell Webcam Central (Version: 1.40.05)
Destinations (Version: 130.0.0.0)
DeviceDiscovery (Version: 130.0.465.000)
DJ_SF_03_D4300_Software_Min (Version: 130.0.365.000)
DocMgr (Version: 130.0.000.000)
DocProc (Version: 13.0.0.0)
DW WLAN Card Utility (Version: 5.60.48.35)
ESET Online Scanner v3
Fax (Version: 130.0.418.000)
Google Earth Plug-in (Version: 6.1.0.5001)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.3.2710.138)
Google Update Helper (Version: 1.3.21.111)
GoToAssist 8.0.0.514
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
GPBaseService2 (Version: 130.0.371.000)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (Version: 13.0)
HP Document Manager 2.0 (Version: 2.0)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Officejet 6500 E709 Series (Version: 13.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.51 (Version: 4.51)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 4.000.011.006)
HPPhotoGadget (Version: 130.0.282.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPProductAssistant (Version: 130.0.371.000)
HPSSupply (Version: 130.0.371.000)
IA American Universal Life (Version: 10.12.29)
Internet Explorer (Version: 8)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 20 (64-bit) (Version: 6.0.200)
Java™ 6 Update 30 (Version: 6.0.300)
Junk Mail filter update (Version: 15.4.3502.0922)
Lincoln DesignIt - Lincoln Financial Distributors
Live! Cam Avatar Creator (Version: 4.6.3009.1)
LPES Desktop - ANICO
MarketResearch (Version: 130.0.374.000)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Dynamics CRM 2011 English (United States) Language Pack (Version: 5.0.9690.1992)
Microsoft Dynamics CRM 2011 for Microsoft Office Outlook (Version: 5.0.9690.1992)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Online Services Sign-in Assistant (Version: 7.250.4287.0)
Microsoft ReportViewer 2010 Redistributable (Version: 10.0.30319)
Microsoft Search Enhancement Pack (Version: 3.0.133.0)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8082.0)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8082.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
Network Recording Player (Version: 2.23.2500)
Network64 (Version: 130.0.579.000)
Network64 (Version: 140.0.221.000)
OCR Software by I.R.I.S. 13.0 (Version: 13.0)
ProductContext (Version: 50.0.165.000)
QuickBooks (Version: 22.0.4005.2206)
QuickBooks Premier: Accountant Edition 2012 (Version: 22.0.4005.2206)
Quickset64 (Version: 10.5.0)
QuickTime (Version: 7.71.80.42)
Roxio Burn (Version: 1.01)
Scan (Version: 13.0.0.0)
SecuritiesPro Series 7 (remove only)
Shoeboxed Uploader (Version: 1.0.1)
Shop for HP Supplies (Version: 13.0)
Skype™ 5.5 (Version: 5.5.124)
SmartWebPrinting (Version: 130.0.457.000)
SolutionCenter (Version: 130.0.373.000)
Stamps.com
Stamps.com (Version: 8.8.3.2071)
Status (Version: 130.0.469.000)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 15.0.0.1)
Toolbox (Version: 130.0.648.000)
TrayApp (Version: 130.0.422.000)
TurboTax 2010 wcacbpm (Version: 010.000.0435)
TurboTax 2010 WinBizFedFormset (Version: 010.000.1622)
TurboTax 2010 WinBizReleaseEngine (Version: 010.000.0287)
TurboTax 2010 WinBizTaxSupport (Version: 010.000.1122)
TurboTax 2010 wrapper (Version: 010.000.0157)
TurboTax Business 2010
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
Update Rollup 6 for Microsoft Dynamics CRM for Outlook (KB2600640) (Version: 5.0.9690.1992)
vWorkspace Web Client (Version: 7.1.358)
WD SmartWare (Version: 1.4.5.5)
WebEx
WebReg (Version: 130.0.132.017)
Webroot SecureAnywhere (Version: 8.0.1.161)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 54%
Total physical RAM: 3835.93 MB
Available physical RAM: 1740.92 MB
Total Pagefile: 7670.04 MB
Available Pagefile: 5070.93 MB
Total Virtual: 4095.88 MB
Available Virtual: 3961.59 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:363.75 GB) NTFS

========================= Users: ========================================

User accounts for \\BRANDON-PC

Administrator Brandon Guest


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:11:35 PM

Posted 03 April 2012 - 01:54 PM

CLick on startmenu and type

cmd

right click and select run as administrator,now run this command


del /f /s /q "C:\Users\Brandon\AppData\Local\Temp\3817.tmp"

Go to C drive and make sure to delete TDSS quarantine folder

Download

TFC

Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off

Update your JAVA from here

http://java.com/en/download/inc/windows_upgrade_xpi.jsp


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#15 bmcdowell99

bmcdowell99
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 03 April 2012 - 02:27 PM

After I downloaded and ran TFC, my PC restarted. Once the PC restarted, a message appeared:

Run DLL

There was a problem starting
C:\Users\Brandon\AppData\Roaming\Remote\dllx4.dll

The specified module could not be found.

I did not click ok, but closed the window. I followed the instructions and turned off system restore, restart pc, create a new restore point. When I restarted, the same message appeared again.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users