1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Trojan dropper in Services.exe, constant internet re-directs and pop-ups, etc.

Discussion in 'Virus & Other Malware Removal' started by jgreggain, Jul 31, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    Hello,

    Thank you for your assistance in this. I'm kind of stumped as to how to fix this problem. My wife's not sure how she managed to infect her computer, but I first noticed that her homepage had changed to a ad-supported search engine, and that she was getting a lot of popups. I also am getting a ton of re-directs when I click on links in Google. On top of that, there has been wi-fi dropouts and the connection hasn't always been as quick as I think it should be.

    MSE found some errors, but couldn't do anything about them and then stopped working altogether. I disabled it, and installed AVG-Free, which found several pieces of malware, a whole bunch of rootkits, and a trojan dropper in my services.exe file, which it can't do anything about. I asked it to fix all the other errors, but that one remains (and it seems to create other threats periodically). I've attached the requested logfiles, and patiently await your assistance. Thanks again!

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:59:53 PM, on 7/30/2012
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16447)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    C:\Users\Jessica\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O2 - BHO: Codecv - {6EBC27EA-F982-436F-98CB-E7563CC94B01} - C:\ProgramData\Codecv\bhoclass.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    O4 - HKLM\..\Run: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    O4 - HKLM\..\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    O4 - HKLM\..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    O4 - HKLM\..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    O4 - HKLM\..\RunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    O4 - HKLM\..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://vista.bellevuecollege.edu
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    O18 - Protocol: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - AppInit_DLLs:
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Dell DataSafe Online (NOBU) - Dell, Inc. - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    O23 - Service: RoxMediaDB12OEM - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 16414 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Jessica at 21:00:26 on 2012-07-30
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6050.3343 [GMT -7:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\system32\WLANExt.exe
    C:\windows\system32\conhost.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\windows\Explorer.EXE
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    -netsvcs
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\windows\system32\conhost.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\DellTPad\Apoint.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\windows\system32\wbem\unsecapp.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files\DellTPad\ApMsgFwd.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files\DellTPad\HidFind.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\DellTPad\Apntex.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_268_ActiveX.exe
    "C:\windows\SysWOW64\svchost.exe" -k LocalServiceDns
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = https://www.google.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: Codecv Class: {6ebc27ea-f982-436f-98cb-e7563cc94b01} - C:\ProgramData\Codecv\bhoclass.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe
    StartupFolder: C:\Users\Jessica\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    LSP: mswsock.dll
    Trusted Zone: bellevuecollege.edu\vista
    DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
    TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
    TCP: Interfaces\{3CE2B2FE-F93F-44EB-931F-9EB66219B3E3} : DhcpNameServer = 24.116.2.50 24.116.2.34
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    AppInit_DLLs:
    mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: Codecv Class: {6EBC27EA-F982-436F-98CB-E7563CC94B01} - C:\ProgramData\Codecv\bhoclass.dll
    BHO-X64: Codecv - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [(Default)]
    mRun-x64: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun-x64: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun-x64: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900
    mRun-x64: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
    mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce-x64: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce-x64: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    AppInit_DLLs-X64:
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\windows\system32\DRIVERS\avgidsha.sys --> C:\windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\windows\system32\DRIVERS\avgrkx64.sys --> C:\windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\windows\system32\Drivers\PxHlpa64.sys --> C:\windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\windows\system32\DRIVERS\avgldx64.sys --> C:\windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\windows\system32\DRIVERS\avgmfx64.sys --> C:\windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\windows\system32\DRIVERS\avgtdia.sys --> C:\windows\system32\DRIVERS\avgtdia.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-16 89600]
    R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-9-15 1166848]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-5-19 921664]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-5-19 995392]
    R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-6-3 134928]
    R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-6-19 173056]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-16 13336]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-16 689472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\windows\system32\DRIVERS\TurboB.sys --> C:\windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-16 2655768]
    R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\system32\DRIVERS\AMPPAL.sys --> C:\windows\system32\DRIVERS\AMPPAL.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\windows\system32\DRIVERS\avgidsdrivera.sys --> C:\windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\windows\system32\DRIVERS\avgidsfiltera.sys --> C:\windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-5-19 1335360]
    R3 btmaudio;Intel Bluetooth Audio Service;C:\windows\system32\drivers\btmaud.sys --> C:\windows\system32\drivers\btmaud.sys [?]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\system32\DRIVERS\btmaux.sys --> C:\windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\windows\system32\DRIVERS\btmhsf.sys --> C:\windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\system32\DRIVERS\CtClsFlt.sys --> C:\windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\system32\DRIVERS\iBtFltCoex.sys --> C:\windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 iwdbus;IWD Bus Enumerator;C:\windows\system32\DRIVERS\iwdbus.sys --> C:\windows\system32\DRIVERS\iwdbus.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface ;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 tihub3;TI USB3 Hub Service;C:\windows\system32\DRIVERS\tihub3.sys --> C:\windows\system32\DRIVERS\tihub3.sys [?]
    R3 tixhci;TI XHCI Service;C:\windows\system32\DRIVERS\tixhci.sys --> C:\windows\system32\DRIVERS\tixhci.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-9 136176]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 250056]
    S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\system32\DRIVERS\amppal.sys --> C:\windows\system32\DRIVERS\amppal.sys [?]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudbus.sys --> C:\windows\system32\DRIVERS\ssudbus.sys [?]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-4-9 136176]
    S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\system32\drivers\intelaud.sys --> C:\windows\system32\drivers\intelaud.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-9-15 340240]
    S3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\system32\DRIVERS\ssudmdm.sys --> C:\windows\system32\DRIVERS\ssudmdm.sys [?]
    S3 StorSvc;Storage Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\system32\Drivers\usbaapl64.sys --> C:\windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-31 02:12:49 -------- d-----w- C:\Users\Jessica\AppData\Roaming\AVG2012
    2012-07-31 02:10:48 -------- d-----w- C:\windows\SysWow64\drivers\AVG
    2012-07-31 02:10:32 -------- d--h--w- C:\$AVG
    2012-07-31 02:10:32 -------- d-----w- C:\windows\System32\drivers\AVG
    2012-07-31 02:10:32 -------- d-----w- C:\ProgramData\AVG2012
    2012-07-31 02:09:59 -------- d-----w- C:\Program Files (x86)\AVG
    2012-07-31 02:07:02 -------- d--h--w- C:\ProgramData\Common Files
    2012-07-31 02:07:02 -------- d-----w- C:\ProgramData\MFAData
    2012-07-31 01:06:45 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{DB071E31-8335-4A0E-908C-CD6DC77DC7DF}\mpengine.dll
    2012-07-28 19:38:31 927800 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4CD19F5F-B033-4B22-A34E-25FA65CAAA7C}\gapaengine.dll
    2012-07-28 19:38:19 9133488 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-28 08:39:44 -------- d-----w- C:\Users\Jessica\Library
    2012-07-28 08:39:43 -------- d-----w- C:\Users\Jessica\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
    2012-07-28 08:39:35 -------- d-----w- C:\Program Files (x86)\YNAB 4
    2012-07-28 01:59:58 -------- d-----w- C:\windows\Microsoft Antimalware
    2012-07-26 05:48:29 20480 ----a-w- C:\windows\svchost.exe
    2012-07-25 18:46:55 328704 ----a-w- C:\windows\System32\services.exe.DC5B71678BF0A7E5
    2012-07-25 18:43:24 328704 ----a-w- C:\windows\System32\services.exe.579F25BF8D8D5A3C
    2012-07-25 18:40:36 328704 ----a-w- C:\windows\System32\services.exe.E676D4A756B33022
    2012-07-25 06:30:07 -------- d-sh--w- C:\windows\SysWow64\%APPDATA%
    2012-07-12 10:07:53 3148800 ----a-w- C:\windows\System32\win32k.sys
    2012-07-12 04:12:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine(3).dll
    2012-07-12 04:12:21 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine(2).dll
    2012-07-09 06:32:51 -------- d-----w- C:\Program Files\iPod
    2012-07-09 06:32:48 -------- d-----w- C:\Program Files\iTunes
    2012-07-09 06:32:48 -------- d-----w- C:\Program Files (x86)\iTunes
    .
    ==================== Find3M ====================
    .
    2012-07-28 03:15:26 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-28 03:15:26 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19:42 186752 ----a-w- C:\windows\System32\wuwebv.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\windows\System32\wucltux.dll
    2012-06-02 22:15:12 36864 ----a-w- C:\windows\System32\wuapp.exe
    2012-06-02 22:15:08 99840 ----a-w- C:\windows\System32\wudriver.dll
    2012-06-02 12:12:17 2311680 ----a-w- C:\windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2012-05-04 11:06:22 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    .
    ============= FINISH: 21:01:55.84 ===============
     

    Attached Files:

  2. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    Thought I'd be pro-active and run combofix while waiting for someone to pick this issue up, but I get the BSOD when I try to run it. Have tried 2x now, with anti-virus turned off, and got the BSOD both times. Please advise.
     
  3. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain, welcome to the forum.


    To make cleaning this machine easier
    • Please do not uninstall/install any programs unless asked to
      It is more difficult when files/programs are appearing in/disappearing from the logs.
    • Please do not run any scans other than those requested
    • Please follow all instructions in the order posted
    • All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
    • Do not attach any logs/reports, etc.. unless specifically requested to do so.
    • If you have problems with or do not understand the instructions, Please ask before continuing.
    • Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.
    Please do not run combofix on your own. It's a very powerful tool and can create problems should things go wrong.


    Download the latest version of TDSSKiller from here and save it to your Desktop.


    Please read through these instructions before running the tool.

    Do not use delete if offered as an option. Use skip instead.


    • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

      [​IMG]
    • Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

      [​IMG]
    • Click the Start Scan button.

      [​IMG]
    • If a suspicious object is detected, the default action will be Skip, click on Continue.

      [​IMG]
    • If malicious objects are found, they will show in the Scan results and offer three (3) options.
    • Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

      [​IMG]
    • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
     
  4. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    Thank you for helping me. I have completed what you asked, and the log is attached.


    21:10:34.0171 4628 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    21:10:34.0594 4628 ============================================================
    21:10:34.0595 4628 Current date / time: 2012/07/31 21:10:34.0594
    21:10:34.0595 4628 SystemInfo:
    21:10:34.0595 4628
    21:10:34.0595 4628 OS Version: 6.1.7601 ServicePack: 1.0
    21:10:34.0595 4628 Product type: Workstation
    21:10:34.0595 4628 ComputerName: SOLOVLES-PC
    21:10:34.0596 4628 UserName: Jessica
    21:10:34.0596 4628 Windows directory: C:\windows
    21:10:34.0596 4628 System windows directory: C:\windows
    21:10:34.0596 4628 Running under WOW64
    21:10:34.0596 4628 Processor architecture: Intel x64
    21:10:34.0596 4628 Number of processors: 4
    21:10:34.0596 4628 Page size: 0x1000
    21:10:34.0596 4628 Boot type: Normal boot
    21:10:34.0596 4628 ============================================================
    21:10:35.0669 4628 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    21:10:35.0684 4628 ============================================================
    21:10:35.0684 4628 \Device\Harddisk0\DR0:
    21:10:35.0685 4628 MBR partitions:
    21:10:35.0685 4628 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
    21:10:35.0686 4628 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
    21:10:35.0686 4628 ============================================================
    21:10:35.0868 4628 C: <-> \Device\Harddisk0\DR0\Partition1
    21:10:35.0868 4628 ============================================================
    21:10:35.0868 4628 Initialize success
    21:10:35.0868 4628 ============================================================
    21:10:48.0797 5804 ============================================================
    21:10:48.0797 5804 Scan started
    21:10:48.0797 5804 Mode: Manual; SigCheck; TDLFS;
    21:10:48.0797 5804 ============================================================
    21:10:54.0492 5804 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    21:10:54.0639 5804 1394ohci - ok
    21:10:54.0703 5804 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    21:10:54.0719 5804 ACPI - ok
    21:10:54.0755 5804 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    21:10:54.0807 5804 AcpiPmi - ok
    21:10:54.0929 5804 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    21:10:54.0951 5804 AdobeARMservice - ok
    21:10:55.0072 5804 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    21:10:55.0083 5804 AdobeFlashPlayerUpdateSvc - ok
    21:10:55.0243 5804 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    21:10:55.0314 5804 adp94xx - ok
    21:10:55.0367 5804 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    21:10:55.0392 5804 adpahci - ok
    21:10:55.0414 5804 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    21:10:55.0427 5804 adpu320 - ok
    21:10:55.0467 5804 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    21:10:55.0540 5804 AeLookupSvc - ok
    21:10:55.0624 5804 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    21:10:55.0634 5804 AESTFilters - ok
    21:10:55.0710 5804 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    21:10:55.0742 5804 AFD - ok
    21:10:55.0775 5804 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    21:10:55.0786 5804 agp440 - ok
    21:10:55.0818 5804 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    21:10:55.0879 5804 ALG - ok
    21:10:55.0914 5804 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    21:10:55.0923 5804 aliide - ok
    21:10:55.0948 5804 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    21:10:55.0957 5804 amdide - ok
    21:10:55.0980 5804 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    21:10:56.0018 5804 AmdK8 - ok
    21:10:56.0028 5804 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    21:10:56.0095 5804 AmdPPM - ok
    21:10:56.0144 5804 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    21:10:56.0175 5804 amdsata - ok
    21:10:56.0202 5804 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    21:10:56.0239 5804 amdsbs - ok
    21:10:56.0257 5804 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    21:10:56.0266 5804 amdxata - ok
    21:10:56.0314 5804 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys
    21:10:56.0385 5804 AMPPAL - ok
    21:10:56.0402 5804 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys
    21:10:56.0424 5804 AMPPALP - ok
    21:10:56.0561 5804 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    21:10:56.0601 5804 AMPPALR3 - ok
    21:10:56.0705 5804 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
    21:10:56.0717 5804 ApfiltrService - ok
    21:10:56.0756 5804 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    21:10:56.0810 5804 AppID - ok
    21:10:56.0853 5804 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    21:10:56.0912 5804 AppIDSvc - ok
    21:10:56.0950 5804 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    21:10:57.0004 5804 Appinfo - ok
    21:10:57.0128 5804 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    21:10:57.0141 5804 Apple Mobile Device - ok
    21:10:57.0206 5804 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
    21:10:57.0280 5804 AppMgmt - ok
    21:10:57.0309 5804 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    21:10:57.0320 5804 arc - ok
    21:10:57.0344 5804 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    21:10:57.0357 5804 arcsas - ok
    21:10:57.0470 5804 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    21:10:57.0483 5804 aspnet_state - ok
    21:10:57.0514 5804 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    21:10:57.0566 5804 AsyncMac - ok
    21:10:57.0622 5804 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    21:10:57.0634 5804 atapi - ok
    21:10:57.0698 5804 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    21:10:57.0748 5804 AudioEndpointBuilder - ok
    21:10:57.0753 5804 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    21:10:57.0786 5804 AudioSrv - ok
    21:10:58.0114 5804 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    21:10:58.0231 5804 AVGIDSAgent - ok
    21:10:58.0322 5804 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
    21:10:58.0332 5804 AVGIDSDriver - ok
    21:10:58.0361 5804 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
    21:10:58.0370 5804 AVGIDSFilter - ok
    21:10:58.0382 5804 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
    21:10:58.0392 5804 AVGIDSHA - ok
    21:10:58.0432 5804 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
    21:10:58.0444 5804 Avgldx64 - ok
    21:10:58.0467 5804 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
    21:10:58.0475 5804 Avgmfx64 - ok
    21:10:58.0503 5804 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
    21:10:58.0512 5804 Avgrkx64 - ok
    21:10:58.0556 5804 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
    21:10:58.0573 5804 Avgtdia - ok
    21:10:58.0777 5804 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    21:10:58.0790 5804 avgwd - ok
    21:10:58.0838 5804 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    21:10:58.0890 5804 AxInstSV - ok
    21:10:58.0940 5804 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    21:10:59.0019 5804 b06bdrv - ok
    21:10:59.0052 5804 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    21:10:59.0095 5804 b57nd60a - ok
    21:10:59.0205 5804 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    21:10:59.0266 5804 BDESVC - ok
    21:10:59.0279 5804 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    21:10:59.0347 5804 Beep - ok
    21:10:59.0381 5804 BFE - ok
    21:10:59.0409 5804 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    21:10:59.0441 5804 blbdrive - ok
    21:10:59.0558 5804 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    21:10:59.0573 5804 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
    21:10:59.0573 5804 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
    21:10:59.0632 5804 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    21:10:59.0649 5804 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
    21:10:59.0650 5804 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
    21:10:59.0715 5804 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    21:10:59.0730 5804 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
    21:10:59.0730 5804 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
    21:10:59.0828 5804 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    21:10:59.0843 5804 Bonjour Service - ok
    21:11:00.0001 5804 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    21:11:00.0041 5804 bowser - ok
    21:11:00.0091 5804 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    21:11:00.0131 5804 BrFiltLo - ok
    21:11:00.0141 5804 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    21:11:00.0211 5804 BrFiltUp - ok
    21:11:00.0256 5804 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    21:11:00.0316 5804 Browser - ok
    21:11:00.0376 5804 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    21:11:00.0411 5804 Brserid - ok
    21:11:00.0421 5804 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    21:11:00.0461 5804 BrSerWdm - ok
    21:11:00.0466 5804 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    21:11:00.0526 5804 BrUsbMdm - ok
    21:11:00.0531 5804 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    21:11:00.0551 5804 BrUsbSer - ok
    21:11:00.0576 5804 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
    21:11:00.0616 5804 BthEnum - ok
    21:11:00.0626 5804 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    21:11:00.0651 5804 BTHMODEM - ok
    21:11:00.0686 5804 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
    21:11:00.0721 5804 BthPan - ok
    21:11:00.0781 5804 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
    21:11:00.0836 5804 BTHPORT - ok
    21:11:00.0869 5804 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    21:11:00.0942 5804 bthserv - ok
    21:11:01.0043 5804 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    21:11:01.0054 5804 BTHSSecurityMgr - ok
    21:11:01.0072 5804 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
    21:11:01.0109 5804 BTHUSB - ok
    21:11:01.0202 5804 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
    21:11:01.0362 5804 btmaudio - ok
    21:11:01.0401 5804 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
    21:11:01.0429 5804 btmaux - ok
    21:11:01.0475 5804 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys
    21:11:01.0517 5804 btmhsf - ok
    21:11:01.0564 5804 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    21:11:01.0627 5804 cdfs - ok
    21:11:01.0683 5804 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    21:11:01.0732 5804 cdrom - ok
    21:11:01.0784 5804 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    21:11:01.0866 5804 CertPropSvc - ok
    21:11:01.0917 5804 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    21:11:01.0958 5804 circlass - ok
    21:11:02.0031 5804 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    21:11:02.0048 5804 CLFS - ok
    21:11:02.0113 5804 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    21:11:02.0125 5804 clr_optimization_v2.0.50727_32 - ok
    21:11:02.0165 5804 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    21:11:02.0179 5804 clr_optimization_v2.0.50727_64 - ok
    21:11:02.0236 5804 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    21:11:02.0248 5804 clr_optimization_v4.0.30319_32 - ok
    21:11:02.0333 5804 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    21:11:02.0342 5804 clr_optimization_v4.0.30319_64 - ok
    21:11:02.0374 5804 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    21:11:02.0433 5804 CmBatt - ok
    21:11:02.0463 5804 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    21:11:02.0476 5804 cmdide - ok
    21:11:02.0512 5804 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
    21:11:02.0571 5804 CNG - ok
    21:11:02.0604 5804 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    21:11:02.0621 5804 Compbatt - ok
    21:11:02.0655 5804 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    21:11:02.0676 5804 CompositeBus - ok
    21:11:02.0684 5804 COMSysApp - ok
    21:11:02.0696 5804 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    21:11:02.0710 5804 crcdisk - ok
    21:11:02.0750 5804 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
    21:11:02.0804 5804 CryptSvc - ok
    21:11:02.0889 5804 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
    21:11:02.0970 5804 CSC - ok
    21:11:03.0015 5804 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
    21:11:03.0080 5804 CscService - ok
    21:11:03.0422 5804 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\windows\system32\DRIVERS\CtClsFlt.sys
    21:11:03.0439 5804 CtClsFlt - ok
    21:11:03.0484 5804 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    21:11:03.0582 5804 DcomLaunch - ok
    21:11:03.0662 5804 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    21:11:03.0743 5804 defragsvc - ok
    21:11:03.0839 5804 DellDigitalDelivery (18b5c959cbe24d4d4c2381efb87611de) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    21:11:03.0844 5804 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
    21:11:03.0844 5804 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
    21:11:03.0884 5804 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    21:11:03.0940 5804 DfsC - ok
    21:11:03.0997 5804 dg_ssudbus (df27e4f282f5ed66d01abe2935a60778) C:\windows\system32\DRIVERS\ssudbus.sys
    21:11:04.0017 5804 dg_ssudbus - ok
    21:11:04.0070 5804 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    21:11:04.0137 5804 Dhcp - ok
    21:11:04.0169 5804 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    21:11:04.0228 5804 discache - ok
    21:11:04.0274 5804 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    21:11:04.0288 5804 Disk - ok
    21:11:04.0336 5804 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    21:11:04.0398 5804 Dnscache - ok
    21:11:04.0460 5804 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    21:11:04.0542 5804 dot3svc - ok
    21:11:04.0561 5804 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    21:11:04.0633 5804 DPS - ok
    21:11:04.0684 5804 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    21:11:04.0718 5804 drmkaud - ok
    21:11:04.0784 5804 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    21:11:04.0811 5804 DXGKrnl - ok
    21:11:04.0854 5804 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    21:11:04.0918 5804 EapHost - ok
    21:11:04.0930 5804 easytether - ok
    21:11:05.0040 5804 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    21:11:05.0167 5804 ebdrv - ok
    21:11:05.0267 5804 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    21:11:05.0282 5804 EFS - ok
    21:11:05.0352 5804 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    21:11:05.0550 5804 ehRecvr - ok
    21:11:05.0580 5804 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    21:11:05.0599 5804 ehSched - ok
    21:11:05.0679 5804 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    21:11:05.0714 5804 elxstor - ok
    21:11:05.0718 5804 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    21:11:05.0762 5804 ErrDev - ok
    21:11:05.0824 5804 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    21:11:05.0903 5804 EventSystem - ok
    21:11:06.0155 5804 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    21:11:06.0181 5804 EvtEng - ok
    21:11:06.0292 5804 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    21:11:06.0323 5804 exfat - ok
    21:11:06.0370 5804 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    21:11:06.0427 5804 fastfat - ok
    21:11:06.0535 5804 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    21:11:06.0618 5804 Fax - ok
    21:11:06.0635 5804 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    21:11:06.0668 5804 fdc - ok
    21:11:06.0712 5804 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    21:11:06.0744 5804 fdPHost - ok
    21:11:06.0773 5804 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    21:11:06.0809 5804 FDResPub - ok
    21:11:06.0843 5804 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    21:11:06.0853 5804 FileInfo - ok
    21:11:06.0870 5804 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    21:11:06.0922 5804 Filetrace - ok
    21:11:06.0946 5804 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    21:11:06.0958 5804 flpydisk - ok
    21:11:06.0982 5804 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    21:11:06.0997 5804 FltMgr - ok
    21:11:07.0046 5804 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    21:11:07.0205 5804 FontCache - ok
    21:11:07.0267 5804 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    21:11:07.0277 5804 FontCache3.0.0.0 - ok
    21:11:07.0333 5804 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    21:11:07.0344 5804 FsDepends - ok
    21:11:07.0368 5804 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
    21:11:07.0377 5804 Fs_Rec - ok
    21:11:07.0415 5804 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    21:11:07.0430 5804 fvevol - ok
    21:11:07.0469 5804 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    21:11:07.0479 5804 gagp30kx - ok
    21:11:07.0555 5804 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    21:11:07.0569 5804 GamesAppService - ok
    21:11:07.0603 5804 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    21:11:07.0609 5804 GEARAspiWDM - ok
    21:11:07.0659 5804 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    21:11:07.0720 5804 gpsvc - ok
    21:11:07.0778 5804 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:11:07.0787 5804 gupdate - ok
    21:11:07.0790 5804 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    21:11:07.0798 5804 gupdatem - ok
    21:11:07.0822 5804 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    21:11:07.0908 5804 hcw85cir - ok
    21:11:08.0040 5804 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    21:11:08.0090 5804 HdAudAddService - ok
    21:11:08.0120 5804 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    21:11:08.0133 5804 HDAudBus - ok
    21:11:08.0145 5804 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    21:11:08.0156 5804 HidBatt - ok
    21:11:08.0179 5804 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    21:11:08.0220 5804 HidBth - ok
    21:11:08.0229 5804 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    21:11:08.0247 5804 HidIr - ok
    21:11:08.0302 5804 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
    21:11:08.0381 5804 hidserv - ok
    21:11:08.0424 5804 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
    21:11:08.0456 5804 HidUsb - ok
    21:11:08.0470 5804 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    21:11:08.0522 5804 hkmsvc - ok
    21:11:08.0549 5804 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    21:11:08.0637 5804 HomeGroupListener - ok
    21:11:08.0703 5804 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    21:11:08.0742 5804 HomeGroupProvider - ok
    21:11:08.0804 5804 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    21:11:08.0824 5804 HpSAMD - ok
    21:11:08.0873 5804 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    21:11:08.0946 5804 HTTP - ok
    21:11:08.0980 5804 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    21:11:08.0991 5804 hwpolicy - ok
    21:11:09.0040 5804 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    21:11:09.0058 5804 i8042prt - ok
    21:11:09.0650 5804 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
    21:11:09.0667 5804 iaStor - ok
    21:11:09.0961 5804 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    21:11:09.0970 5804 IAStorDataMgrSvc - ok
    21:11:10.0041 5804 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    21:11:10.0071 5804 iaStorV - ok
    21:11:10.0105 5804 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys
    21:11:10.0143 5804 iBtFltCoex - ok
    21:11:10.0298 5804 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    21:11:10.0338 5804 idsvc - ok
    21:11:10.0802 5804 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
    21:11:11.0453 5804 igfx - ok
    21:11:12.0428 5804 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    21:11:12.0441 5804 iirsp - ok
    21:11:12.0904 5804 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    21:11:13.0793 5804 IKEEXT - ok
    21:11:14.0115 5804 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
    21:11:14.0136 5804 intaud_WaveExtensible - ok
    21:11:14.0381 5804 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
    21:11:14.0407 5804 IntcDAud - ok
    21:11:14.0466 5804 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    21:11:14.0498 5804 intelide - ok
    21:11:14.0868 5804 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    21:11:14.0992 5804 intelppm - ok
    21:11:15.0433 5804 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    21:11:15.0904 5804 IPBusEnum - ok
    21:11:16.0232 5804 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    21:11:16.0278 5804 IpFilterDriver - ok
    21:11:16.0371 5804 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    21:11:16.0462 5804 IPMIDRV - ok
    21:11:16.0941 5804 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    21:11:17.0027 5804 IPNAT - ok
    21:11:19.0049 5804 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    21:11:19.0071 5804 iPod Service - ok
    21:11:19.0140 5804 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    21:11:19.0492 5804 IRENUM - ok
    21:11:19.0795 5804 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    21:11:19.0803 5804 isapnp - ok
    21:11:19.0942 5804 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    21:11:20.0000 5804 iScsiPrt - ok
    21:11:20.0022 5804 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
    21:11:20.0032 5804 iwdbus - ok
    21:11:20.0060 5804 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    21:11:20.0091 5804 kbdclass - ok
    21:11:20.0118 5804 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    21:11:20.0187 5804 kbdhid - ok
    21:11:20.0278 5804 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    21:11:20.0301 5804 KeyIso - ok
    21:11:20.0337 5804 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
    21:11:20.0361 5804 KSecDD - ok
    21:11:20.0406 5804 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
    21:11:20.0416 5804 KSecPkg - ok
    21:11:20.0453 5804 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    21:11:20.0518 5804 ksthunk - ok
    21:11:20.0571 5804 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    21:11:20.0644 5804 KtmRm - ok
    21:11:20.0699 5804 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
    21:11:20.0782 5804 LanmanServer - ok
    21:11:20.0827 5804 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    21:11:20.0878 5804 LanmanWorkstation - ok
    21:11:20.0922 5804 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    21:11:20.0984 5804 lltdio - ok
    21:11:21.0040 5804 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    21:11:21.0100 5804 lltdsvc - ok
    21:11:21.0153 5804 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    21:11:21.0208 5804 lmhosts - ok
    21:11:21.0476 5804 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    21:11:21.0487 5804 LMS - ok
    21:11:21.0520 5804 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    21:11:21.0534 5804 LSI_FC - ok
    21:11:21.0562 5804 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    21:11:21.0577 5804 LSI_SAS - ok
    21:11:21.0591 5804 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    21:11:21.0605 5804 LSI_SAS2 - ok
    21:11:21.0625 5804 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    21:11:21.0638 5804 LSI_SCSI - ok
    21:11:21.0671 5804 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    21:11:21.0743 5804 luafv - ok
    21:11:21.0799 5804 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    21:11:21.0812 5804 Mcx2Svc - ok
    21:11:21.0827 5804 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    21:11:21.0837 5804 megasas - ok
    21:11:21.0861 5804 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    21:11:21.0877 5804 MegaSR - ok
    21:11:21.0914 5804 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    21:11:21.0925 5804 MEIx64 - ok
    21:11:21.0953 5804 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    21:11:22.0013 5804 MMCSS - ok
    21:11:22.0066 5804 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    21:11:22.0138 5804 Modem - ok
    21:11:22.0222 5804 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    21:11:22.0257 5804 monitor - ok
    21:11:22.0330 5804 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    21:11:22.0338 5804 mouclass - ok
    21:11:22.0500 5804 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
    21:11:22.0636 5804 mouhid - ok
    21:11:22.0705 5804 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    21:11:22.0714 5804 mountmgr - ok
    21:11:22.0810 5804 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
    21:11:22.0825 5804 MpFilter - ok
    21:11:22.0847 5804 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    21:11:22.0865 5804 mpio - ok
    21:11:23.0083 5804 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    21:11:23.0133 5804 mpsdrv - ok
    21:11:23.0462 5804 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    21:11:23.0520 5804 MRxDAV - ok
    21:11:23.0905 5804 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    21:11:24.0030 5804 mrxsmb - ok
    21:11:24.0708 5804 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    21:11:24.0738 5804 mrxsmb10 - ok
    21:11:24.0869 5804 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    21:11:24.0886 5804 mrxsmb20 - ok
    21:11:25.0006 5804 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
    21:11:25.0017 5804 msahci - ok
    21:11:25.0511 5804 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    21:11:25.0523 5804 msdsm - ok
    21:11:25.0860 5804 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    21:11:25.0897 5804 MSDTC - ok
    21:11:25.0991 5804 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    21:11:26.0020 5804 Msfs - ok
    21:11:26.0040 5804 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    21:11:26.0095 5804 mshidkmdf - ok
    21:11:26.0121 5804 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    21:11:26.0131 5804 msisadrv - ok
    21:11:26.0155 5804 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    21:11:26.0214 5804 MSiSCSI - ok
    21:11:26.0217 5804 msiserver - ok
    21:11:26.0255 5804 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    21:11:26.0315 5804 MSKSSRV - ok
    21:11:26.0337 5804 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    21:11:26.0396 5804 MSPCLOCK - ok
    21:11:26.0421 5804 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    21:11:26.0485 5804 MSPQM - ok
    21:11:26.0556 5804 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    21:11:26.0568 5804 MsRPC - ok
    21:11:26.0591 5804 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    21:11:26.0602 5804 mssmbios - ok
    21:11:26.0633 5804 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    21:11:26.0679 5804 MSTEE - ok
    21:11:26.0700 5804 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    21:11:26.0717 5804 MTConfig - ok
    21:11:26.0732 5804 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    21:11:26.0744 5804 Mup - ok
    21:11:26.0839 5804 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    21:11:26.0856 5804 MyWiFiDHCPDNS - ok
    21:11:26.0912 5804 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    21:11:27.0057 5804 napagent - ok
    21:11:28.0195 5804 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    21:11:28.0231 5804 NativeWifiP - ok
    21:11:28.0744 5804 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
    21:11:28.0764 5804 NAUpdate - ok
    21:11:29.0001 5804 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
    21:11:29.0020 5804 NDIS - ok
    21:11:29.0190 5804 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    21:11:29.0463 5804 NdisCap - ok
    21:11:29.0691 5804 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    21:11:29.0720 5804 NdisTapi - ok
    21:11:29.0765 5804 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    21:11:29.0818 5804 Ndisuio - ok
    21:11:29.0850 5804 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    21:11:29.0898 5804 NdisWan - ok
    21:11:29.0937 5804 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    21:11:29.0984 5804 NDProxy - ok
    21:11:30.0029 5804 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    21:11:30.0058 5804 NetBIOS - ok
    21:11:30.0102 5804 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    21:11:30.0132 5804 NetBT - ok
    21:11:30.0151 5804 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    21:11:30.0163 5804 Netlogon - ok
    21:11:30.0206 5804 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    21:11:30.0264 5804 Netman - ok
    21:11:30.0350 5804 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:11:30.0361 5804 NetMsmqActivator - ok
    21:11:30.0373 5804 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:11:30.0385 5804 NetPipeActivator - ok
    21:11:30.0420 5804 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    21:11:30.0483 5804 netprofm - ok
    21:11:30.0486 5804 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:11:30.0494 5804 NetTcpActivator - ok
    21:11:30.0500 5804 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    21:11:30.0508 5804 NetTcpPortSharing - ok
    21:11:30.0882 5804 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys
    21:11:31.0290 5804 NETwNs64 - ok
    21:11:31.0532 5804 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    21:11:31.0553 5804 nfrd960 - ok
    21:11:31.0617 5804 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
    21:11:31.0627 5804 NisDrv - ok
    21:11:31.0729 5804 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
    21:11:31.0758 5804 NisSrv - ok
    21:11:31.0806 5804 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    21:11:31.0866 5804 NlaSvc - ok
    21:11:32.0098 5804 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    21:11:32.0144 5804 NOBU - ok
    21:11:32.0232 5804 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    21:11:32.0261 5804 Npfs - ok
    21:11:32.0285 5804 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    21:11:32.0341 5804 nsi - ok
    21:11:32.0380 5804 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    21:11:32.0421 5804 nsiproxy - ok
    21:11:32.0489 5804 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    21:11:32.0520 5804 Ntfs - ok
    21:11:32.0608 5804 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    21:11:32.0654 5804 Null - ok
    21:11:32.0677 5804 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    21:11:32.0691 5804 nvraid - ok
    21:11:32.0712 5804 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    21:11:32.0724 5804 nvstor - ok
    21:11:32.0749 5804 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    21:11:32.0762 5804 nv_agp - ok
    21:11:32.0774 5804 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    21:11:32.0824 5804 ohci1394 - ok
    21:11:32.0911 5804 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    21:11:32.0922 5804 ose - ok
    21:11:33.0544 5804 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    21:11:33.0691 5804 osppsvc - ok
    21:11:33.0813 5804 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    21:11:33.0916 5804 p2pimsvc - ok
    21:11:33.0943 5804 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    21:11:33.0978 5804 p2psvc - ok
    21:11:34.0034 5804 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    21:11:34.0052 5804 Parport - ok
    21:11:34.0083 5804 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
    21:11:34.0096 5804 partmgr - ok
    21:11:34.0122 5804 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    21:11:34.0163 5804 PcaSvc - ok
    21:11:34.0199 5804 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    21:11:34.0213 5804 pci - ok
    21:11:34.0227 5804 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
    21:11:34.0240 5804 pciide - ok
    21:11:34.0260 5804 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    21:11:34.0277 5804 pcmcia - ok
    21:11:34.0295 5804 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    21:11:34.0308 5804 pcw - ok
    21:11:34.0348 5804 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    21:11:34.0440 5804 PEAUTH - ok
    21:11:34.0541 5804 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
    21:11:34.0634 5804 PeerDistSvc - ok
    21:11:34.0706 5804 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    21:11:34.0757 5804 PerfHost - ok
    21:11:34.0883 5804 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    21:11:35.0006 5804 pla - ok
    21:11:35.0345 5804 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    21:11:35.0494 5804 PlugPlay - ok
    21:11:35.0601 5804 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    21:11:35.0683 5804 PNRPAutoReg - ok
    21:11:35.0770 5804 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    21:11:35.0784 5804 PNRPsvc - ok
    21:11:35.0846 5804 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    21:11:35.0925 5804 PolicyAgent - ok
    21:11:35.0970 5804 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll
    21:11:36.0057 5804 Power - ok
    21:11:36.0119 5804 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    21:11:36.0182 5804 PptpMiniport - ok
    21:11:36.0220 5804 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    21:11:36.0267 5804 Processor - ok
    21:11:36.0330 5804 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
    21:11:36.0393 5804 ProfSvc - ok
    21:11:36.0423 5804 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    21:11:36.0433 5804 ProtectedStorage - ok
    21:11:36.0482 5804 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    21:11:36.0549 5804 Psched - ok
    21:11:36.0608 5804 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
    21:11:36.0618 5804 PxHlpa64 - ok
    21:11:36.0678 5804 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    21:11:36.0748 5804 ql2300 - ok
    21:11:36.0823 5804 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    21:11:36.0837 5804 ql40xx - ok
    21:11:36.0894 5804 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    21:11:36.0928 5804 QWAVE - ok
    21:11:36.0945 5804 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    21:11:36.0977 5804 QWAVEdrv - ok
    21:11:36.0987 5804 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    21:11:37.0081 5804 RasAcd - ok
    21:11:37.0361 5804 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    21:11:37.0418 5804 RasAgileVpn - ok
    21:11:37.0445 5804 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    21:11:37.0508 5804 RasAuto - ok
    21:11:37.0542 5804 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    21:11:37.0586 5804 Rasl2tp - ok
    21:11:37.0626 5804 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    21:11:37.0687 5804 RasMan - ok
    21:11:37.0708 5804 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    21:11:37.0775 5804 RasPppoe - ok
    21:11:37.0803 5804 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    21:11:37.0864 5804 RasSstp - ok
    21:11:37.0901 5804 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    21:11:37.0969 5804 rdbss - ok
    21:11:37.0992 5804 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
    21:11:38.0029 5804 rdpbus - ok
    21:11:38.0069 5804 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    21:11:38.0124 5804 RDPCDD - ok
    21:11:38.0169 5804 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
    21:11:38.0194 5804 RDPDR - ok
    21:11:38.0211 5804 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    21:11:38.0280 5804 RDPENCDD - ok
    21:11:38.0313 5804 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    21:11:38.0339 5804 RDPREFMP - ok
    21:11:38.0389 5804 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
    21:11:38.0420 5804 RDPWD - ok
    21:11:38.0447 5804 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    21:11:38.0461 5804 rdyboost - ok
    21:11:38.0578 5804 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    21:11:38.0608 5804 RegSrvc - ok
    21:11:38.0650 5804 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    21:11:38.0733 5804 RemoteAccess - ok
    21:11:38.0764 5804 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    21:11:38.0804 5804 RemoteRegistry - ok
    21:11:38.0868 5804 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
    21:11:38.0913 5804 RFCOMM - ok
    21:11:39.0066 5804 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    21:11:39.0121 5804 RoxMediaDB12OEM - ok
    21:11:39.0358 5804 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    21:11:39.0369 5804 RoxWatch12 - ok
    21:11:39.0469 5804 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    21:11:39.0511 5804 RpcEptMapper - ok
    21:11:39.0537 5804 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    21:11:39.0552 5804 RpcLocator - ok
    21:11:39.0595 5804 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    21:11:39.0630 5804 RpcSs - ok
    21:11:39.0706 5804 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    21:11:39.0758 5804 rspndr - ok
    21:11:39.0847 5804 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
    21:11:39.0861 5804 RSUSBSTOR - ok
    21:11:39.0914 5804 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
    21:11:39.0929 5804 RTL8167 - ok
    21:11:39.0945 5804 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    21:11:39.0957 5804 SamSs - ok
    21:11:39.0984 5804 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    21:11:39.0999 5804 sbp2port - ok
    21:11:40.0027 5804 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    21:11:40.0079 5804 SCardSvr - ok
    21:11:40.0105 5804 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    21:11:40.0174 5804 scfilter - ok
    21:11:40.0350 5804 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    21:11:40.0455 5804 Schedule - ok
    21:11:40.0491 5804 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    21:11:40.0535 5804 SCPolicySvc - ok
    21:11:40.0566 5804 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    21:11:40.0640 5804 SDRSVC - ok
    21:11:40.0688 5804 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    21:11:40.0738 5804 secdrv - ok
    21:11:40.0768 5804 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    21:11:40.0799 5804 seclogon - ok
    21:11:40.0828 5804 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
    21:11:40.0884 5804 SENS - ok
    21:11:40.0913 5804 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    21:11:41.0022 5804 SensrSvc - ok
    21:11:41.0041 5804 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    21:11:41.0076 5804 Serenum - ok
    21:11:41.0168 5804 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    21:11:41.0257 5804 Serial - ok
    21:11:41.0341 5804 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    21:11:41.0376 5804 sermouse - ok
    21:11:41.0440 5804 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    21:11:41.0512 5804 SessionEnv - ok
    21:11:41.0535 5804 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    21:11:41.0552 5804 sffdisk - ok
    21:11:41.0577 5804 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    21:11:41.0634 5804 sffp_mmc - ok
    21:11:41.0638 5804 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    21:11:41.0661 5804 sffp_sd - ok
    21:11:41.0691 5804 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    21:11:41.0750 5804 sfloppy - ok
    21:11:41.0895 5804 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    21:11:41.0910 5804 SftService - ok
    21:11:41.0950 5804 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    21:11:42.0018 5804 ShellHWDetection - ok
    21:11:42.0059 5804 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    21:11:42.0072 5804 SiSRaid2 - ok
    21:11:42.0171 5804 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    21:11:42.0184 5804 SiSRaid4 - ok
    21:11:42.0244 5804 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    21:11:42.0254 5804 SkypeUpdate - ok
    21:11:42.0281 5804 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    21:11:42.0345 5804 Smb - ok
    21:11:42.0400 5804 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    21:11:42.0443 5804 SNMPTRAP - ok
    21:11:42.0481 5804 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    21:11:42.0488 5804 spldr - ok
    21:11:42.0518 5804 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    21:11:42.0556 5804 Spooler - ok
    21:11:42.0714 5804 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    21:11:42.0768 5804 sppsvc - ok
    21:11:42.0853 5804 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    21:11:42.0890 5804 sppuinotify - ok
    21:11:42.0949 5804 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    21:11:42.0992 5804 srv - ok
    21:11:43.0032 5804 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    21:11:43.0065 5804 srv2 - ok
    21:11:43.0225 5804 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    21:11:43.0323 5804 srvnet - ok
    21:11:43.0364 5804 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    21:11:43.0425 5804 SSDPSRV - ok
    21:11:43.0475 5804 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    21:11:43.0512 5804 SstpSvc - ok
    21:11:43.0551 5804 ssudmdm (5e20a963c80ae5fe49bdfb52cc511072) C:\windows\system32\DRIVERS\ssudmdm.sys
    21:11:43.0566 5804 ssudmdm - ok
    21:11:43.0653 5804 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
    21:11:43.0677 5804 STacSV - ok
    21:11:43.0704 5804 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    21:11:43.0714 5804 stexstor - ok
    21:11:43.0775 5804 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
    21:11:43.0815 5804 STHDA - ok
    21:11:43.0894 5804 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    21:11:43.0917 5804 stisvc - ok
    21:11:43.0975 5804 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    21:11:43.0984 5804 stllssvr - ok
    21:11:44.0009 5804 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
    21:11:44.0063 5804 StorSvc - ok
    21:11:44.0091 5804 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    21:11:44.0102 5804 swenum - ok
    21:11:44.0156 5804 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    21:11:44.0227 5804 swprv - ok
    21:11:44.0329 5804 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    21:11:44.0396 5804 SysMain - ok
    21:11:44.0515 5804 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    21:11:44.0537 5804 TabletInputService - ok
    21:11:44.0557 5804 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    21:11:44.0636 5804 TapiSrv - ok
    21:11:44.0662 5804 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    21:11:44.0698 5804 TBS - ok
    21:11:44.0861 5804 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
    21:11:44.0893 5804 Tcpip - ok
    21:11:45.0080 5804 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
    21:11:45.0123 5804 TCPIP6 - ok
    21:11:46.0248 5804 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    21:11:46.0303 5804 tcpipreg - ok
    21:11:46.0354 5804 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    21:11:46.0372 5804 TDPIPE - ok
    21:11:46.0396 5804 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    21:11:46.0439 5804 TDTCP - ok
    21:11:46.0461 5804 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    21:11:46.0493 5804 tdx - ok
    21:11:46.0523 5804 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    21:11:46.0534 5804 TermDD - ok
    21:11:46.0588 5804 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    21:11:46.0683 5804 TermService - ok
    21:11:46.0714 5804 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    21:11:46.0730 5804 Themes - ok
    21:11:46.0763 5804 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    21:11:46.0811 5804 THREADORDER - ok
    21:11:46.0856 5804 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
    21:11:46.0867 5804 tihub3 - ok
    21:11:46.0905 5804 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
    21:11:46.0923 5804 tixhci - ok
    21:11:46.0950 5804 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    21:11:47.0000 5804 TrkWks - ok
    21:11:47.0077 5804 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    21:11:47.0134 5804 TrustedInstaller - ok
    21:11:47.0188 5804 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    21:11:47.0243 5804 tssecsrv - ok
    21:11:47.0292 5804 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    21:11:47.0319 5804 TsUsbFlt - ok
    21:11:47.0336 5804 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    21:11:47.0351 5804 TsUsbGD - ok
    21:11:47.0384 5804 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    21:11:47.0450 5804 tunnel - ok
    21:11:47.0512 5804 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
    21:11:47.0520 5804 TurboB - ok
    21:11:47.0571 5804 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    21:11:47.0585 5804 TurboBoost - ok
    21:11:47.0616 5804 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    21:11:47.0630 5804 uagp35 - ok
    21:11:47.0652 5804 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    21:11:47.0733 5804 udfs - ok
    21:11:47.0776 5804 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    21:11:47.0810 5804 UI0Detect - ok
    21:11:47.0823 5804 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    21:11:47.0832 5804 uliagpkx - ok
    21:11:47.0894 5804 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    21:11:47.0932 5804 umbus - ok
    21:11:47.0936 5804 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    21:11:47.0958 5804 UmPass - ok
    21:11:48.0015 5804 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
    21:11:48.0054 5804 UmRdpService - ok
    21:11:48.0222 5804 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    21:11:48.0269 5804 UNS - ok
    21:11:48.0396 5804 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    21:11:48.0462 5804 upnphost - ok
    21:11:48.0549 5804 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
    21:11:48.0612 5804 USBAAPL64 - ok
    21:11:48.0641 5804 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
    21:11:48.0699 5804 usbccgp - ok
    21:11:48.0733 5804 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    21:11:48.0751 5804 usbcir - ok
    21:11:48.0767 5804 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    21:11:48.0805 5804 usbehci - ok
    21:11:48.0902 5804 usbhub (8b892002d7b79312821169a14317ab86) C:\windows\system32\DRIVERS\usbhub.sys
    21:11:48.0954 5804 usbhub - ok
    21:11:49.0010 5804 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    21:11:49.0043 5804 usbohci - ok
    21:11:49.0074 5804 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    21:11:49.0112 5804 usbprint - ok
    21:11:49.0161 5804 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    21:11:49.0219 5804 USBSTOR - ok
    21:11:49.0242 5804 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    21:11:49.0274 5804 usbuhci - ok
    21:11:49.0322 5804 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    21:11:49.0338 5804 usbvideo - ok
    21:11:49.0361 5804 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
    21:11:49.0399 5804 usb_rndisx - ok
    21:11:49.0447 5804 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    21:11:49.0482 5804 UxSms - ok
    21:11:49.0510 5804 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    21:11:49.0522 5804 VaultSvc - ok
    21:11:49.0558 5804 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    21:11:49.0566 5804 vdrvroot - ok
    21:11:49.0615 5804 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    21:11:49.0676 5804 vds - ok
    21:11:49.0723 5804 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    21:11:49.0761 5804 vga - ok
    21:11:49.0798 5804 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    21:11:49.0895 5804 VgaSave - ok
    21:11:49.0930 5804 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    21:11:49.0959 5804 vhdmp - ok
    21:11:49.0964 5804 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    21:11:49.0977 5804 viaide - ok
    21:11:50.0008 5804 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    21:11:50.0020 5804 volmgr - ok
    21:11:50.0041 5804 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    21:11:50.0056 5804 volmgrx - ok
    21:11:50.0081 5804 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
    21:11:50.0095 5804 volsnap - ok
    21:11:50.0131 5804 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    21:11:50.0146 5804 vsmraid - ok
    21:11:50.0225 5804 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    21:11:50.0292 5804 VSS - ok
    21:11:50.0394 5804 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    21:11:50.0435 5804 vwifibus - ok
    21:11:50.0473 5804 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    21:11:50.0490 5804 vwififlt - ok
    21:11:50.0511 5804 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    21:11:50.0528 5804 vwifimp - ok
    21:11:50.0567 5804 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    21:11:50.0623 5804 W32Time - ok
    21:11:50.0668 5804 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    21:11:50.0699 5804 WacomPen - ok
    21:11:50.0750 5804 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    21:11:50.0823 5804 WANARP - ok
    21:11:50.0846 5804 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    21:11:50.0881 5804 Wanarpv6 - ok
    21:11:50.0997 5804 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    21:11:51.0060 5804 WatAdminSvc - ok
    21:11:51.0146 5804 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    21:11:51.0310 5804 wbengine - ok
    21:11:51.0455 5804 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    21:11:51.0476 5804 WbioSrvc - ok
    21:11:51.0538 5804 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    21:11:51.0593 5804 wcncsvc - ok
    21:11:51.0634 5804 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    21:11:51.0659 5804 WcsPlugInService - ok
    21:11:51.0706 5804 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    21:11:51.0719 5804 Wd - ok
    21:11:51.0755 5804 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    21:11:51.0774 5804 Wdf01000 - ok
    21:11:51.0821 5804 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    21:11:52.0072 5804 WdiServiceHost - ok
    21:11:52.0075 5804 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    21:11:52.0100 5804 WdiSystemHost - ok
    21:11:52.0145 5804 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    21:11:52.0189 5804 WebClient - ok
    21:11:52.0240 5804 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    21:11:52.0309 5804 Wecsvc - ok
    21:11:52.0332 5804 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    21:11:52.0373 5804 wercplsupport - ok
    21:11:52.0404 5804 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    21:11:52.0469 5804 WerSvc - ok
    21:11:52.0540 5804 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    21:11:52.0577 5804 WfpLwf - ok
    21:11:52.0618 5804 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
    21:11:52.0636 5804 WimFltr - ok
    21:11:52.0650 5804 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    21:11:52.0664 5804 WIMMount - ok
    21:11:52.0683 5804 WinHttpAutoProxySvc - ok
    21:11:52.0739 5804 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    21:11:52.0777 5804 Winmgmt - ok
    21:11:52.0881 5804 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    21:11:52.0998 5804 WinRM - ok
    21:11:53.0187 5804 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
    21:11:53.0202 5804 WinUsb - ok
    21:11:53.0264 5804 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    21:11:53.0290 5804 Wlansvc - ok
    21:11:53.0371 5804 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    21:11:53.0382 5804 wlcrasvc - ok
    21:11:53.0496 5804 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    21:11:53.0540 5804 wlidsvc - ok
    21:11:53.0640 5804 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    21:11:53.0669 5804 WmiAcpi - ok
    21:11:53.0743 5804 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    21:11:53.0771 5804 wmiApSrv - ok
    21:11:53.0815 5804 WMPNetworkSvc - ok
    21:11:53.0872 5804 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    21:11:53.0917 5804 WPCSvc - ok
    21:11:53.0932 5804 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    21:11:53.0944 5804 WPDBusEnum - ok
    21:11:53.0962 5804 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    21:11:53.0989 5804 ws2ifsl - ok
    21:11:53.0991 5804 WSearch - ok
    21:11:54.0074 5804 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    21:11:54.0128 5804 WudfPf - ok
    21:11:54.0181 5804 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    21:11:54.0227 5804 WUDFRd - ok
    21:11:54.0284 5804 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    21:11:54.0321 5804 wudfsvc - ok
    21:11:54.0371 5804 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    21:11:54.0437 5804 WwanSvc - ok
    21:11:54.0525 5804 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    21:11:54.0590 5804 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    21:11:54.0590 5804 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    21:11:55.0189 5804 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    21:11:55.0189 5804 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    21:11:55.0192 5804 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
    21:11:55.0194 5804 \Device\Harddisk0\DR0\Partition0 - ok
    21:11:55.0216 5804 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
    21:11:55.0218 5804 \Device\Harddisk0\DR0\Partition1 - ok
    21:11:55.0219 5804 ============================================================
    21:11:55.0219 5804 Scan finished
    21:11:55.0219 5804 ============================================================
    21:11:55.0229 1824 Detected object count: 6
    21:11:55.0229 1824 Actual detected object count: 6
    21:13:13.0084 1824 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
    21:13:13.0084 1824 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:13:13.0084 1824 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
    21:13:13.0084 1824 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:13:13.0084 1824 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
    21:13:13.0084 1824 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:13:13.0084 1824 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
    21:13:13.0084 1824 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
    21:13:13.0814 1824 \Device\Harddisk0\DR0\# - copied to quarantine
    21:13:13.0814 1824 \Device\Harddisk0\DR0 - copied to quarantine
    21:13:14.0154 1824 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    21:13:14.0164 1824 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    21:13:14.0174 1824 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    21:13:14.0184 1824 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    21:13:14.0234 1824 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    21:13:14.0254 1824 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    21:13:14.0254 1824 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    21:13:14.0254 1824 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    21:13:14.0264 1824 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    21:13:14.0264 1824 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    21:13:14.0264 1824 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    21:13:14.0274 1824 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    21:13:14.0274 1824 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    21:13:14.0274 1824 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    21:13:14.0304 1824 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
    21:13:14.0344 1824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    21:13:14.0344 1824 \Device\Harddisk0\DR0 - ok
    21:13:14.0464 1824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    21:13:14.0464 1824 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    21:13:14.0464 1824 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
    21:13:46.0296 3384 Deinitialize success
     
  5. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain,

    Please delete the copy of combofix you have and download a new copy from
    Link 1


    * IMPORTANT !!! Save ComboFix.exe to your Desktop
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : How to Disable your Security Programs
    • Right click on ComboFix.exe, click Run as Administrator & follow the prompts.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. If after running combofix you recieve an message "Illegal operation attempted on a registery key that has been marked for deletion" or similar reboot the computer.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Please post back with the combofix log.
    Thanks
     
  6. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    ComboFix 12-07-31.03 - Jessica 08/01/2012 20:48:41.2.4 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6050.3967 [GMT -7:00]
    Running from: c:\users\Jessica\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Jessica\AppData\Local\Temp\{4EC1D43A-9946-4188-9E48-DBA4DA06673F}\fpb.tmp
    .
    ---- Previous Run -------
    .
    c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll
    c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll
    c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll
    c:\programdata\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
    c:\programdata\Roaming
    c:\windows\assembly\GAC_32\Desktop.ini
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\00000004.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\L\201d3dde
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000004.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\00000008.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\000000cb.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000000.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000032.@
    c:\windows\Installer\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\U\80000064.@
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-02 03:54 . 2012-08-02 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-01 04:13 . 2012-08-01 04:13 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-07-31 02:12 . 2012-07-31 02:12 -------- d-----w- c:\users\Jessica\AppData\Roaming\AVG2012
    2012-07-31 02:10 . 2012-07-31 02:10 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-07-31 02:10 . 2012-08-01 04:11 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-07-31 02:10 . 2012-07-31 03:48 -------- d-----w- c:\programdata\AVG2012
    2012-07-31 02:10 . 2012-07-31 02:10 -------- d-----w- C:\$AVG
    2012-07-31 02:09 . 2012-07-31 02:09 -------- d-----w- c:\program files (x86)\AVG
    2012-07-31 02:07 . 2012-08-01 04:11 -------- d-----w- c:\programdata\MFAData
    2012-07-31 02:07 . 2012-07-31 02:07 -------- d--h--w- c:\programdata\Common Files
    2012-07-31 01:06 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DB071E31-8335-4A0E-908C-CD6DC77DC7DF}\mpengine.dll
    2012-07-28 19:38 . 2012-07-28 19:38 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4CD19F5F-B033-4B22-A34E-25FA65CAAA7C}\gapaengine.dll
    2012-07-28 19:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-07-28 08:39 . 2012-07-28 08:39 -------- d-----w- c:\users\Jessica\Library
    2012-07-28 08:39 . 2012-07-28 08:39 -------- d-----w- c:\users\Jessica\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
    2012-07-28 08:39 . 2012-07-28 08:39 -------- d-----w- c:\program files (x86)\YNAB 4
    2012-07-28 01:59 . 2012-07-28 01:59 -------- d-----w- c:\windows\Microsoft Antimalware
    2012-07-25 18:46 . 2012-07-25 18:46 328704 ----a-w- c:\windows\system32\services.exe.DC5B71678BF0A7E5
    2012-07-25 18:43 . 2012-07-25 18:43 328704 ----a-w- c:\windows\system32\services.exe.579F25BF8D8D5A3C
    2012-07-25 18:40 . 2012-07-25 18:40 328704 ----a-w- c:\windows\system32\services.exe.E676D4A756B33022
    2012-07-25 06:30 . 2012-07-25 06:30 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-07-25 06:22 . 2012-07-25 06:22 -------- d-----w- c:\windows\Sun
    2012-07-12 10:07 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 10:02 . 2012-06-02 12:12 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-07-12 04:12 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine(3).dll
    2012-07-12 04:12 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine(2).dll
    2012-07-09 06:32 . 2012-07-09 06:32 -------- d-----w- c:\program files\iPod
    2012-07-09 06:32 . 2012-07-09 09:08 -------- d-----w- c:\program files\iTunes
    2012-07-09 06:32 . 2012-07-09 09:08 -------- d-----w- c:\program files (x86)\iTunes
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-28 03:15 . 2012-03-30 04:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-28 03:15 . 2011-12-17 06:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-12 10:03 . 2012-03-30 03:08 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-06-02 22:19 . 2012-06-26 03:23 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-26 03:23 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-26 03:23 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-26 03:23 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-26 03:22 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 22:19 . 2012-06-26 03:23 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-26 03:23 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-26 03:22 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 22:15 . 2012-06-26 03:23 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-05-31 21:28 . 2012-05-31 21:28 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
    2012-05-26 17:08 . 2012-05-07 04:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2012-05-26 17:07 . 2012-05-07 04:47 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2012-05-26 17:07 . 2012-05-07 04:46 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2012-05-26 17:06 . 2012-05-07 04:46 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2012-05-24 07:33 . 2012-04-02 19:45 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2012-05-24 07:33 . 2012-04-02 19:44 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2012-05-24 07:33 . 2012-04-02 19:44 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2012-05-24 07:33 . 2012-04-02 19:44 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-05-04 11:06 . 2012-06-13 04:18 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-05-04 10:03 . 2012-06-13 04:18 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03 . 2012-06-13 04:18 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{6EBC27EA-F982-436F-98CB-E7563CC94B01}]
    2012-05-03 10:34 140800 ----a-w- c:\programdata\Codecv\bhoclass.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 94208 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
    "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]
    "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]
    "NeroLauncher"="c:\program files (x86)\Nero\SyncUP\NeroLauncher.exe" [2012-02-07 66872]
    "Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2012-02-01 968048]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
    "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2010-08-12 163040]
    .
    c:\users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer3"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-05 5160568]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
    R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-28 250056]
    R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-09-15 299008]
    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2011-04-28 88520]
    R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 136176]
    R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-06-21 34200]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-09-16 340240]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-30 250984]
    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2011-04-28 203080]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-30 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
    S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-09-15 1166848]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-05-19 921664]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-05-19 995392]
    S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-06-03 134928]
    S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-06-19 173056]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
    S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
    S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
    S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]
    S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-09-15 299008]
    S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496]
    S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-05-19 1335360]
    S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-05-19 53248]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-07-19 282624]
    S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-07-20 59904]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
    S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-06-21 25496]
    S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2011-09-18 8604672]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 tihub3;TI USB3 Hub Service;c:\windows\system32\DRIVERS\tihub3.sys [2011-07-20 136000]
    S3 tixhci;TI XHCI Service;c:\windows\system32\DRIVERS\tixhci.sys [2011-07-20 406336]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 03:15]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 05:35]
    .
    2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-10 05:35]
    .
    2012-07-27 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-07-28 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    2012-08-02 c:\windows\Tasks\SystemToolsDailyTest.job
    - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-02-14 22:58 97792 ----a-w- c:\users\Jessica\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-20 416024]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-01-25 525312]
    "Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-04-12 609144]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-03-24 3668336]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-09-16 1935120]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-05-19 10365952]
    "DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2012-02-01 2195824]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    Trusted Zone: bellevuecollege.edu\vista
    TCP: DhcpNameServer = 24.116.2.50 24.116.2.34
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-10 - (no file)
    SafeBoot-MsMpSvc
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    Toolbar-10 - (no file)
    AddRemove-WT089446 - c:\program files (x86)\WildTangent\Dell Games\Wedding Dash - Ready
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-01 20:59:35 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-02 03:59
    .
    Pre-Run: 419,599,482,880 bytes free
    Post-Run: 419,199,078,400 bytes free
    .
    - - End Of File - - 89FB469F4E371D349024E289349FEDEB
     
  7. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain,

    You have 2 antivirus programs installed. This will not give you more protection. The 2 will conflict leading to not only conflicts, slowdowns but also less protections.

    Please uninstall either MSE or AVG.


    Next

    Please rerun TDSKiller with the same settings as before. Do not delete anythng if offered that option, use skip instead.

    Please post the TDSSK log.

    Thanks
     
  8. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    I installed AVG after MSE was unable to fix my problem, but I disabled the services for MSE. So, while it is installed, it is not active. I will uninstall it and re-run TDSKiller, though.
     
  9. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    16:26:40.0435 7164 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
    16:26:41.0039 7164 ============================================================
    16:26:41.0039 7164 Current date / time: 2012/08/02 16:26:41.0039
    16:26:41.0039 7164 SystemInfo:
    16:26:41.0039 7164
    16:26:41.0039 7164 OS Version: 6.1.7601 ServicePack: 1.0
    16:26:41.0039 7164 Product type: Workstation
    16:26:41.0039 7164 ComputerName: SOLOVLES-PC
    16:26:41.0040 7164 UserName: Jessica
    16:26:41.0040 7164 Windows directory: C:\windows
    16:26:41.0040 7164 System windows directory: C:\windows
    16:26:41.0040 7164 Running under WOW64
    16:26:41.0040 7164 Processor architecture: Intel x64
    16:26:41.0040 7164 Number of processors: 4
    16:26:41.0040 7164 Page size: 0x1000
    16:26:41.0040 7164 Boot type: Normal boot
    16:26:41.0040 7164 ============================================================
    16:26:41.0439 7164 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:26:41.0445 7164 ============================================================
    16:26:41.0445 7164 \Device\Harddisk0\DR0:
    16:26:41.0445 7164 MBR partitions:
    16:26:41.0445 7164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
    16:26:41.0445 7164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
    16:26:41.0445 7164 ============================================================
    16:26:41.0472 7164 C: <-> \Device\Harddisk0\DR0\Partition1
    16:26:41.0472 7164 ============================================================
    16:26:41.0472 7164 Initialize success
    16:26:41.0472 7164 ============================================================
    16:26:47.0937 0260 ============================================================
    16:26:47.0937 0260 Scan started
    16:26:47.0937 0260 Mode: Manual; SigCheck; TDLFS;
    16:26:47.0937 0260 ============================================================
    16:26:49.0515 0260 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
    16:26:49.0593 0260 1394ohci - ok
    16:26:49.0633 0260 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
    16:26:49.0649 0260 ACPI - ok
    16:26:49.0673 0260 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
    16:26:49.0782 0260 AcpiPmi - ok
    16:26:49.0879 0260 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:26:49.0888 0260 AdobeARMservice - ok
    16:26:50.0267 0260 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:26:50.0286 0260 AdobeFlashPlayerUpdateSvc - ok
    16:26:50.0333 0260 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
    16:26:50.0363 0260 adp94xx - ok
    16:26:50.0444 0260 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
    16:26:50.0472 0260 adpahci - ok
    16:26:50.0518 0260 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
    16:26:50.0528 0260 adpu320 - ok
    16:26:50.0571 0260 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
    16:26:50.0625 0260 AeLookupSvc - ok
    16:26:50.0711 0260 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
    16:26:50.0778 0260 AESTFilters - ok
    16:26:50.0842 0260 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
    16:26:50.0931 0260 AFD - ok
    16:26:50.0968 0260 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
    16:26:50.0976 0260 agp440 - ok
    16:26:51.0009 0260 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
    16:26:51.0048 0260 ALG - ok
    16:26:51.0085 0260 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
    16:26:51.0095 0260 aliide - ok
    16:26:51.0112 0260 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
    16:26:51.0121 0260 amdide - ok
    16:26:51.0138 0260 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
    16:26:51.0189 0260 AmdK8 - ok
    16:26:51.0213 0260 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
    16:26:51.0271 0260 AmdPPM - ok
    16:26:51.0304 0260 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
    16:26:51.0313 0260 amdsata - ok
    16:26:51.0397 0260 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
    16:26:51.0407 0260 amdsbs - ok
    16:26:51.0515 0260 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
    16:26:51.0529 0260 amdxata - ok
    16:26:51.0554 0260 AMPPAL (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\AMPPAL.sys
    16:26:51.0584 0260 AMPPAL - ok
    16:26:51.0624 0260 AMPPALP (3bc90482a834f998c3b7a9c934a20342) C:\windows\system32\DRIVERS\amppal.sys
    16:26:51.0624 0260 AMPPALP - ok
    16:26:52.0035 0260 AMPPALR3 (a47d7febd9381d34ddb4ff38b15a67fe) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
    16:26:52.0105 0260 AMPPALR3 - ok
    16:26:52.0505 0260 ApfiltrService (24ed0eb2b2558970176ecee680f8f806) C:\windows\system32\DRIVERS\Apfiltr.sys
    16:26:52.0515 0260 ApfiltrService - ok
    16:26:52.0555 0260 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
    16:26:52.0605 0260 AppID - ok
    16:26:52.0685 0260 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
    16:26:52.0745 0260 AppIDSvc - ok
    16:26:52.0805 0260 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
    16:26:52.0865 0260 Appinfo - ok
    16:26:53.0155 0260 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:26:53.0165 0260 Apple Mobile Device - ok
    16:26:53.0225 0260 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\windows\System32\appmgmts.dll
    16:26:53.0265 0260 AppMgmt - ok
    16:26:53.0315 0260 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
    16:26:53.0325 0260 arc - ok
    16:26:53.0375 0260 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
    16:26:53.0385 0260 arcsas - ok
    16:26:53.0645 0260 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:26:53.0685 0260 aspnet_state - ok
    16:26:53.0805 0260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
    16:26:53.0865 0260 AsyncMac - ok
    16:26:53.0925 0260 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
    16:26:53.0935 0260 atapi - ok
    16:26:53.0985 0260 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    16:26:54.0025 0260 AudioEndpointBuilder - ok
    16:26:54.0035 0260 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
    16:26:54.0065 0260 AudioSrv - ok
    16:26:57.0095 0260 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    16:26:57.0275 0260 AVGIDSAgent - ok
    16:26:57.0575 0260 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\windows\system32\DRIVERS\avgidsdrivera.sys
    16:26:57.0595 0260 AVGIDSDriver - ok
    16:26:57.0615 0260 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\windows\system32\DRIVERS\avgidsfiltera.sys
    16:26:57.0615 0260 AVGIDSFilter - ok
    16:26:57.0635 0260 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\windows\system32\DRIVERS\avgidsha.sys
    16:26:57.0645 0260 AVGIDSHA - ok
    16:26:57.0685 0260 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\windows\system32\DRIVERS\avgldx64.sys
    16:26:57.0695 0260 Avgldx64 - ok
    16:26:57.0715 0260 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\windows\system32\DRIVERS\avgmfx64.sys
    16:26:57.0725 0260 Avgmfx64 - ok
    16:26:57.0775 0260 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\windows\system32\DRIVERS\avgrkx64.sys
    16:26:57.0785 0260 Avgrkx64 - ok
    16:26:57.0875 0260 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\windows\system32\DRIVERS\avgtdia.sys
    16:26:57.0895 0260 Avgtdia - ok
    16:26:58.0355 0260 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    16:26:58.0365 0260 avgwd - ok
    16:26:58.0415 0260 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
    16:26:58.0475 0260 AxInstSV - ok
    16:26:58.0525 0260 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
    16:26:58.0575 0260 b06bdrv - ok
    16:26:58.0625 0260 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
    16:26:58.0675 0260 b57nd60a - ok
    16:26:58.0705 0260 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
    16:26:58.0755 0260 BDESVC - ok
    16:26:58.0795 0260 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
    16:26:58.0845 0260 Beep - ok
    16:26:58.0955 0260 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
    16:26:59.0025 0260 BFE - ok
    16:26:59.0095 0260 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
    16:26:59.0115 0260 blbdrive - ok
    16:27:00.0145 0260 Bluetooth Device Monitor (5ff7b9916a10e8e69e7c0d16f0b4787a) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    16:27:00.0245 0260 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - warning
    16:27:00.0245 0260 Bluetooth Device Monitor - detected UnsignedFile.Multi.Generic (1)
    16:27:01.0286 0260 Bluetooth Media Service (e43d73caf1023976efba1d0f0e69e271) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    16:27:01.0326 0260 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - warning
    16:27:01.0326 0260 Bluetooth Media Service - detected UnsignedFile.Multi.Generic (1)
    16:27:02.0676 0260 Bluetooth OBEX Service (20427929646784a482df34ef8c4fed23) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    16:27:02.0706 0260 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - warning
    16:27:02.0706 0260 Bluetooth OBEX Service - detected UnsignedFile.Multi.Generic (1)
    16:27:03.0616 0260 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
    16:27:03.0636 0260 Bonjour Service - ok
    16:27:05.0426 0260 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
    16:27:05.0926 0260 bowser - ok
    16:27:06.0276 0260 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
    16:27:06.0636 0260 BrFiltLo - ok
    16:27:06.0666 0260 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
    16:27:06.0676 0260 BrFiltUp - ok
    16:27:07.0386 0260 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
    16:27:07.0606 0260 BridgeMP - ok
    16:27:08.0186 0260 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
    16:27:08.0626 0260 Browser - ok
    16:27:09.0456 0260 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
    16:27:09.0576 0260 Brserid - ok
    16:27:09.0636 0260 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
    16:27:09.0656 0260 BrSerWdm - ok
    16:27:09.0696 0260 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
    16:27:09.0756 0260 BrUsbMdm - ok
    16:27:09.0756 0260 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
    16:27:09.0806 0260 BrUsbSer - ok
    16:27:09.0846 0260 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
    16:27:09.0936 0260 BthEnum - ok
    16:27:09.0976 0260 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
    16:27:10.0036 0260 BTHMODEM - ok
    16:27:10.0086 0260 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
    16:27:10.0126 0260 BthPan - ok
    16:27:10.0206 0260 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
    16:27:10.0276 0260 BTHPORT - ok
    16:27:10.0326 0260 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
    16:27:10.0416 0260 bthserv - ok
    16:27:10.0626 0260 BTHSSecurityMgr (9e2af97302b9f4bf97e952a865eb31ae) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
    16:27:10.0656 0260 BTHSSecurityMgr - ok
    16:27:10.0676 0260 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
    16:27:10.0706 0260 BTHUSB - ok
    16:27:10.0776 0260 btmaudio (274e47bd9c1367bdbfa9df10c2e6c544) C:\windows\system32\drivers\btmaud.sys
    16:27:10.0866 0260 btmaudio - ok
    16:27:10.0876 0260 btmaux (75eab5aaf6e9f83739249ce60b4b9c39) C:\windows\system32\DRIVERS\btmaux.sys
    16:27:10.0936 0260 btmaux - ok
    16:27:11.0057 0260 btmhsf (0b1cc2221dc5990e4557a78ce9afad4f) C:\windows\system32\DRIVERS\btmhsf.sys
    16:27:11.0117 0260 btmhsf - ok
    16:27:11.0157 0260 catchme - ok
    16:27:11.0237 0260 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
    16:27:11.0297 0260 cdfs - ok
    16:27:11.0337 0260 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
    16:27:11.0377 0260 cdrom - ok
    16:27:11.0497 0260 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    16:27:11.0657 0260 CertPropSvc - ok
    16:27:11.0787 0260 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
    16:27:11.0907 0260 circlass - ok
    16:27:11.0977 0260 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
    16:27:11.0987 0260 CLFS - ok
    16:27:12.0137 0260 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:27:12.0157 0260 clr_optimization_v2.0.50727_32 - ok
    16:27:12.0217 0260 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:27:12.0247 0260 clr_optimization_v2.0.50727_64 - ok
    16:27:12.0337 0260 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:27:12.0367 0260 clr_optimization_v4.0.30319_32 - ok
    16:27:12.0647 0260 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:27:12.0667 0260 clr_optimization_v4.0.30319_64 - ok
    16:27:12.0737 0260 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
    16:27:12.0827 0260 CmBatt - ok
    16:27:12.0867 0260 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
    16:27:12.0887 0260 cmdide - ok
    16:27:13.0677 0260 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\windows\system32\Drivers\cng.sys
    16:27:13.0877 0260 CNG - ok
    16:27:14.0048 0260 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
    16:27:14.0068 0260 Compbatt - ok
    16:27:14.0158 0260 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\DRIVERS\CompositeBus.sys
    16:27:14.0228 0260 CompositeBus - ok
    16:27:14.0248 0260 COMSysApp - ok
    16:27:14.0288 0260 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
    16:27:14.0328 0260 crcdisk - ok
    16:27:14.0378 0260 CryptSvc (4f5414602e2544a4554d95517948b705) C:\windows\system32\cryptsvc.dll
    16:27:14.0458 0260 CryptSvc - ok
    16:27:14.0798 0260 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\windows\system32\drivers\csc.sys
    16:27:14.0848 0260 CSC - ok
    16:27:14.0958 0260 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\windows\System32\cscsvc.dll
    16:27:15.0028 0260 CscService - ok
    16:27:15.0108 0260 CtClsFlt (df214bff646880d0eb31bdc86136b29b) C:\windows\system32\DRIVERS\CtClsFlt.sys
    16:27:15.0198 0260 CtClsFlt - ok
    16:27:15.0458 0260 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    16:27:15.0588 0260 DcomLaunch - ok
    16:27:15.0788 0260 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
    16:27:15.0888 0260 defragsvc - ok
    16:27:16.0408 0260 DellDigitalDelivery (18b5c959cbe24d4d4c2381efb87611de) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
    16:27:16.0438 0260 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - warning
    16:27:16.0438 0260 DellDigitalDelivery - detected UnsignedFile.Multi.Generic (1)
    16:27:16.0478 0260 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
    16:27:16.0568 0260 DfsC - ok
    16:27:16.0668 0260 dg_ssudbus (df27e4f282f5ed66d01abe2935a60778) C:\windows\system32\DRIVERS\ssudbus.sys
    16:27:16.0688 0260 dg_ssudbus - ok
    16:27:16.0888 0260 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
    16:27:16.0998 0260 Dhcp - ok
    16:27:17.0068 0260 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
    16:27:17.0148 0260 discache - ok
    16:27:17.0198 0260 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
    16:27:17.0208 0260 Disk - ok
    16:27:17.0518 0260 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
    16:27:17.0568 0260 Dnscache - ok
    16:27:17.0698 0260 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
    16:27:17.0828 0260 dot3svc - ok
    16:27:18.0068 0260 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
    16:27:18.0118 0260 DPS - ok
    16:27:18.0168 0260 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
    16:27:18.0208 0260 drmkaud - ok
    16:27:18.0808 0260 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
    16:27:18.0878 0260 DXGKrnl - ok
    16:27:18.0928 0260 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
    16:27:18.0978 0260 EapHost - ok
    16:27:19.0008 0260 easytether - ok
    16:27:19.0548 0260 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
    16:27:19.0688 0260 ebdrv - ok
    16:27:20.0249 0260 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
    16:27:20.0289 0260 EFS - ok
    16:27:20.0649 0260 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
    16:27:20.0709 0260 ehRecvr - ok
    16:27:20.0749 0260 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
    16:27:20.0779 0260 ehSched - ok
    16:27:21.0059 0260 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
    16:27:21.0089 0260 elxstor - ok
    16:27:21.0099 0260 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
    16:27:21.0119 0260 ErrDev - ok
    16:27:21.0389 0260 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
    16:27:21.0589 0260 EventSystem - ok
    16:27:22.0189 0260 EvtEng (b20a788579e443f768aab1a24f705d0a) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    16:27:22.0249 0260 EvtEng - ok
    16:27:23.0129 0260 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
    16:27:23.0209 0260 exfat - ok
    16:27:23.0299 0260 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
    16:27:23.0369 0260 fastfat - ok
    16:27:24.0019 0260 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
    16:27:24.0109 0260 Fax - ok
    16:27:24.0149 0260 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
    16:27:24.0189 0260 fdc - ok
    16:27:24.0249 0260 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
    16:27:24.0289 0260 fdPHost - ok
    16:27:24.0329 0260 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
    16:27:24.0379 0260 FDResPub - ok
    16:27:24.0539 0260 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
    16:27:24.0579 0260 FileInfo - ok
    16:27:24.0619 0260 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
    16:27:24.0709 0260 Filetrace - ok
    16:27:24.0829 0260 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
    16:27:24.0849 0260 flpydisk - ok
    16:27:24.0869 0260 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
    16:27:24.0889 0260 FltMgr - ok
    16:27:25.0620 0260 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
    16:27:25.0680 0260 FontCache - ok
    16:27:25.0810 0260 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:27:25.0840 0260 FontCache3.0.0.0 - ok
    16:27:26.0030 0260 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
    16:27:26.0070 0260 FsDepends - ok
    16:27:26.0100 0260 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
    16:27:26.0120 0260 Fs_Rec - ok
    16:27:26.0160 0260 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
    16:27:26.0200 0260 fvevol - ok
    16:27:26.0240 0260 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
    16:27:26.0270 0260 gagp30kx - ok
    16:27:26.0660 0260 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    16:27:26.0700 0260 GamesAppService - ok
    16:27:26.0730 0260 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys
    16:27:26.0740 0260 GEARAspiWDM - ok
    16:27:26.0820 0260 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
    16:27:26.0880 0260 gpsvc - ok
    16:27:26.0940 0260 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:27:26.0960 0260 gupdate - ok
    16:27:26.0970 0260 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    16:27:26.0980 0260 gupdatem - ok
    16:27:27.0000 0260 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
    16:27:27.0060 0260 hcw85cir - ok
    16:27:27.0120 0260 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
    16:27:27.0180 0260 HdAudAddService - ok
    16:27:27.0220 0260 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\DRIVERS\HDAudBus.sys
    16:27:27.0260 0260 HDAudBus - ok
    16:27:27.0280 0260 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
    16:27:27.0330 0260 HidBatt - ok
    16:27:27.0380 0260 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
    16:27:27.0490 0260 HidBth - ok
    16:27:27.0510 0260 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
    16:27:27.0520 0260 HidIr - ok
    16:27:27.0550 0260 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\System32\hidserv.dll
    16:27:27.0620 0260 hidserv - ok
    16:27:27.0650 0260 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\drivers\hidusb.sys
    16:27:27.0700 0260 HidUsb - ok
    16:27:27.0770 0260 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
    16:27:27.0850 0260 hkmsvc - ok
    16:27:28.0030 0260 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
    16:27:28.0110 0260 HomeGroupListener - ok
    16:27:28.0360 0260 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
    16:27:28.0430 0260 HomeGroupProvider - ok
    16:27:28.0480 0260 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
    16:27:28.0510 0260 HpSAMD - ok
    16:27:28.0580 0260 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
    16:27:28.0650 0260 HTTP - ok
    16:27:28.0690 0260 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
    16:27:28.0710 0260 hwpolicy - ok
    16:27:28.0750 0260 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
    16:27:28.0780 0260 i8042prt - ok
    16:27:28.0830 0260 iaStor (d7921d5a870b11cc1adab198a519d50a) C:\windows\system32\DRIVERS\iaStor.sys
    16:27:28.0870 0260 iaStor - ok
    16:27:29.0000 0260 IAStorDataMgrSvc (8fff9083252c16fe3960173722605e9e) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    16:27:29.0010 0260 IAStorDataMgrSvc - ok
    16:27:29.0050 0260 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
    16:27:29.0070 0260 iaStorV - ok
    16:27:29.0100 0260 iBtFltCoex (8a4ec1c3f10385181b1066120c610ae5) C:\windows\system32\DRIVERS\iBtFltCoex.sys
    16:27:29.0140 0260 iBtFltCoex - ok
    16:27:29.0500 0260 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:27:29.0560 0260 idsvc - ok
    16:27:39.0482 0260 igfx (174bcac474de13b2650e444cf124828e) C:\windows\system32\DRIVERS\igdkmd64.sys
    16:27:39.0882 0260 igfx - ok
    16:27:40.0032 0260 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
    16:27:40.0052 0260 iirsp - ok
    16:27:41.0542 0260 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
    16:27:41.0682 0260 IKEEXT - ok
    16:27:41.0732 0260 intaud_WaveExtensible (caddf0927dac63edae48f5c35a61d87d) C:\windows\system32\drivers\intelaud.sys
    16:27:41.0762 0260 intaud_WaveExtensible - ok
    16:27:41.0902 0260 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
    16:27:41.0952 0260 IntcDAud - ok
    16:27:41.0982 0260 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
    16:27:41.0992 0260 intelide - ok
    16:27:42.0022 0260 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
    16:27:42.0072 0260 intelppm - ok
    16:27:42.0132 0260 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
    16:27:42.0222 0260 IPBusEnum - ok
    16:27:42.0312 0260 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
    16:27:42.0372 0260 IpFilterDriver - ok
    16:27:42.0452 0260 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
    16:27:42.0542 0260 iphlpsvc - ok
    16:27:42.0572 0260 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
    16:27:42.0632 0260 IPMIDRV - ok
    16:27:42.0682 0260 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
    16:27:42.0712 0260 IPNAT - ok
    16:27:43.0703 0260 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
    16:27:43.0773 0260 iPod Service - ok
    16:27:43.0803 0260 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
    16:27:43.0813 0260 IRENUM - ok
    16:27:43.0843 0260 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
    16:27:43.0853 0260 isapnp - ok
    16:27:43.0883 0260 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
    16:27:43.0933 0260 iScsiPrt - ok
    16:27:43.0973 0260 iwdbus (716f66336f10885d935b08174dc54242) C:\windows\system32\DRIVERS\iwdbus.sys
    16:27:43.0973 0260 iwdbus - ok
    16:27:43.0993 0260 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
    16:27:44.0013 0260 kbdclass - ok
    16:27:44.0023 0260 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\drivers\kbdhid.sys
    16:27:44.0083 0260 kbdhid - ok
    16:27:44.0163 0260 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    16:27:44.0183 0260 KeyIso - ok
    16:27:44.0293 0260 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\windows\system32\Drivers\ksecdd.sys
    16:27:44.0303 0260 KSecDD - ok
    16:27:44.0333 0260 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\windows\system32\Drivers\ksecpkg.sys
    16:27:44.0353 0260 KSecPkg - ok
    16:27:44.0383 0260 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
    16:27:44.0443 0260 ksthunk - ok
    16:27:44.0503 0260 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
    16:27:44.0593 0260 KtmRm - ok
    16:27:44.0643 0260 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\System32\srvsvc.dll
    16:27:44.0733 0260 LanmanServer - ok
    16:27:44.0773 0260 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
    16:27:44.0833 0260 LanmanWorkstation - ok
    16:27:44.0873 0260 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
    16:27:44.0943 0260 lltdio - ok
    16:27:45.0043 0260 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
    16:27:45.0133 0260 lltdsvc - ok
    16:27:45.0193 0260 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
    16:27:45.0253 0260 lmhosts - ok
    16:27:45.0663 0260 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    16:27:45.0743 0260 LMS - ok
    16:27:45.0783 0260 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
    16:27:45.0803 0260 LSI_FC - ok
    16:27:45.0883 0260 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
    16:27:45.0893 0260 LSI_SAS - ok
    16:27:45.0903 0260 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
    16:27:45.0913 0260 LSI_SAS2 - ok
    16:27:45.0933 0260 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
    16:27:45.0963 0260 LSI_SCSI - ok
    16:27:45.0993 0260 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
    16:27:46.0063 0260 luafv - ok
    16:27:46.0233 0260 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
    16:27:46.0283 0260 Mcx2Svc - ok
    16:27:46.0353 0260 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
    16:27:46.0393 0260 megasas - ok
    16:27:46.0433 0260 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
    16:27:46.0473 0260 MegaSR - ok
    16:27:46.0513 0260 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys
    16:27:46.0533 0260 MEIx64 - ok
    16:27:46.0573 0260 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    16:27:46.0653 0260 MMCSS - ok
    16:27:46.0713 0260 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
    16:27:46.0773 0260 Modem - ok
    16:27:46.0853 0260 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
    16:27:46.0913 0260 monitor - ok
    16:27:46.0953 0260 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
    16:27:46.0983 0260 mouclass - ok
    16:27:47.0023 0260 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\drivers\mouhid.sys
    16:27:47.0083 0260 mouhid - ok
    16:27:47.0223 0260 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
    16:27:47.0263 0260 mountmgr - ok
    16:27:47.0293 0260 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
    16:27:47.0303 0260 mpio - ok
    16:27:47.0313 0260 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
    16:27:47.0343 0260 mpsdrv - ok
    16:27:47.0453 0260 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
    16:27:47.0553 0260 MpsSvc - ok
    16:27:47.0573 0260 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
    16:27:47.0643 0260 MRxDAV - ok
    16:27:47.0683 0260 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
    16:27:47.0773 0260 mrxsmb - ok
    16:27:47.0823 0260 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
    16:27:47.0853 0260 mrxsmb10 - ok
    16:27:47.0993 0260 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
    16:27:47.0993 0260 mrxsmb20 - ok
    16:27:48.0033 0260 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
    16:27:48.0043 0260 msahci - ok
    16:27:48.0083 0260 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
    16:27:48.0103 0260 msdsm - ok
    16:27:48.0173 0260 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
    16:27:48.0233 0260 MSDTC - ok
    16:27:48.0273 0260 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
    16:27:48.0313 0260 Msfs - ok
    16:27:48.0343 0260 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
    16:27:48.0433 0260 mshidkmdf - ok
    16:27:48.0473 0260 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
    16:27:48.0483 0260 msisadrv - ok
    16:27:48.0533 0260 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
    16:27:48.0583 0260 MSiSCSI - ok
    16:27:48.0583 0260 msiserver - ok
    16:27:48.0633 0260 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
    16:27:48.0703 0260 MSKSSRV - ok
    16:27:48.0723 0260 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
    16:27:48.0813 0260 MSPCLOCK - ok
    16:27:48.0823 0260 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
    16:27:48.0883 0260 MSPQM - ok
    16:27:48.0953 0260 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
    16:27:48.0993 0260 MsRPC - ok
    16:27:49.0023 0260 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
    16:27:49.0023 0260 mssmbios - ok
    16:27:49.0043 0260 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
    16:27:49.0083 0260 MSTEE - ok
    16:27:49.0103 0260 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
    16:27:49.0133 0260 MTConfig - ok
    16:27:49.0153 0260 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
    16:27:49.0163 0260 Mup - ok
    16:27:49.0263 0260 MyWiFiDHCPDNS (f217d7718fd7577af331e89910b2d21e) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    16:27:49.0313 0260 MyWiFiDHCPDNS - ok
    16:27:49.0583 0260 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
    16:27:49.0693 0260 napagent - ok
    16:27:49.0773 0260 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
    16:27:49.0853 0260 NativeWifiP - ok
    16:27:50.0753 0260 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe
    16:27:50.0823 0260 NAUpdate - ok
    16:27:51.0463 0260 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
    16:27:51.0513 0260 NDIS - ok
    16:27:51.0563 0260 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
    16:27:51.0643 0260 NdisCap - ok
    16:27:51.0683 0260 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
    16:27:51.0723 0260 NdisTapi - ok
    16:27:51.0743 0260 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
    16:27:51.0763 0260 Ndisuio - ok
    16:27:51.0783 0260 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
    16:27:51.0853 0260 NdisWan - ok
    16:27:51.0923 0260 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
    16:27:51.0973 0260 NDProxy - ok
    16:27:51.0993 0260 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
    16:27:52.0023 0260 NetBIOS - ok
    16:27:52.0043 0260 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
    16:27:52.0073 0260 NetBT - ok
    16:27:52.0123 0260 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    16:27:52.0143 0260 Netlogon - ok
    16:27:52.0193 0260 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
    16:27:52.0303 0260 Netman - ok
    16:27:52.0763 0260 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:27:52.0793 0260 NetMsmqActivator - ok
    16:27:52.0813 0260 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:27:52.0823 0260 NetPipeActivator - ok
    16:27:53.0504 0260 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
    16:27:53.0614 0260 netprofm - ok
    16:27:53.0624 0260 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:27:53.0624 0260 NetTcpActivator - ok
    16:27:53.0634 0260 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:27:53.0634 0260 NetTcpPortSharing - ok
    16:27:55.0704 0260 NETwNs64 (9fd1be1881446d954ff77244ae58fbcb) C:\windows\system32\DRIVERS\NETwNs64.sys
    16:27:55.0984 0260 NETwNs64 - ok
    16:27:56.0165 0260 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
    16:27:56.0195 0260 nfrd960 - ok
    16:27:56.0255 0260 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
    16:27:56.0315 0260 NlaSvc - ok
    16:27:58.0655 0260 NOBU (b9b72faaaa41d59b73b88fe3dd737ed1) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
    16:27:58.0765 0260 NOBU - ok
    16:27:59.0786 0260 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
    16:27:59.0836 0260 Npfs - ok
    16:27:59.0886 0260 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
    16:27:59.0936 0260 nsi - ok
    16:27:59.0966 0260 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
    16:27:59.0996 0260 nsiproxy - ok
    16:28:00.0096 0260 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
    16:28:00.0146 0260 Ntfs - ok
    16:28:00.0286 0260 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
    16:28:00.0326 0260 Null - ok
    16:28:00.0356 0260 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
    16:28:00.0366 0260 nvraid - ok
    16:28:00.0376 0260 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
    16:28:00.0386 0260 nvstor - ok
    16:28:00.0416 0260 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
    16:28:00.0446 0260 nv_agp - ok
    16:28:00.0446 0260 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
    16:28:00.0486 0260 ohci1394 - ok
    16:28:00.0716 0260 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    16:28:00.0756 0260 ose - ok
    16:28:03.0546 0260 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:28:03.0736 0260 osppsvc - ok
    16:28:04.0266 0260 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    16:28:04.0366 0260 p2pimsvc - ok
    16:28:04.0866 0260 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
    16:28:04.0896 0260 p2psvc - ok
    16:28:05.0036 0260 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
    16:28:05.0066 0260 Parport - ok
    16:28:05.0196 0260 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\windows\system32\drivers\partmgr.sys
    16:28:05.0206 0260 partmgr - ok
    16:28:05.0356 0260 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
    16:28:05.0396 0260 PcaSvc - ok
    16:28:05.0456 0260 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
    16:28:05.0456 0260 pci - ok
    16:28:05.0476 0260 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
    16:28:05.0476 0260 pciide - ok
    16:28:05.0496 0260 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
    16:28:05.0506 0260 pcmcia - ok
    16:28:05.0516 0260 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
    16:28:05.0526 0260 pcw - ok
    16:28:05.0556 0260 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
    16:28:05.0616 0260 PEAUTH - ok
    16:28:06.0336 0260 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\windows\system32\peerdistsvc.dll
    16:28:06.0406 0260 PeerDistSvc - ok
    16:28:06.0506 0260 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
    16:28:06.0536 0260 PerfHost - ok
    16:28:08.0417 0260 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
    16:28:08.0527 0260 pla - ok
    16:28:09.0317 0260 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
    16:28:09.0347 0260 PlugPlay - ok
    16:28:09.0427 0260 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
    16:28:09.0477 0260 PNRPAutoReg - ok
    16:28:09.0507 0260 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
    16:28:09.0517 0260 PNRPsvc - ok
    16:28:10.0067 0260 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
    16:28:10.0157 0260 PolicyAgent - ok
    16:28:10.0387 0260 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\windows\system32\umpo.dll
    16:28:10.0427 0260 Power - ok
    16:28:10.0537 0260 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
    16:28:10.0597 0260 PptpMiniport - ok
    16:28:10.0637 0260 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
    16:28:10.0677 0260 Processor - ok
    16:28:10.0737 0260 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\windows\system32\profsvc.dll
    16:28:10.0797 0260 ProfSvc - ok
    16:28:10.0897 0260 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    16:28:10.0917 0260 ProtectedStorage - ok
    16:28:10.0997 0260 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
    16:28:11.0087 0260 Psched - ok
    16:28:11.0147 0260 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\windows\system32\Drivers\PxHlpa64.sys
    16:28:11.0167 0260 PxHlpa64 - ok
    16:28:11.0957 0260 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
    16:28:12.0017 0260 ql2300 - ok
    16:28:12.0557 0260 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
    16:28:12.0607 0260 ql40xx - ok
    16:28:13.0017 0260 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
    16:28:13.0117 0260 QWAVE - ok
    16:28:13.0197 0260 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
    16:28:13.0227 0260 QWAVEdrv - ok
    16:28:13.0257 0260 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
    16:28:13.0317 0260 RasAcd - ok
    16:28:13.0367 0260 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
    16:28:13.0417 0260 RasAgileVpn - ok
    16:28:13.0567 0260 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
    16:28:13.0627 0260 RasAuto - ok
    16:28:13.0697 0260 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
    16:28:13.0777 0260 Rasl2tp - ok
    16:28:13.0837 0260 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
    16:28:13.0907 0260 RasMan - ok
    16:28:13.0937 0260 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
    16:28:13.0997 0260 RasPppoe - ok
    16:28:14.0047 0260 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
    16:28:14.0117 0260 RasSstp - ok
    16:28:14.0157 0260 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
    16:28:14.0258 0260 rdbss - ok
    16:28:14.0288 0260 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
    16:28:14.0358 0260 rdpbus - ok
    16:28:14.0388 0260 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
    16:28:14.0448 0260 RDPCDD - ok
    16:28:14.0518 0260 RDPDR (1b6163c503398b23ff8b939c67747683) C:\windows\system32\drivers\rdpdr.sys
    16:28:14.0548 0260 RDPDR - ok
    16:28:14.0578 0260 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
    16:28:14.0628 0260 RDPENCDD - ok
    16:28:14.0668 0260 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
    16:28:14.0688 0260 RDPREFMP - ok
    16:28:14.0778 0260 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\windows\system32\drivers\RDPWD.sys
    16:28:14.0818 0260 RDPWD - ok
    16:28:14.0878 0260 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
    16:28:14.0918 0260 rdyboost - ok
    16:28:15.0398 0260 RegSrvc (b9a0810d16ea7935b10a5499aba61dc3) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    16:28:15.0408 0260 RegSrvc - ok
    16:28:15.0478 0260 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
    16:28:15.0528 0260 RemoteAccess - ok
    16:28:15.0768 0260 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
    16:28:15.0848 0260 RemoteRegistry - ok
    16:28:16.0108 0260 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
    16:28:16.0208 0260 RFCOMM - ok
    16:28:17.0559 0260 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
    16:28:17.0599 0260 RoxMediaDB12OEM - ok
    16:28:17.0769 0260 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
    16:28:17.0799 0260 RoxWatch12 - ok
    16:28:18.0539 0260 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
    16:28:18.0619 0260 RpcEptMapper - ok
    16:28:18.0639 0260 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
    16:28:18.0649 0260 RpcLocator - ok
    16:28:18.0719 0260 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
    16:28:18.0769 0260 RpcSs - ok
    16:28:18.0899 0260 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
    16:28:18.0949 0260 rspndr - ok
    16:28:19.0039 0260 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\windows\system32\Drivers\RtsUStor.sys
    16:28:19.0059 0260 RSUSBSTOR - ok
    16:28:19.0369 0260 RTL8167 (ee082e06a82ff630351d1e0ebbd3d8d0) C:\windows\system32\DRIVERS\Rt64win7.sys
    16:28:19.0409 0260 RTL8167 - ok
    16:28:19.0509 0260 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    16:28:19.0539 0260 SamSs - ok
    16:28:19.0659 0260 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
    16:28:19.0689 0260 sbp2port - ok
    16:28:19.0909 0260 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
    16:28:19.0999 0260 SCardSvr - ok
    16:28:20.0009 0260 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
    16:28:20.0049 0260 scfilter - ok
    16:28:21.0419 0260 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
    16:28:21.0519 0260 Schedule - ok
    16:28:21.0709 0260 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
    16:28:21.0769 0260 SCPolicySvc - ok
    16:28:22.0199 0260 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
    16:28:22.0250 0260 SDRSVC - ok
    16:28:22.0320 0260 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
    16:28:22.0420 0260 secdrv - ok
    16:28:22.0470 0260 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
    16:28:22.0520 0260 seclogon - ok
    16:28:22.0550 0260 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\system32\sens.dll
    16:28:22.0630 0260 SENS - ok
    16:28:22.0670 0260 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
    16:28:22.0710 0260 SensrSvc - ok
    16:28:22.0760 0260 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
    16:28:22.0820 0260 Serenum - ok
    16:28:22.0880 0260 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
    16:28:22.0950 0260 Serial - ok
    16:28:23.0010 0260 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
    16:28:23.0070 0260 sermouse - ok
    16:28:23.0250 0260 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
    16:28:23.0380 0260 SessionEnv - ok
    16:28:23.0400 0260 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
    16:28:23.0410 0260 sffdisk - ok
    16:28:23.0450 0260 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
    16:28:23.0510 0260 sffp_mmc - ok
    16:28:23.0520 0260 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
    16:28:23.0590 0260 sffp_sd - ok
    16:28:23.0610 0260 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
    16:28:23.0670 0260 sfloppy - ok
    16:28:24.0640 0260 SftService (e1974a92ac0914a3859359a0a8c82c68) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    16:28:24.0670 0260 SftService - ok
    16:28:24.0740 0260 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
    16:28:24.0800 0260 SharedAccess - ok
    16:28:24.0850 0260 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
    16:28:24.0940 0260 ShellHWDetection - ok
    16:28:25.0000 0260 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
    16:28:25.0030 0260 SiSRaid2 - ok
    16:28:25.0160 0260 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
    16:28:25.0160 0260 SiSRaid4 - ok
    16:28:25.0260 0260 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
    16:28:25.0300 0260 SkypeUpdate - ok
    16:28:25.0330 0260 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
    16:28:25.0430 0260 Smb - ok
    16:28:25.0460 0260 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
    16:28:25.0520 0260 SNMPTRAP - ok
    16:28:25.0560 0260 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
    16:28:25.0560 0260 spldr - ok
    16:28:25.0610 0260 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
    16:28:25.0650 0260 Spooler - ok
    16:28:27.0760 0260 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
    16:28:27.0910 0260 sppsvc - ok
    16:28:28.0520 0260 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
    16:28:28.0570 0260 sppuinotify - ok
    16:28:29.0060 0260 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
    16:28:29.0160 0260 srv - ok
    16:28:29.0241 0260 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
    16:28:29.0291 0260 srv2 - ok
    16:28:29.0331 0260 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
    16:28:29.0371 0260 srvnet - ok
    16:28:29.0411 0260 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
    16:28:29.0501 0260 SSDPSRV - ok
    16:28:29.0601 0260 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
    16:28:29.0651 0260 SstpSvc - ok
    16:28:29.0691 0260 ssudmdm (5e20a963c80ae5fe49bdfb52cc511072) C:\windows\system32\DRIVERS\ssudmdm.sys
    16:28:29.0731 0260 ssudmdm - ok
    16:28:29.0831 0260 STacSV (b2d8b364a831427a5741f6c408fa8ae3) C:\Program Files\IDT\WDM\STacSV64.exe
    16:28:29.0871 0260 STacSV - ok
    16:28:29.0941 0260 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
    16:28:29.0991 0260 stexstor - ok
    16:28:30.0201 0260 STHDA (ef5acde92ba3f691bbfef781cb063501) C:\windows\system32\DRIVERS\stwrt64.sys
    16:28:30.0271 0260 STHDA - ok
    16:28:30.0331 0260 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
    16:28:30.0421 0260 stisvc - ok
    16:28:30.0691 0260 stllssvr (7731f46ec0d687a931cba063e8f90ef0) c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    16:28:30.0711 0260 stllssvr - ok
    16:28:30.0751 0260 StorSvc (c40841817ef57d491f22eb103da587cc) C:\windows\system32\storsvc.dll
    16:28:30.0801 0260 StorSvc - ok
    16:28:30.0831 0260 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
    16:28:30.0841 0260 swenum - ok
    16:28:31.0391 0260 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
    16:28:31.0481 0260 swprv - ok
    16:28:32.0861 0260 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
    16:28:32.0961 0260 SysMain - ok
    16:28:33.0151 0260 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
    16:28:33.0241 0260 TabletInputService - ok
    16:28:33.0751 0260 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
    16:28:33.0881 0260 TapiSrv - ok
    16:28:34.0041 0260 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
    16:28:34.0111 0260 TBS - ok
    16:28:35.0342 0260 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\drivers\tcpip.sys
    16:28:35.0472 0260 Tcpip - ok
    16:28:37.0852 0260 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\windows\system32\DRIVERS\tcpip.sys
    16:28:37.0882 0260 TCPIP6 - ok
    16:28:39.0053 0260 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
    16:28:39.0133 0260 tcpipreg - ok
    16:28:39.0163 0260 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
    16:28:39.0163 0260 TDPIPE - ok
    16:28:39.0203 0260 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
    16:28:39.0253 0260 TDTCP - ok
    16:28:39.0543 0260 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
    16:28:39.0563 0260 tdx - ok
    16:28:39.0603 0260 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\DRIVERS\termdd.sys
    16:28:39.0613 0260 TermDD - ok
    16:28:39.0663 0260 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
    16:28:39.0743 0260 TermService - ok
    16:28:39.0763 0260 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
    16:28:39.0773 0260 Themes - ok
    16:28:39.0943 0260 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
    16:28:39.0963 0260 THREADORDER - ok
    16:28:40.0023 0260 tihub3 (68fe3d89829e27d4fd5eea7bd2c41985) C:\windows\system32\DRIVERS\tihub3.sys
    16:28:40.0033 0260 tihub3 - ok
    16:28:40.0083 0260 tixhci (0102c9633ce1f18a6ac021f28b734db5) C:\windows\system32\DRIVERS\tixhci.sys
    16:28:40.0103 0260 tixhci - ok
    16:28:40.0444 0260 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
    16:28:40.0514 0260 TrkWks - ok
    16:28:40.0924 0260 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
    16:28:40.0974 0260 TrustedInstaller - ok
    16:28:41.0074 0260 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
    16:28:41.0154 0260 tssecsrv - ok
    16:28:41.0184 0260 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
    16:28:41.0214 0260 TsUsbFlt - ok
    16:28:41.0274 0260 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
    16:28:41.0334 0260 TsUsbGD - ok
    16:28:41.0354 0260 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
    16:28:41.0414 0260 tunnel - ok
    16:28:41.0464 0260 TurboB (fd24f98d2898be093fe926604be7db99) C:\windows\system32\DRIVERS\TurboB.sys
    16:28:41.0484 0260 TurboB - ok
    16:28:41.0804 0260 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
    16:28:41.0874 0260 TurboBoost - ok
    16:28:41.0924 0260 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
    16:28:41.0944 0260 uagp35 - ok
    16:28:42.0054 0260 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
    16:28:42.0154 0260 udfs - ok
    16:28:42.0274 0260 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
    16:28:42.0324 0260 UI0Detect - ok
    16:28:42.0384 0260 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
    16:28:42.0404 0260 uliagpkx - ok
    16:28:42.0484 0260 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
    16:28:42.0544 0260 umbus - ok
    16:28:42.0554 0260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
    16:28:42.0594 0260 UmPass - ok
    16:28:42.0654 0260 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\windows\System32\umrdp.dll
    16:28:42.0714 0260 UmRdpService - ok
    16:28:43.0264 0260 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    16:28:43.0394 0260 UNS - ok
    16:28:43.0944 0260 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
    16:28:44.0064 0260 upnphost - ok
    16:28:44.0234 0260 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\windows\system32\Drivers\usbaapl64.sys
    16:28:44.0284 0260 USBAAPL64 - ok
    16:28:44.0484 0260 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\windows\system32\DRIVERS\usbccgp.sys
    16:28:44.0554 0260 usbccgp - ok
    16:28:44.0584 0260 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
    16:28:44.0594 0260 usbcir - ok
    16:28:44.0614 0260 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\DRIVERS\usbehci.sys
    16:28:44.0654 0260 usbehci - ok
    16:28:44.0714 0260 usbhub (8b892002d7b79312821169a14317ab86) C:\windows\system32\DRIVERS\usbhub.sys
    16:28:44.0784 0260 usbhub - ok
    16:28:44.0834 0260 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
    16:28:44.0884 0260 usbohci - ok
    16:28:44.0934 0260 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
    16:28:44.0994 0260 usbprint - ok
    16:28:45.0124 0260 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
    16:28:45.0224 0260 USBSTOR - ok
    16:28:45.0324 0260 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
    16:28:45.0424 0260 usbuhci - ok
    16:28:45.0464 0260 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
    16:28:45.0514 0260 usbvideo - ok
    16:28:45.0564 0260 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\windows\system32\DRIVERS\usb8023x.sys
    16:28:45.0604 0260 usb_rndisx - ok
    16:28:45.0634 0260 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
    16:28:45.0704 0260 UxSms - ok
    16:28:45.0784 0260 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
    16:28:45.0804 0260 VaultSvc - ok
    16:28:45.0854 0260 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
    16:28:45.0874 0260 vdrvroot - ok
    16:28:46.0444 0260 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
    16:28:46.0504 0260 vds - ok
    16:28:46.0554 0260 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
    16:28:46.0564 0260 vga - ok
    16:28:46.0584 0260 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
    16:28:46.0644 0260 VgaSave - ok
    16:28:46.0674 0260 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
    16:28:46.0684 0260 vhdmp - ok
    16:28:46.0694 0260 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
    16:28:46.0694 0260 viaide - ok
    16:28:46.0704 0260 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
    16:28:46.0714 0260 volmgr - ok
    16:28:46.0744 0260 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
    16:28:46.0754 0260 volmgrx - ok
    16:28:46.0794 0260 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
    16:28:46.0804 0260 volsnap - ok
    16:28:46.0834 0260 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
    16:28:46.0844 0260 vsmraid - ok
    16:28:46.0904 0260 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
    16:28:47.0004 0260 VSS - ok
    16:28:47.0134 0260 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
    16:28:47.0184 0260 vwifibus - ok
    16:28:47.0254 0260 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
    16:28:47.0284 0260 vwififlt - ok
    16:28:47.0304 0260 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
    16:28:47.0314 0260 vwifimp - ok
    16:28:47.0364 0260 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
    16:28:47.0424 0260 W32Time - ok
    16:28:47.0454 0260 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
    16:28:47.0494 0260 WacomPen - ok
    16:28:47.0544 0260 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    16:28:47.0584 0260 WANARP - ok
    16:28:47.0604 0260 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
    16:28:47.0624 0260 Wanarpv6 - ok
    16:28:47.0724 0260 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
    16:28:47.0804 0260 WatAdminSvc - ok
    16:28:47.0914 0260 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
    16:28:48.0044 0260 wbengine - ok
    16:28:48.0154 0260 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
    16:28:48.0184 0260 WbioSrvc - ok
    16:28:48.0234 0260 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
    16:28:48.0315 0260 wcncsvc - ok
    16:28:48.0345 0260 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
    16:28:48.0355 0260 WcsPlugInService - ok
    16:28:48.0385 0260 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
    16:28:48.0405 0260 Wd - ok
    16:28:48.0455 0260 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
    16:28:48.0485 0260 Wdf01000 - ok
    16:28:48.0535 0260 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    16:28:48.0585 0260 WdiServiceHost - ok
    16:28:48.0595 0260 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
    16:28:48.0615 0260 WdiSystemHost - ok
    16:28:48.0655 0260 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
    16:28:48.0735 0260 WebClient - ok
    16:28:48.0775 0260 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
    16:28:48.0855 0260 Wecsvc - ok
    16:28:48.0885 0260 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
    16:28:48.0905 0260 wercplsupport - ok
    16:28:48.0935 0260 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
    16:28:49.0005 0260 WerSvc - ok
    16:28:49.0065 0260 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
    16:28:49.0095 0260 WfpLwf - ok
    16:28:49.0145 0260 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\windows\system32\DRIVERS\wimfltr.sys
    16:28:49.0175 0260 WimFltr - ok
    16:28:49.0195 0260 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
    16:28:49.0205 0260 WIMMount - ok
    16:28:49.0245 0260 WinDefend - ok
    16:28:49.0275 0260 WinHttpAutoProxySvc - ok
    16:28:49.0355 0260 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
    16:28:49.0425 0260 Winmgmt - ok
    16:28:49.0555 0260 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
    16:28:49.0655 0260 WinRM - ok
    16:28:49.0945 0260 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys
    16:28:50.0045 0260 WinUsb - ok
    16:28:50.0385 0260 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
    16:28:50.0435 0260 Wlansvc - ok
    16:28:50.0515 0260 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:28:50.0525 0260 wlcrasvc - ok
    16:28:50.0795 0260 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:28:50.0895 0260 wlidsvc - ok
    16:28:51.0015 0260 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
    16:28:51.0055 0260 WmiAcpi - ok
    16:28:51.0135 0260 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
    16:28:51.0205 0260 wmiApSrv - ok
    16:28:51.0285 0260 WMPNetworkSvc - ok
    16:28:51.0325 0260 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
    16:28:51.0335 0260 WPCSvc - ok
    16:28:51.0355 0260 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
    16:28:51.0365 0260 WPDBusEnum - ok
    16:28:51.0375 0260 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
    16:28:51.0405 0260 ws2ifsl - ok
    16:28:51.0445 0260 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\system32\wscsvc.dll
    16:28:51.0485 0260 wscsvc - ok
    16:28:51.0485 0260 WSearch - ok
    16:28:52.0935 0260 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\windows\system32\wuaueng.dll
    16:28:53.0035 0260 wuauserv - ok
    16:28:53.0436 0260 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
    16:28:53.0496 0260 WudfPf - ok
    16:28:53.0566 0260 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
    16:28:53.0626 0260 WUDFRd - ok
    16:28:53.0726 0260 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
    16:28:53.0776 0260 wudfsvc - ok
    16:28:54.0096 0260 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
    16:28:54.0186 0260 WwanSvc - ok
    16:28:54.0266 0260 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:28:55.0607 0260 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
    16:28:55.0607 0260 \Device\Harddisk0\DR0 - detected TDSS File System (1)
    16:28:55.0627 0260 Boot (0x1200) (b4a651ea79a9998884da67ecffb5e2e7) \Device\Harddisk0\DR0\Partition0
    16:28:55.0637 0260 \Device\Harddisk0\DR0\Partition0 - ok
    16:28:55.0647 0260 Boot (0x1200) (9353cf31a6ec515e78353d1600509a2f) \Device\Harddisk0\DR0\Partition1
    16:28:55.0647 0260 \Device\Harddisk0\DR0\Partition1 - ok
    16:28:55.0657 0260 ============================================================
    16:28:55.0657 0260 Scan finished
    16:28:55.0657 0260 ============================================================
    16:28:55.0667 1592 Detected object count: 5
    16:28:55.0667 1592 Actual detected object count: 5
    16:29:08.0801 1592 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
    16:29:08.0801 1592 Bluetooth Device Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:29:08.0802 1592 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - skipped by user
    16:29:08.0802 1592 Bluetooth Media Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:29:08.0803 1592 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - skipped by user
    16:29:08.0803 1592 Bluetooth OBEX Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:29:08.0804 1592 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - skipped by user
    16:29:08.0804 1592 DellDigitalDelivery ( UnsignedFile.Multi.Generic ) - User select action: Skip
    16:29:08.0805 1592 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
    16:29:08.0805 1592 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
     
  10. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain,

    Please rerun TDSSK. When present with this line

    16:29:08.0805 1592 \Device\Harddisk0\DR0 ( TDSS File System )


    Use the dropdown menu and select delete.


    Next

    This infection is known to corrupt some services so let's have a look.


    Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    Next



    Download OTL to your desktop.
    • Double click on OTL.exe to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • When the window appears, underneath Output at the top change it to Minimal Output
    • Check the boxes beside LOP Check and Purity Check.
    • In the window under Custom Scans/Fixes copy and paste the following

      netsvcs
      %SYSTEMDRIVE%\*.*
      %systemroot%\Fonts\*.com
      %systemroot%\Fonts\*.dll
      %systemroot%\Fonts\*.ini
      %systemroot%\Fonts\*.ini2
      %systemroot%\Fonts\*.exe
      %systemroot%\system32\spool\prtprocs\w32x86\*.*
      %systemroot%\REPAIR\*.bak1
      %systemroot%\REPAIR\*.ini
      %systemroot%\system32\*.jpg
      %systemroot%\*.jpg
      %systemroot%\*.png
      %systemroot%\*.scr
      %systemroot%\*._sy
      %APPDATA%\Adobe\Update\*.*
      %ALLUSERSPROFILE%\Favorites\*.*
      %APPDATA%\Microsoft\*.*
      %PROGRAMFILES%\*.*
      %APPDATA%\Update\*.*
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\System32\config\*.sav
      %PROGRAMFILES%\bak. /s
      %systemroot%\system32\bak. /s
      %ALLUSERSPROFILE%\Start Menu\*.lîk /x
      %systemroot%\system32\config\systemprofile\*.dat /x
      %systemroot%\*.config
      %systemroot%\system32\*.db
      %PROGRAMFILES%\Internet Explorer\*.dat
      %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x
      %USERPROFILE%\Desktop\*.exe
      %PROGRAMFILES%\Common Files\*.*
      %systemroot%\*.src
      %systemroot%\install\*.*
      %systemroot%\system32\DLL\*.*
      %systemroot%\system32\HelpFiles\*.*
      %systemroot%\system32\rundll\*.*
      %systemroot%\winn32\*.*
      %systemroot%\Java\*.*
      %systemroot%\system32\test\*.*
      %systemroot%\system32\Rundll32\*.*
      HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
      %USERPROFILE%\..|smtmp;true;true;true /FP
      %temp%\smtmp\*.* /s >
      /md5start
      iexplore.*
      explorer.*
      winlogon.*
      dll
      zx.dll
      hlp.dat
      consrv.dll
      services.*
      /md5stop
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.



    Please post back with
    • FSS log
    • both OTL logs
    How's the computer running?

    Thanks
     
  11. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    Computer seems to be running better. Wi-fi is more stable, and internet access is as well. Thanks!
    Here's the first log:

    Farbar Service Scanner Version: 26-07-2012
    Ran by Jessica (administrator) on 02-08-2012 at 18:11:37
    Running from "C:\Users\Jessica\Desktop"
    Microsoft Windows 7 Professional Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************
    Internet Services:
    ============
    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.

    Windows Firewall:
    =============
    Firewall Disabled Policy:
    ==================

    System Restore:
    ============
    System Restore Disabled Policy:
    ========================

    Action Center:
    ============
    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.

    Windows Autoupdate Disabled Policy:
    ============================

    Windows Defender:
    ==============
    Other Services:
    ==============
    sharedaccess Service is not running. Checking service configuration:
    The start type of sharedaccess service is set to Auto
    The ImagePath of sharedaccess service is OK.
    The ServiceDll of sharedaccess service is OK.

    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit

    **** End of log ****

    Other logs to come.
     
  12. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    I noticed that the scan only went back 30 days. It's possible my wife has been experiencing problems for longer than that, but hadn't told me, or I didn't realize what was going on. It could be many months however, and I'm not sure if it would be worthwhile or helpful to look for files going back that far. Here are the OTS logs:

    OTL.txt:
    OTL logfile created on: 8/2/2012 6:16:02 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jessica\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 71.70% Memory free
    11.81 Gb Paging File | 9.65 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 390.75 Gb Free Space | 86.64% Space Free | Partition Type: NTFS

    Computer Name: SOLOVLES-PC | User Name: Jessica | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - C:\Users\Jessica\Desktop\OTL.exe (OldTimer Tools)
    PRC - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
    PRC - C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    PRC - C:\Program Files (x86)\Nero\SyncUP\SyncUP.exe (Nero AG)
    PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    PRC - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    PRC - C:\Program Files (x86)\Nero\SyncUP\Nero.AndroidServer.exe (Nero AG)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()


    ========== Modules (No Company Name) ==========

    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\f2f8201dd3453250dfd9ed1afce630a0\WindowsFormsIntegration.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\991dbe40be5b114ed705bb5b48e6b330\System.Printing.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\87f73de6e080d37be93adfc7d5c31d7a\ReachFramework.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\163517c8a195fb48f7ef6ee17c585bdb\PresentationUI.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\3421b96c2885b8e4137a376ff3d95fa5\System.Deployment.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\64de6810023adccdc56ddae13bdd6b03\System.Xml.Linq.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\51a2589d5ee1c9c40fb6c56391570f9e\System.Data.Entity.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\72a24b45e11d64eb2bc840aae9419ba5\System.Runtime.Serialization.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\ef0d8a4790c24a3a091170958bc7b976\System.DirectoryServices.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\5a9d0ff936810991cedd098fe006a9be\PresentationCFFRasterizer.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\d8af9a65cf0ed85d47360796e2645a06\UIAutomationTypes.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\ca2eff60beb3ba00a529a2d42dceca22\UIAutomationProvider.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2ec98ab0193d64e95b7d09d094deed97\Accessibility.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\054fcff18035c210487b0888e6461192\System.Security.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\55c57057dc81a5e8c5bde3a230f0bcb9\Microsoft.VisualC.ni.dll ()
    MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
    MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
    MOD - C:\Program Files (x86)\Nero\SyncUP\System.Data.SQLite.dll ()
    MOD - C:\Program Files (x86)\Nero\SyncUP\System.ComponentModel.Composition.dll ()
    MOD - c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll ()
    MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
    MOD - C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\libxml2.dll ()
    MOD - C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe ()
    MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
    SRV:64bit: - (MyWiFiDHCPDNS) -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe ()
    SRV:64bit: - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
    SRV:64bit: - (AMPPALR3) -- C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation)
    SRV:64bit: - (BTHSSecurityMgr) -- C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation)
    SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
    SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
    SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
    SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
    SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
    SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
    SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
    SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
    SRV - (DellDigitalDelivery) -- C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe (Dell Products, LP.)
    SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
    SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
    SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
    SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
    SRV - (Bluetooth OBEX Service) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation)
    SRV - (Bluetooth Media Service) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe (Intel Corporation)
    SRV - (Bluetooth Device Monitor) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation)
    SRV - (RoxWatch12) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions)
    SRV - (RoxMediaDB12OEM) -- c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions)
    SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
    SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
    SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
    SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
    SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.)
    SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe (SoftThinks SAS)
    SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
    SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Fs_Rec) -- C:\windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
    DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
    DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
    DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
    DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
    DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider)
    DRV:64bit: - (tixhci) -- C:\Windows\SysNative\drivers\tixhci.sys (Texas Instruments Incorporated)
    DRV:64bit: - (tihub3) -- C:\Windows\SysNative\drivers\tihub3.sys (Texas Instruments Incorporated)
    DRV:64bit: - (iBtFltCoex) -- C:\Windows\SysNative\drivers\iBtFltCoex.sys (Intel Corporation)
    DRV:64bit: - (btmhsf) -- C:\Windows\SysNative\drivers\btmhsf.sys (Intel Corporation)
    DRV:64bit: - (iwdbus) -- C:\Windows\SysNative\drivers\iwdbus.sys (Intel Corporation)
    DRV:64bit: - (intaud_WaveExtensible) -- C:\Windows\SysNative\drivers\intelaud.sys (Intel Corporation)
    DRV:64bit: - (CtClsFlt) -- C:\Windows\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
    DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
    DRV:64bit: - (btmaux) -- C:\Windows\SysNative\drivers\btmaux.sys (Intel Corporation)
    DRV:64bit: - (btmaudio) -- C:\Windows\SysNative\drivers\btmaud.sys (Intel Corporation)
    DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
    DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
    DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
    DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
    DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
    DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
    DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys (Intel(R) Corporation)
    DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
    DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
    DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
    DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
    DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
    DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
    DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
    DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
    DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
    DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
    DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
    DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
    DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
    DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
    DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
    DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
    DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
    DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
    DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE:64bit: - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
    IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searc...SP_ss&mntrId=7c4e86d40000000000004c8093571c0b
    IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll (Amazon.com, Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/30 19:10:33 | 000,000,000 | ---D | M]

    [2012/07/30 20:26:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/05/31 14:18:34 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2012/05/04 15:01:19 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
    [2012/03/29 23:48:17 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://search.babylon.com/?affID=112477&babsrc=HP_ss&mntrId=7c4e86d40000000000004c8093571c0b

    O1 HOSTS File: ([2012/08/01 20:55:34 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O2 - BHO: (Codecv Class) - {6EBC27EA-F982-436F-98CB-E7563CC94B01} - C:\ProgramData\Codecv\bhoclass.dll ()
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [DellStage] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
    O4 - HKLM..\Run: [AccuWeatherWidget] C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [Desktop Disc Tool] c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
    O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
    O4 - HKLM..\Run: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe ()
    O4 - HKLM..\Run: [RoxWatchTray] c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
    O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
    O4 - Startup: C:\Users\Jessica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jessica\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: bellevuecollege.edu ([vista] http in Trusted sites)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
    O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.116.2.50 24.116.2.34
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3CE2B2FE-F93F-44EB-931F-9EB66219B3E3}: DhcpNameServer = 24.116.2.50 24.116.2.34
    O18:64bit: - Protocol\Handler\cozi - No CLSID value found
    O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\cozi {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/02 18:13:58 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
    [2012/08/02 18:11:05 | 000,694,833 | ---- | C] (Farbar) -- C:\Users\Jessica\Desktop\FSS.exe
    [2012/08/01 20:59:37 | 000,000,000 | ---D | C] -- C:\windows\temp
    [2012/08/01 20:56:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/01 20:21:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
    [2012/08/01 20:21:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
    [2012/08/01 20:21:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
    [2012/08/01 20:18:56 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/01 20:07:03 | 004,722,680 | R--- | C] (Swearware) -- C:\Users\Jessica\Desktop\ComboFix.exe
    [2012/07/31 21:13:13 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2012/07/31 21:09:54 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jessica\Desktop\tdsskiller.exe
    [2012/07/30 21:18:36 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2012/07/30 21:16:43 | 000,000,000 | ---D | C] -- C:\windows\erdnt
    [2012/07/30 20:54:51 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HijackThis.exe
    [2012/07/30 19:12:49 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\AVG2012
    [2012/07/30 19:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2012/07/30 19:10:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\drivers\AVG
    [2012/07/30 19:10:32 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/07/30 19:10:32 | 000,000,000 | ---D | C] -- C:\windows\SysNative\drivers\AVG
    [2012/07/30 19:10:32 | 000,000,000 | ---D | C] -- C:\$AVG
    [2012/07/30 19:09:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2012/07/30 19:07:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
    [2012/07/30 19:07:02 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2012/07/28 01:39:44 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Library
    [2012/07/28 01:39:43 | 000,000,000 | ---D | C] -- C:\Users\Jessica\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
    [2012/07/28 01:39:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YNAB 4
    [2012/07/28 01:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YNAB 4
    [2012/07/28 01:39:35 | 000,000,000 | ---D | C] -- C:\Users\Jessica\Documents\YNAB
    [2012/07/27 18:59:58 | 000,000,000 | ---D | C] -- C:\windows\Microsoft Antimalware
    [2012/07/25 11:46:55 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.DC5B71678BF0A7E5
    [2012/07/25 11:43:24 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.579F25BF8D8D5A3C
    [2012/07/25 11:40:36 | 000,328,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.E676D4A756B33022
    [2012/07/24 23:30:07 | 000,000,000 | -HSD | C] -- C:\windows\SysWow64\%APPDATA%
    [2012/07/24 23:22:00 | 000,000,000 | ---D | C] -- C:\windows\Sun
    [2012/07/12 03:03:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll
    [2012/07/12 03:03:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll
    [2012/07/12 03:03:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll
    [2012/07/12 03:03:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll
    [2012/07/12 03:03:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll
    [2012/07/12 03:03:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll
    [2012/07/12 03:03:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe
    [2012/07/12 03:03:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe
    [2012/07/12 03:02:59 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll
    [2012/07/12 03:02:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl
    [2012/07/12 03:02:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl
    [2012/07/12 03:02:58 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll
    [2012/07/12 03:02:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll
    [2012/07/11 21:07:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\msxml3r.dll
    [2012/07/11 21:07:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msxml3r.dll
    [2012/07/11 21:07:45 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncrypt.dll
    [2012/07/11 21:07:42 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\cdosys.dll
    [2012/07/11 21:07:41 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\cdosys.dll
    [2012/07/09 02:08:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    [2012/07/08 23:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
    [2012/07/08 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
    [2012/07/08 23:32:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

    ========== Files - Modified Within 30 Days ==========

    [2012/08/02 18:15:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
    [2012/08/02 18:14:23 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/08/02 18:14:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
    [2012/08/02 18:11:47 | 000,778,660 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2012/08/02 18:11:47 | 000,660,318 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2012/08/02 18:11:47 | 000,121,214 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2012/08/02 18:11:13 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Jessica\Desktop\FSS.exe
    [2012/08/02 18:08:41 | 000,000,506 | ---- | M] () -- C:\windows\tasks\SystemToolsDailyTest.job
    [2012/08/02 18:08:40 | 000,000,900 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/08/02 18:08:39 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2012/08/02 16:27:10 | 102,845,173 | ---- | M] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/02 16:26:20 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
    [2012/08/01 23:39:01 | 000,030,224 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 23:39:01 | 000,030,224 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/01 21:01:23 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/01 20:55:34 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
    [2012/08/01 20:07:03 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Jessica\Desktop\ComboFix.exe
    [2012/07/31 21:09:56 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jessica\Desktop\tdsskiller.exe
    [2012/07/30 23:55:23 | 000,000,000 | ---- | M] () -- C:\Users\Jessica\AppData\Local\rx_image32.Cache
    [2012/07/30 21:21:18 | 511,865,371 | ---- | M] () -- C:\windows\MEMORY.DMP
    [2012/07/30 20:54:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HijackThis.exe
    [2012/07/30 19:10:49 | 000,000,967 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/07/30 19:10:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2012/07/30 19:10:48 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/07/28 01:39:38 | 000,000,981 | ---- | M] () -- C:\Users\Jessica\Desktop\YNAB 4.lnk
    [2012/07/27 20:15:26 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe
    [2012/07/27 20:15:26 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/27 17:36:39 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask.job
    [2012/07/27 02:42:00 | 000,000,564 | ---- | M] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2012/07/25 11:46:55 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.DC5B71678BF0A7E5
    [2012/07/25 11:43:24 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.579F25BF8D8D5A3C
    [2012/07/25 11:40:36 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\windows\SysNative\services.exe.E676D4A756B33022
    [2012/07/12 03:25:15 | 000,460,152 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2012/07/12 03:02:25 | 000,002,342 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2012/07/09 02:08:18 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

    ========== Files Created - No Company Name ==========

    [2012/08/02 16:27:10 | 102,845,173 | ---- | C] () -- C:\windows\SysNative\drivers\AVG\incavi.avm
    [2012/08/01 20:21:29 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
    [2012/08/01 20:21:29 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
    [2012/08/01 20:21:29 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
    [2012/08/01 20:21:29 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
    [2012/08/01 20:21:29 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
    [2012/07/30 23:55:23 | 000,000,000 | ---- | C] () -- C:\Users\Jessica\AppData\Local\rx_image32.Cache
    [2012/07/30 21:18:31 | 511,865,371 | ---- | C] () -- C:\windows\MEMORY.DMP
    [2012/07/30 19:10:49 | 000,000,967 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2012.lnk
    [2012/07/30 19:10:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\incavi.avm
    [2012/07/30 19:10:48 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\drivers\AVG\iavichjw.avm
    [2012/07/28 01:39:38 | 000,000,981 | ---- | C] () -- C:\Users\Jessica\Desktop\YNAB 4.lnk
    [2012/07/27 01:42:06 | 000,000,564 | ---- | C] () -- C:\windows\tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2012/07/09 02:08:18 | 000,001,785 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
    [2012/04/09 15:50:05 | 000,000,416 | ---- | C] () -- C:\Users\Jessica\AppData\Roaming\.backup.dm
    [2012/04/02 12:25:54 | 000,000,149 | ---- | C] () -- C:\Users\Jessica\webct_upload_applet.properties
    [2012/03/29 19:26:28 | 000,003,584 | ---- | C] () -- C:\Users\Jessica\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2012/03/29 19:02:54 | 000,002,048 | -HS- | C] () -- C:\windows\SysWOW64\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2012/03/29 19:02:54 | 000,002,048 | -HS- | C] () -- C:\windows\System32\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    [2011/12/17 00:41:25 | 000,963,116 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin
    [2011/12/17 00:41:25 | 000,218,304 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin
    [2011/12/17 00:41:25 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin
    [2011/12/17 00:41:25 | 000,056,832 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2011/12/17 00:41:24 | 013,356,032 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll
    [2011/12/16 23:14:23 | 000,017,776 | ---- | C] () -- C:\windows\EvtMessage.dll
    [2011/12/16 23:09:34 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll
    [2011/11/16 13:49:04 | 000,000,096 | ---- | C] () -- C:\windows\LaunApp.ini
    [2011/11/16 13:49:01 | 000,000,325 | ---- | C] () -- C:\windows\Prelaunch.ini
    [2011/11/16 13:49:01 | 000,000,271 | ---- | C] () -- C:\windows\WisPriority.ini
    [2011/11/16 13:49:01 | 000,000,035 | ---- | C] () -- C:\windows\DELL_LANGCODE.ini
    [2011/11/16 13:49:01 | 000,000,033 | ---- | C] () -- C:\windows\DELL_OSTYPE.ini
    [2011/11/16 13:49:01 | 000,000,032 | ---- | C] () -- C:\windows\WisHWDest.ini
    [2011/11/16 13:49:01 | 000,000,028 | ---- | C] () -- C:\windows\WisLangCode.ini
    [2011/11/16 13:49:01 | 000,000,023 | ---- | C] () -- C:\windows\WisSysInfo.ini
    [2011/11/16 12:25:01 | 000,796,420 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

    ========== LOP Check ==========

    [2012/04/27 13:56:42 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Audacity
    [2012/07/30 19:12:49 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\AVG2012
    [2012/05/04 15:01:18 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Babylon
    [2012/04/02 13:07:10 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Blio
    [2012/07/28 01:39:43 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\com.ynab.YNAB4.LiveCaptive
    [2012/08/01 21:02:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Dropbox
    [2012/03/31 00:55:00 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Fingertapps
    [2012/04/02 12:58:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\IDT
    [2012/03/29 20:42:31 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Leadertech
    [2012/04/01 23:00:25 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\PCDr
    [2012/06/06 22:54:16 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\Power Sound Editor Free
    [2012/04/02 13:09:48 | 000,000,000 | ---D | M] -- C:\Users\Jessica\AppData\Roaming\ZinioReader4
    [2012/07/27 02:42:00 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job
    [2012/07/27 17:36:39 | 000,000,564 | ---- | M] () -- C:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
    [2009/07/13 22:08:49 | 000,023,680 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
    [2012/08/02 18:08:41 | 000,000,506 | ---- | M] () -- C:\windows\Tasks\SystemToolsDailyTest.job

    ========== Purity Check ==========



    ========== Custom Scans ==========

    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 20:23:51 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/02/23 06:08:04 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2012/08/01 21:00:12 | 000,028,679 | ---- | M] () -- C:\ComboFix2.txt
    [2011/12/17 00:32:29 | 000,004,395 | -H-- | M] () -- C:\dell.sdr
    [2012/08/01 21:01:23 | 462,987,263 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/01 21:01:24 | 2048,974,847 | -HS- | M] () -- C:\pagefile.sys
    [2012/03/15 08:12:44 | 000,000,510 | ---- | M] () -- C:\settings.ini
    [2012/08/02 16:32:02 | 000,140,982 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_02.08.2012_16.26.40_log.txt
    [2012/08/02 18:10:42 | 000,143,698 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_02.08.2012_18.09.37_log.txt
    [2012/07/31 21:13:46 | 000,143,270 | ---- | M] () -- C:\TDSSKiller.2.7.48.0_31.07.2012_21.10.34_log.txt
    [2012/05/04 15:01:24 | 000,000,237 | ---- | M] () -- C:\user.js

    < %systemroot%\Fonts\*.com >
    [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >
    [2012/07/24 15:50:01 | 000,001,622 | -HS- | M] () -- C:\Users\Jessica\AppData\Roaming\Microsoft\LastFlashConfig.wfc

    < %PROGRAMFILES%\*.* >
    [2009/07/13 21:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lîk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %APPDATA%\Mikzosoft\Internet Explorer\Quick Launch\*.lnk /x >

    < %USERPROFILE%\Desktop\*.exe >
    [2012/08/01 20:07:03 | 004,722,680 | R--- | M] (Swearware) -- C:\Users\Jessica\Desktop\ComboFix.exe
    [2012/08/02 18:11:13 | 000,694,833 | ---- | M] (Farbar) -- C:\Users\Jessica\Desktop\FSS.exe
    [2012/07/30 20:54:51 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Jessica\Desktop\HijackThis.exe
    [2012/08/02 18:14:05 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Jessica\Desktop\OTL.exe
    [2012/07/31 21:09:56 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jessica\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

    < %USERPROFILE%\..|smtmp;true;true;true /FP >

    < %temp%\smtmp\*.* /s > >

    < MD5 for: EXPLORER.ADML >
    [2010/11/21 00:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\PolicyDefinitions\en-US\Explorer.adml
    [2010/11/21 00:06:30 | 000,003,695 | ---- | M] () MD5=7A4C7F3CB156543113596988479CAFCE -- C:\Windows\winsxs\amd64_microsoft-windows-s..ouppolicy.resources_31bf3856ad364e35_6.1.7600.16385_en-us_7ef5713984067904\Explorer.adml

    < MD5 for: EXPLORER.ADMX >
    [2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\PolicyDefinitions\Explorer.admx
    [2009/06/10 13:53:55 | 000,003,836 | ---- | M] () MD5=AD131A834808E6AFF4A3918DE05BFCF6 -- C:\Windows\winsxs\amd64_microsoft-windows-shell-grouppolicy_31bf3856ad364e35_6.1.7600.16385_none_71af9b5b0a86e6b7\Explorer.admx

    < MD5 for: EXPLORER.EXE >
    [2011/02/25 22:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
    [2011/02/24 23:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
    [2011/02/25 23:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
    [2010/11/20 20:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
    [2011/02/24 22:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
    [2010/11/20 20:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

    < MD5 for: EXPLORER.EXE.MUI >
    [2010/11/21 00:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\en-US\explorer.exe.mui
    [2010/11/21 00:06:17 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=4B87EEFDC8E253F846A7DFB49A8E6C70 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_61e778c48d52d19b\explorer.exe.mui
    [2010/11/21 00:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\SysWOW64\en-US\explorer.exe.mui
    [2010/11/21 00:06:19 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=B9F4B1CA23D60775736059D72BA48526 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer.resources_31bf3856ad364e35_6.1.7600.16385_en-us_6c3c2316c1b39396\explorer.exe.mui

    < MD5 for: EXPLORER.EXE-D5E97654.PF >
    [2012/07/26 14:16:56 | 000,028,042 | ---- | M] () MD5=DE3EEC8319797002ED097DCE672605FE -- C:\Windows\Prefetch\EXPLORER.EXE-D5E97654.pf

    < MD5 for: IEXPLORE.EXE >
    [2012/06/02 04:47:54 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=004640AB259C1572EBD5FB0A32F63686 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_0dbfc836999db0ca\iexplore.exe
    [2012/05/17 16:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=0129BB16161C2FD9A6B19111AB047198 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_1798a687b4d6030f\iexplore.exe
    [2012/05/17 15:59:46 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=268982F1FD671A077C6A2AF41E351436 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_181271f4ce004017\iexplore.exe
    [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\erdnt\cache86\iexplore.exe
    [2012/06/02 02:08:27 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=34B01BBD8F00B6B9C9248DC4F1E3CD01 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_1799a6d1b4d51c66\iexplore.exe
    [2012/05/17 19:51:05 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=4E99F42504A99D5024C2EFA015001937 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16446_none_0d43fc3580754114\iexplore.exe
    [2012/06/02 05:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Program Files\Internet Explorer\iexplore.exe
    [2012/06/02 05:52:21 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=610F6596921C4BAA8834ADBB9BE272EE -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16447_none_0d44fc7f80745a6b\iexplore.exe
    [2010/11/20 20:24:43 | 000,695,056 | ---- | M] (Microsoft Corporation) MD5=86257731DDB311FBC283534CC0091634 -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
    [2012/04/05 03:07:55 | 000,748,336 | ---- | M] (Microsoft Corporation) MD5=904E13BA41AF2E353A32CF351CA53639 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
    [2012/06/02 01:51:58 | 000,748,664 | ---- | M] (Microsoft Corporation) MD5=BE967C74B89577B78FB57C061E12B04C -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20553_none_18147288cdfe72c5\iexplore.exe
    [2010/11/20 20:25:08 | 000,673,040 | ---- | M] (Microsoft Corporation) MD5=C613E69C3B191BB02C7A191741A1D024 -- C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
    [2012/04/05 03:07:53 | 000,754,480 | ---- | M] (Microsoft Corporation) MD5=F1424C1B9B1813BF825E45DF3790BC8A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_0d549a9b80698a7f\iexplore.exe
    [2012/05/17 18:37:57 | 000,754,808 | ---- | M] (Microsoft Corporation) MD5=F8B2D47ED17C1D087D14EC747E5AC57A -- C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20551_none_0dbdc7a2999f7e1c\iexplore.exe

    < MD5 for: IEXPLORE.EXE.MUI >
    [2012/04/05 03:07:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Program Files\Internet Explorer\en-US\iexplore.exe.mui
    [2012/04/05 03:07:53 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=17FAE936C452188D05852DE8D1082013 -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_07013012b816cb66\iexplore.exe.mui
    [2012/04/05 03:07:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Program Files (x86)\Internet Explorer\en-US\iexplore.exe.mui
    [2012/04/05 03:07:56 | 000,005,632 | ---- | M] (Microsoft Corporation) MD5=4C71CCB3C8817185E67210856778831F -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_9.4.8112.16421_en-us_1155da64ec778d61\iexplore.exe.mui
    [2009/07/13 19:29:20 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=C29BCFB504E33FEADDFA2D0183CEF62F -- C:\Windows\winsxs\amd64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_0b433e7773148b79\iexplore.exe.mui
    [2009/07/13 19:05:06 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=FBA4CD95930248053A2C3F43CA70B986 -- C:\Windows\winsxs\wow64_microsoft-windows-i..-optional.resources_31bf3856ad364e35_8.0.7601.17514_en-us_1597e8c9a7754d74\iexplore.exe.mui

    < MD5 for: IEXPLORE.EXE-A033F7A0.PF >
    [2012/07/30 21:22:44 | 000,183,916 | ---- | M] () MD5=A6B10C232B67F960167C9313F62D4AAD -- C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf

    < MD5 for: SERVICES >
    [2009/06/10 14:00:26 | 000,017,463 | ---- | M] () MD5=D9E1A01B480D961B7CF0509D597A92D6 -- C:\Windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\services

    < MD5 for: SERVICES.CFG >
    [2012/04/03 22:53:54 | 000,585,987 | ---- | M] () MD5=7BAB089A4F862C6BC86E0201D5BF1779 -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Services\Services.cfg
    [2011/06/06 12:55:30 | 000,584,045 | R--- | M] () MD5=B82DD53FA8C260DDD7FDC42182DB816E -- C:\Windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0100000010\10.1.0\services.cfg

    < MD5 for: SERVICES.EXE >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

    < MD5 for: SERVICES.EXE.579F25BF8D8D5A3C >
    [2012/07/25 11:43:24 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe.579F25BF8D8D5A3C

    < MD5 for: SERVICES.EXE.DC5B71678BF0A7E5 >
    [2012/07/25 11:46:55 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe.DC5B71678BF0A7E5

    < MD5 for: SERVICES.EXE.E676D4A756B33022 >
    [2012/07/25 11:40:36 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\windows\SysNative\services.exe.E676D4A756B33022

    < MD5 for: SERVICES.EXE.MUI >
    [2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\windows\SysNative\en-US\services.exe.mui
    [2010/11/21 00:06:16 | 000,017,408 | ---- | M] (Microsoft Corporation) MD5=6507BF0DC2D1F5F32493C288EAA59277 -- C:\Windows\winsxs\amd64_microsoft-windows-s..ontroller.resources_31bf3856ad364e35_6.1.7600.16385_en-us_c5f238be3fa63468\services.exe.mui

    < MD5 for: SERVICES.EXE.VIR >
    [2009/07/13 18:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=014A9CB92514E27C0107614DF764BC06 -- C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir

    < MD5 for: SERVICES.LNK >
    [2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk
    [2009/07/13 21:54:05 | 000,001,288 | ---- | M] () MD5=CA0D9F4743DFF86EBAF09D763139E958 -- C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk

    < MD5 for: SERVICES.MOCHIADS.COM.SOL >
    [2012/04/10 23:11:50 | 000,000,870 | ---- | M] () MD5=7714A29E15E7B8F5AE1E79F02E290B92 -- C:\Users\Jessica\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\KWF4P7MC\mochiads.com\services.mochiads.com.sol
    [2012/07/31 18:01:19 | 000,000,443 | ---- | M] () MD5=F064655392DA92E96D5D774AFC4C648F -- C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\B4BHK5D7\mochiads.com\services.mochiads.com.sol

    < MD5 for: SERVICES.MOF >
    [2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\windows\SysNative\wbem\services.mof
    [2009/06/10 13:44:06 | 000,002,866 | ---- | M] () MD5=26A11C895A7F0B6D32105EBE127D8500 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.mof

    < MD5 for: SERVICES.MSC >
    [2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\en-US\services.msc
    [2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\windows\SysNative\services.msc
    [2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\en-US\services.msc
    [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\SysWOW64\services.msc
    [2010/11/21 00:06:14 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_003408aa160fce5b\services.msc
    [2009/06/10 13:38:36 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\amd64_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_2b58d44b5f6beb8a\services.msc
    [2010/11/21 00:06:17 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-s..cessnapin.resources_31bf3856ad364e35_6.1.7600.16385_en-us_a4156d265db25d25\services.msc
    [2009/06/10 14:21:09 | 000,092,745 | ---- | M] () MD5=7A1D35F59468B8118AF5B8E21DF78AE2 -- C:\Windows\winsxs\x86_microsoft-windows-servicessnapin_31bf3856ad364e35_6.1.7600.16385_none_cf3a38c7a70e7a54\services.msc

    < MD5 for: SERVICES.PNG >
    [2012/04/10 12:04:32 | 000,001,509 | ---- | M] () MD5=F4EC3ABEAE15FA9BB42D721E9D543F44 -- C:\Program Files\Dell Support Center\Images\icons\png\24_24\services.png

    < MD5 for: SERVICES.PTXML >
    [2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\windows\SysNative\wdi\perftrack\Services.ptxml
    [2009/07/13 13:16:17 | 000,001,061 | ---- | M] () MD5=640D7DD61B1CFA6C96F80F68F78CDFA7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\Services.ptxml

    < MD5 for: WINLOGON.ADML >
    [2010/11/21 00:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\PolicyDefinitions\en-US\WinLogon.adml
    [2010/11/21 00:06:30 | 000,008,013 | ---- | M] () MD5=CED0EAD8D152B3D0F114698DE2316C5E -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm.resources_31bf3856ad364e35_6.1.7600.16385_en-us_f0f9032ef6930070\WinLogon.adml

    < MD5 for: WINLOGON.ADMX >
    [2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\PolicyDefinitions\WinLogon.admx
    [2009/06/10 14:04:41 | 000,005,237 | ---- | M] () MD5=89D8F50E186A16C2CED3CF36DBBC0B2C -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-adm_31bf3856ad364e35_6.1.7600.16385_none_d7024e6992f3424d\WinLogon.admx

    < MD5 for: WINLOGON.EXE >
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
    [2010/11/20 20:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

    < MD5 for: WINLOGON.EXE.MUI >
    [2010/11/21 00:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\windows\SysNative\en-US\winlogon.exe.mui
    [2010/11/21 00:06:14 | 000,023,040 | ---- | M] (Microsoft Corporation) MD5=34C7D2E30868EDAFB191341D963ABA5F -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon.resources_31bf3856ad364e35_6.1.7601.17514_en-us_291e96fa1ab5fc7b\winlogon.exe.mui

    < MD5 for: WINLOGON.MFL >
    [2010/11/21 00:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\windows\SysNative\wbem\en-US\winlogon.mfl
    [2010/11/21 00:06:15 | 000,001,080 | ---- | M] () MD5=2783ED50691284F7EAE6BE9729337E1A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof.resources_31bf3856ad364e35_6.1.7600.16385_en-us_84afd4fd38ffd276\winlogon.mfl

    < MD5 for: WINLOGON.MOF >
    [2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\windows\SysNative\wbem\winlogon.mof
    [2009/07/13 13:30:01 | 000,003,192 | ---- | M] () MD5=DF722B96F32A61783BC310FACF10240B -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon-mof_31bf3856ad364e35_6.1.7600.16385_none_dc2dbb778f98e40f\winlogon.mof
    < End of report >

    Extras.txt:
    OTL Extras logfile created on: 8/2/2012 6:16:02 PM - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Jessica\Desktop
    64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    5.91 Gb Total Physical Memory | 4.24 Gb Available Physical Memory | 71.70% Memory free
    11.81 Gb Paging File | 9.65 Gb Available in Paging File | 81.71% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 390.75 Gb Free Space | 86.64% Space Free | Partition Type: NTFS

    Computer Name: SOLOVLES-PC | User Name: Jessica | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{E7C4F31C-2777-4752-BE19-34D71A2589AF}C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe |
    "UDP Query User{AAEBE198-521A-44A7-8A85-027286F899EC}C:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\jessica\appdata\roaming\dropbox\bin\dropbox.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0090A87C-3E0E-43D4-AA71-A71B06563A4A}" = Dell Support Center
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
    "{28EF7372-9087-4AC3-9B9F-D9751FCDF830}" = Intel(R) Wireless Display
    "{295AEB79-B53A-4F1B-860F-7800BB7E3681}" = Intel(R) PROSet/Wireless WiFi Software
    "{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
    "{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
    "{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
    "{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
    "{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
    "{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9D6DFAD6-09E5-445E-A4B5-A388FEEBD90D}" = RBVirtualFolder64Inst
    "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
    "{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
    "{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "AVG" = AVG 2012
    "Dell Support Center" = Dell Support Center
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "ProInst" = Intel PROSet Wireless
    "Recuva" = Recuva

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
    "{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
    "{2EF17083-57D4-4D64-AE4F-55F32A2C4571}" = Codecv
    "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
    "{3250260C-7A95-4632-893B-89657EB5545B}" = PhotoShowExpress
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{3BD7DD08-991B-4A2F-A165-614ED14EAADD}" = Dell MusicStage
    "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
    "{40C78E3F-E1B2-42FD-B862-A125B8C35902}" = Blio
    "{40F06490-8C14-43AA-99D3-EEEFDBAC3CFC}" = SyncUP
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}" = Roxio Creator Starter
    "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-dell" = WildTangent Games App (Dell Games)
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7746BFAA-2B5D-4FFD-A0E8-4558F4668105}" = Roxio Burn
    "{781A93CD-1608-427D-B7F0-D05C07795B25}" = Intel(R) WiDi
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
    "{7EC66A95-AC2D-4127-940B-0445A526AB2F}" = Dell DataSafe Online
    "{7FB00B6B-6843-97EC-EED6-78BD6D35370A}" = Zinio Reader 4
    "{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
    "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.SingleImage_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{9193490D-5229-4FC4-9BB9-A6D63C09574A}" = High-Definition Video Playback
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Sonic CinePlayer Decoder Pack
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
    "{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A8B88634-7F90-402F-B66A-86429755F6A5}" = eBay
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
    "{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}" = Dell Home Systems Service Agreement
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
    "{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
    "{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB3 Host Driver
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
    "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D92C9CCE-E5F0-4125-977A-0590F3225B74}" = SyncUP
    "{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}" = Dell Digital Delivery
    "{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
    "{E4335E82-17B3-460F-9E70-39D9BC269DB3}" = Dell PhotoStage
    "{EA1F3D6C-A6F5-4CDC-B0D3-9C56C06B4D29}" = Cozi
    "{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
    "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype&#8482; 5.9
    "{EF56258E-0326-48C5-A86C-3BAC26FC15DF}" = Roxio Creator Starter
    "{F06B5C4C-8D2E-4B24-9D43-7A45EEC6C878}" = Roxio Creator Starter
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
    "{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FE182796-F6BA-486A-8590-89B7E8D1D60F}" = Dell Stage
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.6
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.15
    "com.ynab.YNAB4.LiveCaptive_is1" = YNAB 4 version 4.1.20
    "Dell Webcam Central" = Dell Webcam Central
    "GoldWave v5.67" = GoldWave v5.67
    "Google Chrome" = Google Chrome
    "InstallShield_{B1EB7FFF-6E44-43D8-869D-B78E44CD3E0F}" = TI USB 3.0 Host Controller Driver
    "InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}" = Dell VideoStage
    "Office14.SingleImage" = Microsoft Office Home and Business 2010
    "Power Sound Editor Free" = Power Sound Editor Free
    "ProInst" = Intel PROSet Wireless
    "WildTangent dell Master Uninstall" = WildTangent Games
    "WinLiveSuite" = Windows Live Essentials
    "WT089409" = Bejeweled 2 Deluxe
    "WT089410" = Blackhawk Striker 2
    "WT089411" = Build-a-lot 2
    "WT089412" = Cake Mania
    "WT089413" = Chuzzle Deluxe
    "WT089414" = Diner Dash 2 Restaurant Rescue
    "WT089415" = Dora's World Adventure
    "WT089418" = FATE
    "WT089420" = Jewel Quest
    "WT089422" = Jewel Quest Solitaire 2
    "WT089426" = Poker Superstars III
    "WT089430" = Virtual Villagers 4 - The Tree of Life
    "WT089433" = Polar Golfer
    "WT089434" = Escape Whisper Valley (TM)
    "WT089440" = Namco All-Stars PAC-MAN
    "WT089443" = Bounce Symphony
    "WT089444" = Final Drive Nitro
    "WT089445" = Penguins!
    "WT089446" = Wedding Dash - Ready, Aim, Love!
    "WT089448" = Zuma Deluxe
    "WT089450" = Farm Frenzy
    "WT089452" = Plants vs. Zombies - Game of the Year
    "WT089499" = Final Drive Fury
    "WT089503" = Samantha Swift
    "WT089507" = Luxor
    "WT089508" = Polar Bowler
    "ZinioReader4" = Zinio Reader 4

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Dropbox" = Dropbox

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 7/11/2012 11:56:28 PM | Computer Name = Solovles-PC | Source = Application Hang | ID = 1002
    Description = The program SoftwareUpdate.exe version 2.1.3.127 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: a5c Start
    Time: 01cd5b1dfcc032ba Termination Time: 530 Application Path: C:\Program Files (x86)\Apple
    Software Update\SoftwareUpdate.exe Report Id: 81605e54-cbd5-11e1-8e81-4c8093571c0e

    Error - 7/12/2012 12:50:14 AM | Computer Name = Solovles-PC | Source = Customer Experience Improvement Program | ID = 1008
    Description =

    Error - 7/12/2012 1:20:37 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/12/2012 1:20:37 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 1045

    Error - 7/12/2012 1:20:37 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 1045

    Error - 7/12/2012 1:20:38 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 7/12/2012 1:20:38 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 2074

    Error - 7/12/2012 1:20:38 AM | Computer Name = Solovles-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 2074

    Error - 7/12/2012 6:25:40 AM | Computer Name = Solovles-PC | Source = WinMgmt | ID = 10
    Description =

    Error - 7/12/2012 7:08:21 AM | Computer Name = Solovles-PC | Source = SideBySide | ID = 16842832
    Description = Activation context generation failed for "C:\Program Files (x86)\Cozi
    Express\CoziExpress.exe".Error in manifest or policy file "" on line . A component
    version required by the application conflicts with another component version already
    active. Conflicting components are:. Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
    Component
    2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

    [ Dell Events ]
    Error - 3/29/2012 10:00:34 PM | Computer Name = Solovles-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 3/29/2012 10:00:34 PM | Computer Name = Solovles-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/28/2012 11:34:53 PM | Computer Name = Solovles-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    Error - 4/28/2012 11:34:53 PM | Computer Name = Solovles-PC | Source = DataSafe | ID = 17
    Description = The process was interrupted before completion.

    [ Media Center Events ]
    Error - 7/25/2012 2:39:47 AM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 11:39:45 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

    Error - 7/25/2012 2:14:09 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 11:14:08 AM - Failed to retrieve ClientUpdate-2.enc (Error: BITS 0x80070424)
    11:14:09
    AM - Failed to retrieve NetopWhitelist-2.cab (Error: BITS 0x80070424)

    Error - 7/25/2012 2:14:10 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 11:14:10 AM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
    0x80070424)

    Error - 7/25/2012 2:14:12 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 11:14:12 AM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

    Error - 7/25/2012 3:26:06 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 12:26:06 PM - Failed to retrieve ClientUpdate-2.enc (Error: BITS 0x80070424)
    12:26:06
    PM - Failed to retrieve NetopWhitelist-2.cab (Error: BITS 0x80070424)

    Error - 7/25/2012 3:26:07 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 12:26:07 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
    0x80070424)

    Error - 7/25/2012 3:26:14 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 12:26:08 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

    Error - 7/25/2012 4:31:08 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 1:31:07 PM - Failed to retrieve ClientUpdate-2.enc (Error: BITS 0x80070424)
    1:31:08
    PM - Failed to retrieve NetopWhitelist-2.cab (Error: BITS 0x80070424)

    Error - 7/25/2012 4:31:09 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 1:31:08 PM - Failed to retrieve SportsSchedule-2.enc (Error: BITS
    0x80070424)

    Error - 7/25/2012 4:31:42 PM | Computer Name = Solovles-PC | Source = MCUpdate | ID = 0
    Description = 1:31:10 PM - Failed to retrieve Broadband.enc (Error: BITS 0x80070424)

    [ System Events ]
    Error - 7/25/2012 5:19:05 PM | Computer Name = Solovles-PC | Source = Service Control Manager | ID = 7001
    Description = The HomeGroup Provider service depends on the Function Discovery Resource
    Publication service which failed to start because of the following error: %%-2147024891

    Error - 7/25/2012 5:19:05 PM | Computer Name = Solovles-PC | Source = Service Control Manager | ID = 7023
    Description = The Function Discovery Resource Publication service terminated with
    the following error: %%-2147024891

    Error - 7/26/2012 1:47:32 AM | Computer Name = SOLOVLES-PC | Source = Microsoft Antimalware | ID = 2004
    Description =

    Error - 7/26/2012 1:47:32 AM | Computer Name = SOLOVLES-PC | Source = Microsoft Antimalware | ID = 2004
    Description =

    Error - 7/26/2012 1:52:32 AM | Computer Name = SOLOVLES-PC | Source = Microsoft Antimalware | ID = 2001
    Description =

    Error - 7/26/2012 1:52:32 AM | Computer Name = SOLOVLES-PC | Source = Microsoft Antimalware | ID = 2003
    Description =

    Error - 7/26/2012 1:52:47 AM | Computer Name = SOLOVLES-PC | Source = Microsoft Antimalware | ID = 2001
    Description =

    Error - 7/26/2012 1:52:55 AM | Computer Name = Solovles-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
    Description = Installation Failure: Windows failed to install the following update
    with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138
    (Definition 1.131.682.0).

    Error - 7/26/2012 5:13:19 PM | Computer Name = Solovles-PC | Source = Microsoft Antimalware | ID = 1119
    Description =

    Error - 7/26/2012 5:29:02 PM | Computer Name = Solovles-PC | Source = Microsoft Antimalware | ID = 2001
    Description =


    < End of report >
     
  13. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain,

    We can look a bit further back later if we need to.

    The BITS service is corrupted. The sharedaccess service is fine as shown in the log.



    Next, Double click on OTL.exe
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    • Do Not copy the word CODE
    • please note the fix starts with the :
    Code:
    :Services
     
    :Files
    C:\windows\SysWOW64\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    C:\windows\System32\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@
    C:\windows\SysWOW64\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}C:\windows\System32\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}
     
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]
    "DisplayName"="@%SystemRoot%\\system32\\qmgr.dll,-1000"
    "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
      74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
      00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
      6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
    "Description"="@%SystemRoot%\\system32\\qmgr.dll,-1001"
    "ObjectName"="LocalSystem"
    "ErrorControl"=dword:00000001
    "Start"=dword:00000002
    "DelayedAutoStart"=dword:00000001
    "Type"=dword:00000020
    "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,\
      6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00
    "ServiceSidType"=dword:00000001
    "RequiredPrivileges"=hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,\
      00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
      67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
      00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
      00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,\
      00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,\
      72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,\
      63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,\
      00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00
    "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
      00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters]
    "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
      00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
      71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance]
    "Library"="bitsperf.dll"
    "Open"="PerfMon_Open"
    "Collect"="PerfMon_Collect"
    "Close"="PerfMon_Close"
    "InstallType"=dword:00000001
    "PerfIniFile"="bitsctrs.ini"
    "First Counter"=dword:00000774
    "Last Counter"=dword:00000784
    "First Help"=dword:00000775
    "Last Help"=dword:00000785
    "Object List"="1908"
    "1008"=hex(b):bc,81,53,b3,1d,d9,cc,01
    "PerfMMFileName"="Global\\MMF_BITS_s"
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security]
    "Security"=hex:01,00,14,90,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,\
      00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,\
      00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,\
      00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,\
      20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,\
      00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,\
      00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,\
      00,20,02,00,00
     
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum]
    "0"="Root\\LEGACY_BITS\\0000"
    "Count"=dword:00000001
    "NextInstance"=dword:00000001
     
    :Commands
    [createrestorepoint]
    [reboot]
    

    Then click the Run Fix button at the top
    • Let the program run unhindered
    • Please save the resulting log to be posted in your next reply.
    Please post the OTL fix log


    Next OTL should have rebooted your computer after the above fix. If it didn't please reboot the computer.


    Next
    Click your start button and copy and paste the following into the search box and hit enter.

    services.msc

    • Locate Background Intelligent Transfer Service
    • click on it
    • in the left panel you should see "start the service"
    • if the service is all ready running it will say "stop the service"
    • If the service is stopped please click click the underlined blue start
    Did you need to start the service? Did the service start? If not what if any error message did you recieve?

    Please post back with the OTL fix log.
     
  14. jgreggain

    jgreggain Thread Starter

    Joined:
    Jul 30, 2012
    Messages:
    13
    ========== SERVICES/DRIVERS ==========
    ========== FILES ==========
    C:\windows\SysWOW64\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ moved successfully.
    File\Folder C:\windows\System32\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}\@ not found.
    File\Folder C:\windows\SysWOW64\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a}C:\windows\System32\config\systemprofile\AppData\Local\{3b99f81f-31d5-dbab-1bcf-87d0107a285a} not found.
    ========== REGISTRY ==========
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"DisplayName"|"@%SystemRoot%\\system32\\qmgr.dll,-1000" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"Description"|"@%SystemRoot%\\system32\\qmgr.dll,-1001" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ObjectName"|"LocalSystem" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ErrorControl"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"Start"|dword:00000002 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"DelayedAutoStart"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"Type"|dword:00000020 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"DependOnService"|hex(7):52,00,70,00,63,00,53,00,73,00,00,00,45,00,76,00,65,00,6e,00,74,00,53,00,79,00,73,00,74,00,65,00,6d,00,00,00,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"ServiceSidType"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,72,00,65,00,61,00,74,00,65,00,47,00,6c,00,6f,00,62,00,61,00,6c,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,54,00,63,00,62,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,41,00,73,00,73,00,69,00,67,00,6e,00,50,00,72,00,69,00,6d,00,61,00,72,00,79,00,54,00,6f,00,6b,00,65,00,6e,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6e,00,63,00,72,00,65,00,61,00,73,00,65,00,51,00,75,00,6f,00,74,00,61,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,60,ea,00,00,01,00,00,00,c0,d4,01,00,00,00,00,00,00,00,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,71,00,6d,00,67,00,72,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Library"|"bitsperf.dll" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Open"|"PerfMon_Open" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Collect"|"PerfMon_Collect" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Close"|"PerfMon_Close" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"InstallType"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"PerfIniFile"|"bitsctrs.ini" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"First Counter"|dword:00000774 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Last Counter"|dword:00000784 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"First Help"|dword:00000775 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Last Help"|dword:00000785 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"Object List"|"1908" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"1008"|hex(b):bc,81,53,b3,1d,d9,cc,01 /E :invalid edit format. Invalid data type.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Performance\\"PerfMMFileName"|"Global\\MMF_BITS_s" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Security\\"Security"|hex:01,00,14,90,90,00,00,00,a0,00,00,00,14,00,00,00,34,00,00,00,02,00,20,00,01,00,00,00,02,c0,18,00,00,00,0c,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,02,00,5c,00,04,00,00,00,00,02,14,00,ff,01,0f,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\"0"|"Root\\LEGACY_BITS\\0000" /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\"Count"|dword:00000001 /E : value set successfully!
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS\Enum\\"NextInstance"|dword:00000001 /E : value set successfully!
    ========== COMMANDS ==========
    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.55.0 log created on 08022012_194239



    The Background Intelligent Transfer Service was already started.
     
  15. oldman960

    oldman960 Malware Specialist

    Joined:
    Apr 7, 2010
    Messages:
    166
    Hi jgreggain,


    Download and save to your desktop Malwarebytes Anti-Malware

    Double Click mbam-setup.exe to install the application.

    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


    One more scan to check our handiwork.



    As a Vista/Win7 user you will need to right click your browser icon and select "Run as Administrator" in order to run this scan.
    • Do not use this instance of your browser for anything besides doing this scan
    • When the scan is complete and the results saved, close that instance of your browser
    • Open a new one the usual way and post the results in this topic.
      *Note
      It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
      Please don't go surfing while your resident protection is disabled!
      Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

      Go here to run an online scannner from
      ESET


      (Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)
      • Tick the box next to YES, I accept the Terms of Use.
      • Click Start
      • When asked, allow the activex control to install
      • Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
      • Click Start
      • Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
      • Click Scan.
      • Wait for the scan to finish.
      • When the scan completes, click List of found threats
      • click Export to Text file and save the file to your desktop using a unique name, such as ESETScan.
      • Include the contents of this report in your next reply
      Note - when ESET doesn't find any threats, no report will be created.
    • Push the back button.
    • Push Finish
    • Re-enable your Antivirus software.


    Please post back with
    • MBAM log
    • ESET log if there was one.
    Any problems?
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1063233