possible infection

[admoskowitz]

I was on the general support forum and they asked that i post here, the attached are new reports

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2

Run by Adam Moskowitz at 13:50:35 on 2013-05-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3387 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\Intel\WiFi\bin\EvtEng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Steam\Steam.exe

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

C:\Users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files (x86)\SpeedFan\speedfan.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe

C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

c:\Program Files\Microsoft Security Client\NisSrv.exe

C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxps://www.mywfg.com/

mWinlogon: Userinit = userinit.exe,

BHO: Blog This in Windows Live v2: {3adefb8e-b923-35e6-86e2-2b7841f5d2a7} -

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [7188611AA85B2FC959C1B10DB7C3A09935722597._service_run] "C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service

uRun: [Google Update] "C:\Users\Adam Moskowitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DellSystemDetect] C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun

mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [MegaPanel] "C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe"

mRun: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

StartupFolder: C:\Users\ADAMMO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\ADAMMO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SpeedFan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: dell.com

DPF: {0D8069C4-4C00-4FBD-AA88-954927AFD0B4} - hxxps://lifespeed.ebixexchange.com/Lifespeed/Wizard/eSignatureCOM/SignitXFMS.cab

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://symantecmeetingcenter.webex.com/client/WBXclient-T27L10NSP32EP1-13926/webex/ieatgpc1.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{AC942365-3F9F-4C07-922D-CB9A73BC7C3A} : DHCPNameServer = 192.168.1.254

TCP: Interfaces\{AC942365-3F9F-4C07-922D-CB9A73BC7C3A}\451627D616 : DHCPNameServer = 192.168.10.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

AppInit_DLLs= c:\progra~2\contin~1\sprote~1.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-BHO: Logitech Flow Scroll: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray

x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp

x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming

x64-Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-1-20 230320]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-21 98208]

R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]

R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]

R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440]

R2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 130008]

R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-5-14 3289208]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-21 2656280]

R2 WDBackup;WD Backup;C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-4-22 1042808]

R2 WDDriveService;WD Drive Manager;C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-4-22 270192]

R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]

R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]

R3 btmaudio;Intel Bluetooth Audio Service;C:\Windows\System32\drivers\btmaud.sys [2011-5-19 51712]

R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760]

R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-12 176000]

R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-6 331264]

R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]

R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-1-27 379360]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-1-21 82432]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-1-21 181760]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-4-10 166912]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]

S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072]

S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-5-16 245760]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-5-20 103064]

S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2012-7-21 21712]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-1-21 158976]

S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]

S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2011-9-1 76056]

S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2011-9-1 15128]

S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-1 340240]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-1-21 250984]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-5-20 203672]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-13 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

.

=============== Created Last 30 ================

.

2013-05-28 20:39:08 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3FC587B4-637C-4F56-B4E0-C3769612D750}\mpengine.dll

2013-05-25 23:50:28 9460464 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-25 23:45:06 -------- d-----w- C:\Program Files (x86)\Free M4a to MP3 Converter

2013-05-25 06:33:06 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Local\Western Digital

2013-05-25 06:33:04 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Local\Western_Digital_Technolog

2013-05-25 06:26:36 -------- d-----w- C:\Program Files\Western Digital

2013-05-25 06:26:36 -------- d-----w- C:\Program Files\Common Files\Western Digital

2013-05-25 06:24:19 -------- d-----w- C:\ProgramData\Package Cache

2013-05-24 22:43:11 -------- d-----w- C:\Windows\pss

2013-05-24 21:42:07 17288 ----a-w- C:\Windows\System32\drivers\Dbgv.sys

2013-05-24 18:15:22 -------- d-----w- C:\ProgramData\PC-Doctor for Windows

2013-05-24 18:15:21 -------- d-----w- C:\Program Files\Dell Support Center

2013-05-24 02:29:22 -------- d-----w- C:\Program Files\My Dell

2013-05-24 02:21:21 236 ----a-w- C:\Users\Adam Moskowitz\AppData\Local\poetsch.bat

2013-05-21 08:03:11 964552 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{50540F3C-8FC5-4B18-AC86-5CB05EAE2964}\gapaengine.dll

2013-05-20 21:42:28 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Local\Samsung

2013-05-20 21:42:26 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Roaming\Samsung

2013-05-20 20:55:29 203672 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2013-05-20 20:55:29 103064 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2013-05-20 20:53:57 -------- d-----w- C:\Program Files (x86)\MyFree Codec

2013-05-20 19:30:35 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2013-05-20 19:29:17 -------- d-----w- C:\ProgramData\Samsung

2013-05-20 19:29:17 -------- d-----w- C:\Program Files (x86)\Samsung

2013-05-15 16:29:19 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 16:29:17 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 16:29:17 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 16:29:03 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 16:29:00 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-15 16:29:00 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 16:28:59 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 16:28:53 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-05-15 16:28:53 230400 ----a-w- C:\Windows\System32\wwansvc.dll

2013-05-15 16:28:51 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-05-11 02:28:29 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Local\Western_Digital

2013-05-11 02:27:00 -------- d-----w- C:\Program Files (x86)\Western Digital

2013-05-11 02:27:00 -------- d-----w- C:\Program Files (x86)\Common Files\Western Digital

2013-05-11 02:26:42 -------- d-----w- C:\ProgramData\Western Digital

2013-05-08 00:54:40 -------- d-----w- C:\ProgramData\StarApp

2013-05-08 00:54:29 -------- d-----w- C:\ProgramData\conetinuetioSaVaee

2013-05-08 00:53:25 -------- d-----w- C:\ProgramData\InstallMate

2013-05-06 17:55:44 -------- dc-h--w- C:\ProgramData\{CD352F6F-406C-46C9-A890-F992D366B0BA}

2013-04-30 02:31:55 -------- d-----w- C:\Program Files (x86)\ePadLink

2013-04-29 17:01:55 -------- d-----w- C:\Windows\en

2013-04-29 16:58:13 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2013-04-29 16:58:13 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2013-04-29 16:58:13 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll

2013-04-29 16:58:13 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2013-04-29 16:58:12 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2013-04-29 16:58:12 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2013-04-29 16:58:11 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2013-04-29 16:58:11 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll

2013-04-29 16:56:07 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\50d0635f1ce44fa05\skydrivesetup.exe

2013-04-29 16:56:07 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive

2013-04-29 16:56:07 -------- d-----r- C:\Users\Adam Moskowitz\SkyDrive

2013-04-29 16:55:55 -------- d-----w- C:\ProgramData\Microsoft SkyDrive

2013-04-29 16:55:11 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4d597f221ce44fa04\DXSETUP.exe

2013-04-29 16:55:10 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4d597f221ce44fa04\DSETUP.dll

2013-04-29 16:55:10 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4d597f221ce44fa04\dsetup32.dll

2013-04-29 16:55:06 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4afa779f1ce44fa03\DSETUP.dll

2013-04-29 16:55:06 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4afa779f1ce44fa03\DXSETUP.exe

2013-04-29 16:55:06 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4afa779f1ce44fa03\dsetup32.dll

2013-04-29 16:54:54 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\459948651ce44fa01\DSETUP.dll

2013-04-29 16:54:54 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\459948651ce44fa01\DXSETUP.exe

2013-04-29 16:54:54 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\459948651ce44fa01\dsetup32.dll

2013-04-29 06:19:54 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Roaming\avidemux

2013-04-29 06:07:05 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Local\Aiseesoft Studio

2013-04-29 05:51:54 -------- d-----w- C:\Users\Adam Moskowitz\AppData\Roaming\AVS4YOU

2013-04-29 05:49:22 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll

2013-04-29 05:49:22 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll

2013-04-29 05:49:22 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia

2013-04-29 05:49:21 -------- d-----w- C:\ProgramData\AVS4YOU

2013-04-29 05:49:21 -------- d-----w- C:\Program Files (x86)\AVS4YOU

2013-04-28 21:23:24 -------- d-----w- C:\Program Files (x86)\National Consumer Panel

.

==================== Find3M ====================

.

2013-05-15 18:01:17 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-15 18:01:16 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-02 15:29:56 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll

2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll

2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-04-05 04:43:00 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-04-05 04:29:45 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-04-04 21:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-04 12:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-06 23:51:10 34936 ----a-w- C:\Windows\SysWow64\uninstHelixYUV.exe

2013-03-06 23:50:20 7760687 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\SetupGFD.exe

2013-03-06 23:50:08 5243208 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\AvsP.exe

2013-03-06 23:49:58 1357348 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\MatroskaSplitter.exe

2013-03-06 23:49:53 117723 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\yuvcodecs-1.3.exe

2013-03-06 23:49:51 5514668 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\Imgburn.exe

2013-03-06 23:49:39 5082084 ----a-w- C:\Users\Adam Moskowitz\AppData\Roaming\Avisynth.exe

2013-03-06 22:47:32 861088 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-03-06 22:47:32 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 13:50:45.47 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 4/10/2012 1:02:31 PM

System Uptime: 5/28/2013 1:25:08 PM (0 hours ago)

.

Motherboard: Dell Inc. | | 05TM8C

Processor: Intel® Core i5-2450M CPU @ 2.50GHz | CPU | 2475/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 446 GiB total, 285.352 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP291: 5/24/2013 11:24:09 PM - WD SmartWare Installer

RP292: 5/28/2013 1:38:39 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

AC3Filter 2.5b

Accidental Damage Services Agreement

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.7) MUI

Advanced Audio FX Engine

Aegon Illustration System

Apple Application Support

Apple Mobile Device Support

Audacity 2.0.2

Banctec Service Agreement

Bass Audio Decoder (remove only)

Brother MFL-Pro Suite MFC-295CN

Brother MFL-Pro Suite MFC-J825DW

CCleaner

CD Audio Reader Filter (remove only)

CDex extraction audio

Cisco WebEx Meetings

Complete Care Business Service Agreement

Consumer In-Home Service Agreement

CopyTrans Suite Remove Only

Curse Client

D3DX10

DCoder Image Source (remove only)

Dell DataSafe Online

Dell Digital Delivery

Dell Driver Download Manager

Dell Edoc Viewer

Dell Getting Started Guide

Dell Home Systems Service Agreement

Dell System Detect

Dell Touchpad

Dell VideoStage

Dell Webcam Central

DirectVobSub (remove only)

DriverAgent by eSupport.com

Dropbox

DScaler 5 Mpeg Decoders

ePadLink ePad 11.1

eReg

ffdshow v1.2.4453 [2012-05-21]

FFMPEG Core Files (remove only)

Free M4a to MP3 Converter 8.0

Gabest MPEG Splitter (remove only)

Google Chrome

GoToMeeting 5.4.0.1082

Haali Media Splitter

Helix YUV Codecs (remove only)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

InfraRecorder 0.52 (x64 edition)

Install LoJack for Laptops

Intel PROSet Wireless

Intel® Control Center

Intel® Management Engine Components

Intel® OpenCL CPU Runtime

Intel® Processor Graphics

Intel® PROSet/Wireless Software for Bluetooth® Technology

Intel® PROSet/Wireless WiFi Software

Intel® Turbo Boost Technology Monitor 2.0

Intel® WiDi

Intel® Wireless Display

Internet Transporter - NCP Link

Java 7 Update 21

Java Auto Updater

Java 6 Update 31

Java 7 Update 1 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

K-Lite Codec Pack 9.1.0 (64-bit)

K-Lite Mega Codec Pack 9.0.2

Kyocera Product Library

LAME v3.99.3 (for Windows)

LAV Filters 0.51.3

Logitech Flow Scroll 4.0

Logitech SetPoint 6.32

MadVR (remove only)

Malwarebytes Anti-Malware version 1.75.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office Live Meeting 2007

Microsoft PowerPoint Viewer

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft SQL Server 2005 Express Edition (ITSQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft SQL Server Compact 3.5 SP2 x64 ENU

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Movie Maker

MSVCRT

MSVCRT_amd64

MSVCRT110

MSVCRT110_amd64

MSXML 4.0 SP3 Parser

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB2758694)

MSXML 4.0 SP3 Parser (KB973685)

My Dell

Nationwide Life Illustrator 2.4.0.16

Navigator 12.03

Navigator 13.10

Navigator 13.20

NCP Internet Transporter

OpenOffice.org 3.1

OpenSource AVI Splitter (remove only)

OpenSource DTS/AC3/DD+ Source Filter (remove only)

OpenSource Flash Video Splitter (remove only)

PeerBlock 1.1 (r518)

Photo Common

Photo Gallery

PlayReady PC Runtime x86

Premium Service Agreement

PrimoPDF -- brought to you by Nitro PDF Software

QualxServ Service Agreement

Quickset64

Realtek High Definition Audio Driver

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Skype Click to Call

Skype™ 6.1

SpeedFan (remove only)

Steam

Torchlight II

Transamerica Life Products Illustration System - TransWare WFG

Transamerica Life Products Illustration System TransWare Prerequisite V3.0

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

WD Drive Utilities

WD Quick View

WD Security

WD SmartWare

WD SmartWare Installer

Windows Driver Package - FTDI CDM Driver Package (10/22/2009 2.06.00)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.11 (64-bit)

WinRAR 4.20 (32-bit)

Zoom Player (remove only)

.

==== Event Viewer Messages From Past Week ========

.

5/28/2013 1:29:51 PM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s).

5/28/2013 1:27:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WD Backup service to connect.

5/28/2013 1:27:30 PM, Error: Service Control Manager [7000] - The WD Backup service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

5/25/2013 4:39:23 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR3.

5/24/2013 3:16:13 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.

5/23/2013 7:14:20 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/23/2013 7:08:07 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Dell DataSafe Online service to connect.

5/23/2013 7:08:07 PM, Error: Service Control Manager [7000] - The Dell DataSafe Online service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

.

==== End Of File ===========================

[Maurice Naggar]

Hello,

I will be helping you. Please follow my guidance and do not run tools or fixes nor do changes on your own.

Please confirm for me that you are the owner of this system.

If it is owned by someone else, or if it belongs to a company or an organization, please Stop and tell me that.

As a reminder, please just only Copy & Paste all log contents directly into main-body of reply box.

Use 1 reply per each log as needed. IF you hit some log that is way too huge, then you may attach.

Please do a backup of any documents/personal files that you cannot afford to lose.

Malware cleanups can sometimes be unpredictable. So do a backup to Offline media as a precaution.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[admoskowitz]

Step 3

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 15:10:16

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Adam Moskowitz - MINAUROS

# Boot Mode : Normal

# Running from : C:\Users\Adam Moskowitz\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\END

Folder Found : C:\ProgramData\conetinuetioSaVaee

Folder Found : C:\ProgramData\InstallMate

Folder Found : C:\Users\Adam Moskowitz\AppData\Local\PackageAware

Folder Found : C:\Users\Adam Moskowitz\AppData\LocalLow\Conduit

Folder Found : C:\Users\Adam Moskowitz\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Found : HKCU\Software\APN PIP

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\AppDataLow\SProtector

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\InstallCore

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Found : HKLM\Software\InfoAtoms

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Found : HKLM\Software\PIP

Key Found : HKLM\Software\SP Global

Key Found : HKLM\Software\SProtector

Key Found : HKLM\Software\YourFileDownloader

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1775 octets] - [28/05/2013 15:10:16]

########## EOF - C:\AdwCleaner[R1].txt - [1835 octets] ##########

[admoskowitz]

Step 5

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Adam Moskowitz [Admin rights]

Mode : Scan -- Date : 05/28/2013 15:19:48

| ARK || FAK |

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] tdsskiller.exe -- C:\Users\Adam Moskowitz\Desktop\tdsskiller.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms) [-] -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2677679354-1192122103-4054240909-1000[...]\Run : DellSystemDetect (C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms) [-] -> FOUND

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

Finished : << RKreport[1]_S_05282013_02d1519.txt >>

RKreport[1]_S_05282013_02d1519.txt

[admoskowitz]

TDSSKILLER log

15:23:21.0970 6812 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

15:23:22.0506 6812 ============================================================

15:23:22.0506 6812 Current date / time: 2013/05/28 15:23:22.0506

15:23:22.0506 6812 SystemInfo:

15:23:22.0506 6812

15:23:22.0506 6812 OS Version: 6.1.7601 ServicePack: 1.0

15:23:22.0506 6812 Product type: Workstation

15:23:22.0506 6812 ComputerName: MINAUROS

15:23:22.0507 6812 UserName: Adam Moskowitz

15:23:22.0507 6812 Windows directory: C:\Windows

15:23:22.0507 6812 System windows directory: C:\Windows

15:23:22.0507 6812 Running under WOW64

15:23:22.0507 6812 Processor architecture: Intel x64

15:23:22.0507 6812 Number of processors: 4

15:23:22.0507 6812 Page size: 0x1000

15:23:22.0507 6812 Boot type: Normal boot

15:23:22.0507 6812 ============================================================

15:23:22.0729 6812 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:23:22.0733 6812 ============================================================

15:23:22.0733 6812 \Device\Harddisk0\DR0:

15:23:22.0734 6812 MBR partitions:

15:23:22.0734 6812 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x34000, BlocksNum 0x2710000

15:23:22.0734 6812 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2744000, BlocksNum 0x37C41830

15:23:22.0734 6812 ============================================================

15:23:22.0749 6812 C: <-> \Device\Harddisk0\DR0\Partition2

15:23:22.0750 6812 ============================================================

15:23:22.0750 6812 Initialize success

15:23:22.0750 6812 ============================================================

15:23:24.0571 6608 ============================================================

15:23:24.0571 6608 Scan started

15:23:24.0571 6608 Mode: Manual;

15:23:24.0571 6608 ============================================================

15:23:24.0879 6608 ================ Scan system memory ========================

15:23:24.0879 6608 System memory - ok

15:23:24.0882 6608 ================ Scan services =============================

15:23:25.0050 6608 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

15:23:25.0055 6608 1394ohci - ok

15:23:25.0101 6608 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

15:23:25.0103 6608 ACPI - ok

15:23:25.0128 6608 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

15:23:25.0128 6608 AcpiPmi - ok

15:23:25.0308 6608 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

15:23:25.0310 6608 AdobeARMservice - ok

15:23:25.0503 6608 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:23:25.0507 6608 AdobeFlashPlayerUpdateSvc - ok

15:23:25.0570 6608 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

15:23:25.0574 6608 adp94xx - ok

15:23:25.0595 6608 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

15:23:25.0597 6608 adpahci - ok

15:23:25.0621 6608 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

15:23:25.0622 6608 adpu320 - ok

15:23:25.0645 6608 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

15:23:25.0647 6608 AeLookupSvc - ok

15:23:25.0725 6608 [ D1E343BC00136CE03C4D403194D06A80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

15:23:25.0727 6608 AERTFilters - ok

15:23:25.0768 6608 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

15:23:25.0774 6608 AFD - ok

15:23:25.0813 6608 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

15:23:25.0814 6608 agp440 - ok

15:23:25.0858 6608 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

15:23:25.0859 6608 ALG - ok

15:23:25.0886 6608 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

15:23:25.0888 6608 aliide - ok

15:23:25.0910 6608 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

15:23:25.0910 6608 amdide - ok

15:23:25.0937 6608 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

15:23:25.0937 6608 AmdK8 - ok

15:23:25.0954 6608 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

15:23:25.0954 6608 AmdPPM - ok

15:23:25.0979 6608 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

15:23:25.0981 6608 amdsata - ok

15:23:26.0006 6608 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

15:23:26.0007 6608 amdsbs - ok

15:23:26.0022 6608 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

15:23:26.0022 6608 amdxata - ok

15:23:26.0056 6608 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPAL C:\Windows\system32\DRIVERS\AMPPAL.sys

15:23:26.0060 6608 AMPPAL - ok

15:23:26.0082 6608 [ 12E7A43A3C6840A063A82B04F7EF47C0 ] AMPPALP C:\Windows\system32\DRIVERS\amppal.sys

15:23:26.0083 6608 AMPPALP - ok

15:23:26.0159 6608 [ 2CC0CBF2707BE4D5B6CE6B87D9DA2F97 ] AMPPALR3 C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe

15:23:26.0169 6608 AMPPALR3 - ok

15:23:26.0212 6608 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

15:23:26.0214 6608 AppID - ok

15:23:26.0239 6608 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

15:23:26.0240 6608 AppIDSvc - ok

15:23:26.0283 6608 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

15:23:26.0285 6608 Appinfo - ok

15:23:26.0370 6608 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:23:26.0373 6608 Apple Mobile Device - ok

15:23:26.0405 6608 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

15:23:26.0407 6608 arc - ok

15:23:26.0424 6608 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

15:23:26.0425 6608 arcsas - ok

15:23:26.0544 6608 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:23:26.0545 6608 aspnet_state - ok

15:23:26.0581 6608 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

15:23:26.0582 6608 AsyncMac - ok

15:23:26.0616 6608 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

15:23:26.0616 6608 atapi - ok

15:23:26.0676 6608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

15:23:26.0686 6608 AudioEndpointBuilder - ok

15:23:26.0714 6608 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

15:23:26.0717 6608 AudioSrv - ok

15:23:26.0763 6608 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

15:23:26.0764 6608 AxInstSV - ok

15:23:26.0810 6608 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

15:23:26.0818 6608 b06bdrv - ok

15:23:26.0870 6608 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

15:23:26.0875 6608 b57nd60a - ok

15:23:26.0908 6608 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

15:23:26.0909 6608 BDESVC - ok

15:23:26.0918 6608 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

15:23:26.0919 6608 Beep - ok

15:23:26.0974 6608 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

15:23:26.0985 6608 BFE - ok

15:23:27.0024 6608 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

15:23:27.0030 6608 BITS - ok

15:23:27.0056 6608 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

15:23:27.0057 6608 blbdrive - ok

15:23:27.0151 6608 [ 0F46D2845BD7DDACA52340ECC2B65DA3 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe

15:23:27.0162 6608 Bluetooth Device Monitor - ok

15:23:27.0213 6608 [ 3341DE556EC28252D603277609EEF8BF ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe

15:23:27.0225 6608 Bluetooth Media Service - ok

15:23:27.0292 6608 [ 5D5C3EC9BE1107DEDF0FEB55B7F3BD77 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe

15:23:27.0308 6608 Bluetooth OBEX Service - ok

15:23:27.0344 6608 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

15:23:27.0347 6608 bowser - ok

15:23:27.0375 6608 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

15:23:27.0376 6608 BrFiltLo - ok

15:23:27.0388 6608 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

15:23:27.0388 6608 BrFiltUp - ok

15:23:27.0436 6608 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

15:23:27.0439 6608 Browser - ok

15:23:27.0469 6608 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

15:23:27.0472 6608 Brserid - ok

15:23:27.0488 6608 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

15:23:27.0489 6608 BrSerWdm - ok

15:23:27.0507 6608 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

15:23:27.0507 6608 BrUsbMdm - ok

15:23:27.0517 6608 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

15:23:27.0518 6608 BrUsbSer - ok

15:23:27.0584 6608 [ EA7E57F87D6FEE5FD6C5F813C04E8CD2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe

15:23:27.0588 6608 BrYNSvc - ok

15:23:27.0636 6608 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

15:23:27.0636 6608 BthEnum - ok

15:23:27.0650 6608 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

15:23:27.0672 6608 BTHMODEM - ok

15:23:27.0710 6608 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

15:23:27.0712 6608 BthPan - ok

15:23:27.0753 6608 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

15:23:27.0762 6608 BTHPORT - ok

15:23:27.0798 6608 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

15:23:27.0800 6608 bthserv - ok

15:23:27.0827 6608 [ D6CEEC2F878149E4DB9FE93FA5D8FE60 ] BTHSSecurityMgr C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe

15:23:27.0830 6608 BTHSSecurityMgr - ok

15:23:27.0884 6608 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

15:23:27.0886 6608 BTHUSB - ok

15:23:27.0905 6608 [ 274E47BD9C1367BDBFA9DF10C2E6C544 ] btmaudio C:\Windows\system32\drivers\btmaud.sys

15:23:27.0906 6608 btmaudio - ok

15:23:27.0936 6608 [ AB0A33001FE7EBB209D9D52CED11BE1A ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys

15:23:27.0937 6608 btmaux - ok

15:23:27.0960 6608 [ 40C6FEC49D1CC4D112368A2BCD2BCBB7 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys

15:23:27.0962 6608 btmhsf - ok

15:23:27.0995 6608 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

15:23:27.0997 6608 cdfs - ok

15:23:28.0035 6608 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

15:23:28.0037 6608 cdrom - ok

15:23:28.0077 6608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

15:23:28.0079 6608 CertPropSvc - ok

15:23:28.0112 6608 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

15:23:28.0112 6608 circlass - ok

15:23:28.0133 6608 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

15:23:28.0135 6608 CLFS - ok

15:23:28.0188 6608 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:23:28.0190 6608 clr_optimization_v2.0.50727_32 - ok

15:23:28.0226 6608 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:23:28.0228 6608 clr_optimization_v2.0.50727_64 - ok

15:23:28.0293 6608 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:23:28.0296 6608 clr_optimization_v4.0.30319_32 - ok

15:23:28.0328 6608 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:23:28.0331 6608 clr_optimization_v4.0.30319_64 - ok

15:23:28.0345 6608 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

15:23:28.0346 6608 CmBatt - ok

15:23:28.0380 6608 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

15:23:28.0381 6608 cmdide - ok

15:23:28.0426 6608 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

15:23:28.0432 6608 CNG - ok

15:23:28.0448 6608 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

15:23:28.0449 6608 Compbatt - ok

15:23:28.0478 6608 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

15:23:28.0479 6608 CompositeBus - ok

15:23:28.0499 6608 COMSysApp - ok

15:23:28.0600 6608 [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe

15:23:28.0606 6608 cphs - ok

15:23:28.0653 6608 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

15:23:28.0653 6608 crcdisk - ok

15:23:28.0716 6608 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

15:23:28.0719 6608 CryptSvc - ok

15:23:28.0763 6608 [ DF214BFF646880D0EB31BDC86136B29B ] CtClsFlt C:\Windows\system32\DRIVERS\CtClsFlt.sys

15:23:28.0766 6608 CtClsFlt - ok

15:23:28.0822 6608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

15:23:28.0834 6608 DcomLaunch - ok

15:23:28.0861 6608 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

15:23:28.0863 6608 defragsvc - ok

15:23:28.0925 6608 [ FC72D309E86E5CAECBBBBC37F7BE038D ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe

15:23:28.0928 6608 DellDigitalDelivery - ok

15:23:28.0959 6608 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

15:23:28.0960 6608 DfsC - ok

15:23:29.0000 6608 [ 421D371E96480DD3A14EA37D0D2757D1 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

15:23:29.0002 6608 dg_ssudbus - ok

15:23:29.0054 6608 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

15:23:29.0060 6608 Dhcp - ok

15:23:29.0077 6608 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

15:23:29.0079 6608 discache - ok

15:23:29.0126 6608 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

15:23:29.0128 6608 Disk - ok

15:23:29.0176 6608 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

15:23:29.0180 6608 Dnscache - ok

15:23:29.0216 6608 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

15:23:29.0221 6608 dot3svc - ok

15:23:29.0236 6608 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

15:23:29.0237 6608 DPS - ok

15:23:29.0269 6608 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

15:23:29.0270 6608 drmkaud - ok

15:23:29.0345 6608 [ 1ED08A6264C5C92099D6D1DAE5E8F530 ] DrvAgent64 C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS

15:23:29.0347 6608 DrvAgent64 - ok

15:23:29.0399 6608 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

15:23:29.0404 6608 DXGKrnl - ok

15:23:29.0440 6608 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

15:23:29.0442 6608 EapHost - ok

15:23:29.0548 6608 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

15:23:29.0570 6608 ebdrv - ok

15:23:29.0592 6608 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

15:23:29.0593 6608 EFS - ok

15:23:29.0642 6608 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

15:23:29.0646 6608 ehRecvr - ok

15:23:29.0677 6608 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

15:23:29.0678 6608 ehSched - ok

15:23:29.0720 6608 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

15:23:29.0723 6608 elxstor - ok

15:23:29.0734 6608 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

15:23:29.0735 6608 ErrDev - ok

15:23:29.0777 6608 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

15:23:29.0785 6608 EventSystem - ok

15:23:29.0891 6608 [ 532B8FF8E07F3772B086620377654F95 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe

15:23:29.0899 6608 EvtEng - ok

15:23:29.0920 6608 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

15:23:29.0921 6608 exfat - ok

15:23:29.0944 6608 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

15:23:29.0945 6608 fastfat - ok

15:23:30.0004 6608 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

15:23:30.0015 6608 Fax - ok

15:23:30.0047 6608 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

15:23:30.0048 6608 fdc - ok

15:23:30.0083 6608 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

15:23:30.0085 6608 fdPHost - ok

15:23:30.0095 6608 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

15:23:30.0097 6608 FDResPub - ok

15:23:30.0112 6608 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

15:23:30.0113 6608 FileInfo - ok

15:23:30.0126 6608 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

15:23:30.0127 6608 Filetrace - ok

15:23:30.0145 6608 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

15:23:30.0146 6608 flpydisk - ok

15:23:30.0165 6608 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

15:23:30.0171 6608 FltMgr - ok

15:23:30.0253 6608 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

15:23:30.0272 6608 FontCache - ok

15:23:30.0316 6608 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:23:30.0317 6608 FontCache3.0.0.0 - ok

15:23:30.0338 6608 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

15:23:30.0340 6608 FsDepends - ok

15:23:30.0386 6608 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

15:23:30.0387 6608 Fs_Rec - ok

15:23:30.0450 6608 [ F16370F37CCA72ED2C21C230333C2C11 ] FTDIBUS C:\Windows\system32\drivers\ftdibus.sys

15:23:30.0452 6608 FTDIBUS - ok

15:23:30.0489 6608 [ 787BBE2466C36B2E36B4A41BB788E2A2 ] FTSER2K C:\Windows\system32\drivers\ftser2k.sys

15:23:30.0490 6608 FTSER2K - ok

15:23:30.0544 6608 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

15:23:30.0548 6608 fvevol - ok

15:23:30.0583 6608 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

15:23:30.0584 6608 gagp30kx - ok

15:23:30.0679 6608 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

15:23:30.0693 6608 gpsvc - ok

15:23:30.0733 6608 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

15:23:30.0735 6608 hcw85cir - ok

15:23:30.0777 6608 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

15:23:30.0783 6608 HdAudAddService - ok

15:23:30.0819 6608 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

15:23:30.0822 6608 HDAudBus - ok

15:23:30.0844 6608 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

15:23:30.0845 6608 HidBatt - ok

15:23:30.0868 6608 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

15:23:30.0870 6608 HidBth - ok

15:23:30.0882 6608 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

15:23:30.0883 6608 HidIr - ok

15:23:30.0908 6608 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

15:23:30.0909 6608 hidserv - ok

15:23:30.0940 6608 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

15:23:30.0941 6608 HidUsb - ok

15:23:30.0969 6608 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

15:23:30.0971 6608 hkmsvc - ok

15:23:30.0983 6608 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

15:23:30.0985 6608 HomeGroupListener - ok

15:23:31.0006 6608 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

15:23:31.0008 6608 HomeGroupProvider - ok

15:23:31.0018 6608 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

15:23:31.0019 6608 HpSAMD - ok

15:23:31.0067 6608 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

15:23:31.0079 6608 HTTP - ok

15:23:31.0106 6608 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

15:23:31.0107 6608 hwpolicy - ok

15:23:31.0139 6608 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys

15:23:31.0141 6608 i8042prt - ok

15:23:31.0195 6608 [ D469B77687E12FE43E344806740B624D ] iaStor C:\Windows\system32\drivers\iaStor.sys

15:23:31.0203 6608 iaStor - ok

15:23:31.0253 6608 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

15:23:31.0260 6608 iaStorV - ok

15:23:31.0290 6608 [ FC47F5CF561BF0FD897EFD1A9604DCCF ] iBtFltCoex C:\Windows\system32\DRIVERS\iBtFltCoex.sys

15:23:31.0291 6608 iBtFltCoex - ok

15:23:31.0354 6608 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:23:31.0367 6608 idsvc - ok

15:23:31.0686 6608 [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

15:23:31.0760 6608 igfx - ok

15:23:31.0795 6608 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

15:23:31.0796 6608 iirsp - ok

15:23:31.0848 6608 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

15:23:31.0863 6608 IKEEXT - ok

15:23:31.0908 6608 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\drivers\Impcd.sys

15:23:31.0911 6608 Impcd - ok

15:23:31.0957 6608 [ CADDF0927DAC63EDAE48F5C35A61D87D ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys

15:23:31.0958 6608 intaud_WaveExtensible - ok

15:23:32.0077 6608 [ A3C9367A02B2A1FC22536ADD3601B64F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

15:23:32.0094 6608 IntcAzAudAddService - ok

15:23:32.0126 6608 [ 6C9FFFECA9FED31347D211C5D1FFBD2D ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys

15:23:32.0128 6608 IntcDAud - ok

15:23:32.0149 6608 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

15:23:32.0150 6608 intelide - ok

15:23:32.0182 6608 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

15:23:32.0184 6608 intelppm - ok

15:23:32.0207 6608 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

15:23:32.0210 6608 IPBusEnum - ok

15:23:32.0233 6608 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:23:32.0235 6608 IpFilterDriver - ok

15:23:32.0290 6608 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

15:23:32.0301 6608 iphlpsvc - ok

15:23:32.0320 6608 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

15:23:32.0321 6608 IPMIDRV - ok

15:23:32.0370 6608 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

15:23:32.0372 6608 IPNAT - ok

15:23:32.0396 6608 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

15:23:32.0397 6608 IRENUM - ok

15:23:32.0416 6608 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

15:23:32.0417 6608 isapnp - ok

15:23:32.0441 6608 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

15:23:32.0445 6608 iScsiPrt - ok

15:23:32.0488 6608 [ 716F66336F10885D935B08174DC54242 ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys

15:23:32.0489 6608 iwdbus - ok

15:23:32.0505 6608 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

15:23:32.0505 6608 kbdclass - ok

15:23:32.0540 6608 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

15:23:32.0541 6608 kbdhid - ok

15:23:32.0560 6608 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

15:23:32.0563 6608 KeyIso - ok

15:23:32.0604 6608 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

15:23:32.0606 6608 KSecDD - ok

15:23:32.0629 6608 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

15:23:32.0630 6608 KSecPkg - ok

15:23:32.0657 6608 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

15:23:32.0657 6608 ksthunk - ok

15:23:32.0681 6608 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

15:23:32.0684 6608 KtmRm - ok

15:23:32.0713 6608 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

15:23:32.0720 6608 LanmanServer - ok

15:23:32.0736 6608 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

15:23:32.0742 6608 LanmanWorkstation - ok

15:23:32.0879 6608 [ 7772DFAB22611050B79504E671B06E6E ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

15:23:32.0885 6608 LBTServ - ok

15:23:32.0922 6608 [ ED7EC050CD6C20E1A93A4DAFB7EFD14D ] LEqdUsb C:\Windows\system32\DRIVERS\LEqdUsb.Sys

15:23:32.0924 6608 LEqdUsb - ok

15:23:32.0991 6608 [ 3267BC698E29474A8381E68904EB0390 ] LHidEqd C:\Windows\system32\DRIVERS\LHidEqd.Sys

15:23:32.0992 6608 LHidEqd - ok

15:23:33.0028 6608 [ 241F2648ADF090E2A10095BD6D6F5DCB ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

15:23:33.0030 6608 LHidFilt - ok

15:23:33.0061 6608 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

15:23:33.0062 6608 lltdio - ok

15:23:33.0099 6608 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

15:23:33.0106 6608 lltdsvc - ok

15:23:33.0136 6608 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

15:23:33.0139 6608 lmhosts - ok

15:23:33.0182 6608 [ 342ED5A4B3326014438F36D22D803737 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

15:23:33.0183 6608 LMouFilt - ok

15:23:33.0254 6608 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:23:33.0259 6608 LMS - ok

15:23:33.0286 6608 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

15:23:33.0287 6608 LSI_FC - ok

15:23:33.0314 6608 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

15:23:33.0316 6608 LSI_SAS - ok

15:23:33.0337 6608 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

15:23:33.0339 6608 LSI_SAS2 - ok

15:23:33.0357 6608 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

15:23:33.0359 6608 LSI_SCSI - ok

15:23:33.0380 6608 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

15:23:33.0381 6608 luafv - ok

15:23:33.0404 6608 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

15:23:33.0408 6608 Mcx2Svc - ok

15:23:33.0417 6608 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

15:23:33.0419 6608 megasas - ok

15:23:33.0439 6608 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

15:23:33.0441 6608 MegaSR - ok

15:23:33.0468 6608 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

15:23:33.0469 6608 MEIx64 - ok

15:23:33.0496 6608 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

15:23:33.0497 6608 MMCSS - ok

15:23:33.0506 6608 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

15:23:33.0507 6608 Modem - ok

15:23:33.0548 6608 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

15:23:33.0549 6608 monitor - ok

15:23:33.0588 6608 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

15:23:33.0590 6608 mouclass - ok

15:23:33.0611 6608 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

15:23:33.0612 6608 mouhid - ok

15:23:33.0632 6608 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

15:23:33.0635 6608 mountmgr - ok

15:23:33.0704 6608 [ F8A10560B35C66F9DE212F03DAD5BFA7 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

15:23:33.0709 6608 MpFilter - ok

15:23:33.0732 6608 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

15:23:33.0735 6608 mpio - ok

15:23:33.0753 6608 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

15:23:33.0755 6608 mpsdrv - ok

15:23:33.0806 6608 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

15:23:33.0821 6608 MpsSvc - ok

15:23:33.0855 6608 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

15:23:33.0858 6608 MRxDAV - ok

15:23:33.0887 6608 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

15:23:33.0889 6608 mrxsmb - ok

15:23:33.0917 6608 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:23:33.0923 6608 mrxsmb10 - ok

15:23:33.0937 6608 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:23:33.0940 6608 mrxsmb20 - ok

15:23:33.0973 6608 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

15:23:33.0974 6608 msahci - ok

15:23:34.0015 6608 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

15:23:34.0016 6608 msdsm - ok

15:23:34.0042 6608 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

15:23:34.0047 6608 MSDTC - ok

15:23:34.0075 6608 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

15:23:34.0075 6608 Msfs - ok

15:23:34.0088 6608 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

15:23:34.0088 6608 mshidkmdf - ok

15:23:34.0114 6608 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

15:23:34.0115 6608 msisadrv - ok

15:23:34.0158 6608 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

15:23:34.0163 6608 MSiSCSI - ok

15:23:34.0170 6608 msiserver - ok

15:23:34.0217 6608 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

15:23:34.0217 6608 MSKSSRV - ok

15:23:34.0294 6608 [ E07DEC52FF801841BA9B6878A60304FB ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

15:23:34.0295 6608 MsMpSvc - ok

15:23:34.0313 6608 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

15:23:34.0314 6608 MSPCLOCK - ok

15:23:34.0345 6608 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

15:23:34.0347 6608 MSPQM - ok

15:23:34.0374 6608 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

15:23:34.0380 6608 MsRPC - ok

15:23:34.0400 6608 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

15:23:34.0401 6608 mssmbios - ok

15:23:34.0505 6608 MSSQL$ITSQLEXPRESS - ok

15:23:34.0575 6608 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

15:23:34.0577 6608 MSSQLServerADHelper - ok

15:23:34.0607 6608 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

15:23:34.0608 6608 MSTEE - ok

15:23:34.0627 6608 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

15:23:34.0628 6608 MTConfig - ok

15:23:34.0641 6608 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

15:23:34.0642 6608 Mup - ok

15:23:34.0687 6608 [ 265937BC59819DF1DAB65E27C60F94C0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

15:23:34.0689 6608 MyWiFiDHCPDNS - ok

15:23:34.0713 6608 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

15:23:34.0717 6608 napagent - ok

15:23:34.0770 6608 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

15:23:34.0772 6608 NativeWifiP - ok

15:23:34.0845 6608 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

15:23:34.0859 6608 NDIS - ok

15:23:34.0884 6608 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

15:23:34.0885 6608 NdisCap - ok

15:23:34.0899 6608 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

15:23:34.0900 6608 NdisTapi - ok

15:23:34.0931 6608 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

15:23:34.0933 6608 Ndisuio - ok

15:23:34.0948 6608 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

15:23:34.0950 6608 NdisWan - ok

15:23:34.0968 6608 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

15:23:34.0968 6608 NDProxy - ok

15:23:34.0983 6608 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

15:23:34.0984 6608 NetBIOS - ok

15:23:34.0999 6608 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

15:23:35.0001 6608 NetBT - ok

15:23:35.0015 6608 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

15:23:35.0016 6608 Netlogon - ok

15:23:35.0050 6608 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

15:23:35.0054 6608 Netman - ok

15:23:35.0097 6608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:23:35.0100 6608 NetMsmqActivator - ok

15:23:35.0108 6608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:23:35.0111 6608 NetPipeActivator - ok

15:23:35.0137 6608 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

15:23:35.0141 6608 netprofm - ok

15:23:35.0147 6608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:23:35.0149 6608 NetTcpActivator - ok

15:23:35.0153 6608 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:23:35.0155 6608 NetTcpPortSharing - ok

15:23:35.0374 6608 [ 774C9ECCEF83AB8A3D1466F19809C95F ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys

15:23:35.0418 6608 NETwNs64 - ok

15:23:35.0453 6608 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

15:23:35.0454 6608 nfrd960 - ok

15:23:35.0517 6608 [ 162100E0BC8377710F9D170631921C03 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

15:23:35.0520 6608 NisDrv - ok

15:23:35.0579 6608 [ C6E15F2F95F9C0A6098D43510B604E52 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

15:23:35.0585 6608 NisSrv - ok

15:23:35.0637 6608 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

15:23:35.0645 6608 NlaSvc - ok

15:23:35.0777 6608 [ B9B72FAAAA41D59B73B88FE3DD737ED1 ] NOBU C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe

15:23:35.0791 6608 NOBU - ok

15:23:35.0801 6608 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

15:23:35.0802 6608 Npfs - ok

15:23:35.0828 6608 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

15:23:35.0829 6608 nsi - ok

15:23:35.0857 6608 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

15:23:35.0859 6608 nsiproxy - ok

15:23:35.0943 6608 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

15:23:35.0957 6608 Ntfs - ok

15:23:35.0971 6608 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

15:23:35.0971 6608 Null - ok

15:23:36.0010 6608 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

15:23:36.0011 6608 nusb3hub - ok

15:23:36.0027 6608 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

15:23:36.0031 6608 nusb3xhc - ok

15:23:36.0061 6608 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

15:23:36.0062 6608 nvraid - ok

15:23:36.0084 6608 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

15:23:36.0088 6608 nvstor - ok

15:23:36.0122 6608 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

15:23:36.0125 6608 nv_agp - ok

15:23:36.0148 6608 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

15:23:36.0149 6608 ohci1394 - ok

15:23:36.0178 6608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

15:23:36.0186 6608 p2pimsvc - ok

15:23:36.0223 6608 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

15:23:36.0226 6608 p2psvc - ok

15:23:36.0256 6608 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

15:23:36.0259 6608 Parport - ok

15:23:36.0298 6608 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

15:23:36.0300 6608 partmgr - ok

15:23:36.0325 6608 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

15:23:36.0331 6608 PcaSvc - ok

15:23:36.0352 6608 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

15:23:36.0355 6608 pci - ok

15:23:36.0377 6608 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

15:23:36.0378 6608 pciide - ok

15:23:36.0411 6608 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

15:23:36.0415 6608 pcmcia - ok

15:23:36.0440 6608 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

15:23:36.0441 6608 pcw - ok

15:23:36.0471 6608 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

15:23:36.0481 6608 PEAUTH - ok

15:23:36.0548 6608 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

15:23:36.0551 6608 PerfHost - ok

15:23:36.0630 6608 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

15:23:36.0646 6608 pla - ok

15:23:36.0679 6608 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

15:23:36.0683 6608 PlugPlay - ok

15:23:36.0700 6608 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

15:23:36.0701 6608 PNRPAutoReg - ok

15:23:36.0728 6608 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

15:23:36.0734 6608 PNRPsvc - ok

15:23:36.0761 6608 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

15:23:36.0766 6608 PolicyAgent - ok

15:23:36.0796 6608 [ A2CCA4FB273E6050F17A0A416CFF2FCD ] Power C:\Windows\system32\umpo.dll

15:23:36.0800 6608 Power - ok

15:23:36.0821 6608 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

15:23:36.0823 6608 PptpMiniport - ok

15:23:36.0847 6608 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

15:23:36.0848 6608 Processor - ok

15:23:36.0887 6608 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

15:23:36.0894 6608 ProfSvc - ok

15:23:36.0908 6608 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

15:23:36.0911 6608 ProtectedStorage - ok

15:23:36.0937 6608 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

15:23:36.0938 6608 Psched - ok

15:23:36.0990 6608 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

15:23:37.0006 6608 ql2300 - ok

15:23:37.0036 6608 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

15:23:37.0037 6608 ql40xx - ok

15:23:37.0075 6608 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

15:23:37.0081 6608 QWAVE - ok

15:23:37.0098 6608 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

15:23:37.0099 6608 QWAVEdrv - ok

15:23:37.0108 6608 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

15:23:37.0110 6608 RasAcd - ok

15:23:37.0136 6608 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

15:23:37.0137 6608 RasAgileVpn - ok

15:23:37.0169 6608 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

15:23:37.0171 6608 RasAuto - ok

15:23:37.0183 6608 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

15:23:37.0184 6608 Rasl2tp - ok

15:23:37.0206 6608 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

15:23:37.0209 6608 RasMan - ok

15:23:37.0217 6608 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

15:23:37.0218 6608 RasPppoe - ok

15:23:37.0235 6608 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

15:23:37.0235 6608 RasSstp - ok

15:23:37.0253 6608 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

15:23:37.0255 6608 rdbss - ok

15:23:37.0267 6608 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

15:23:37.0268 6608 rdpbus - ok

15:23:37.0277 6608 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

15:23:37.0278 6608 RDPCDD - ok

15:23:37.0298 6608 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

15:23:37.0299 6608 RDPENCDD - ok

15:23:37.0311 6608 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

15:23:37.0311 6608 RDPREFMP - ok

15:23:37.0353 6608 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

15:23:37.0357 6608 RDPWD - ok

15:23:37.0388 6608 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

15:23:37.0392 6608 rdyboost - ok

15:23:37.0446 6608 [ 7196BE857E29007470FF9B689C7F29A7 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

15:23:37.0459 6608 RegSrvc - ok

15:23:37.0496 6608 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

15:23:37.0497 6608 RemoteAccess - ok

15:23:37.0520 6608 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

15:23:37.0526 6608 RemoteRegistry - ok

15:23:37.0565 6608 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

15:23:37.0566 6608 RFCOMM - ok

15:23:37.0584 6608 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

15:23:37.0588 6608 RpcEptMapper - ok

15:23:37.0617 6608 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

15:23:37.0619 6608 RpcLocator - ok

15:23:37.0646 6608 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

15:23:37.0658 6608 RpcSs - ok

15:23:37.0679 6608 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

15:23:37.0680 6608 rspndr - ok

15:23:37.0715 6608 [ 135A64530D7699AD48F29D73A658DD11 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

15:23:37.0720 6608 RSUSBSTOR - ok

15:23:37.0763 6608 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

15:23:37.0772 6608 RTL8167 - ok

15:23:37.0787 6608 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

15:23:37.0791 6608 SamSs - ok

15:23:37.0810 6608 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

15:23:37.0811 6608 sbp2port - ok

15:23:37.0829 6608 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

15:23:37.0832 6608 SCardSvr - ok

15:23:37.0845 6608 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

15:23:37.0847 6608 scfilter - ok

15:23:37.0891 6608 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

15:23:37.0905 6608 Schedule - ok

15:23:37.0925 6608 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

15:23:37.0926 6608 SCPolicySvc - ok

15:23:37.0939 6608 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

15:23:37.0942 6608 SDRSVC - ok

15:23:37.0969 6608 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

15:23:37.0971 6608 secdrv - ok

15:23:37.0981 6608 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

15:23:37.0985 6608 seclogon - ok

15:23:37.0999 6608 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

15:23:38.0000 6608 SENS - ok

15:23:38.0029 6608 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

15:23:38.0033 6608 SensrSvc - ok

15:23:38.0077 6608 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

15:23:38.0078 6608 Serenum - ok

15:23:38.0087 6608 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys

15:23:38.0089 6608 Serial - ok

15:23:38.0105 6608 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

15:23:38.0106 6608 sermouse - ok

15:23:38.0146 6608 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

15:23:38.0152 6608 SessionEnv - ok

15:23:38.0175 6608 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

15:23:38.0176 6608 sffdisk - ok

15:23:38.0187 6608 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

15:23:38.0188 6608 sffp_mmc - ok

15:23:38.0198 6608 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

15:23:38.0199 6608 sffp_sd - ok

15:23:38.0204 6608 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

15:23:38.0205 6608 sfloppy - ok

15:23:38.0254 6608 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

15:23:38.0257 6608 SharedAccess - ok

15:23:38.0299 6608 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

15:23:38.0308 6608 ShellHWDetection - ok

15:23:38.0337 6608 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

15:23:38.0338 6608 SiSRaid2 - ok

15:23:38.0362 6608 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

15:23:38.0365 6608 SiSRaid4 - ok

15:23:38.0567 6608 [ EB17DF573B4423DF0B3B2EE3B268A6DE ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

15:23:38.0583 6608 Skype C2C Service - ok

15:23:38.0719 6608 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

15:23:38.0722 6608 SkypeUpdate - ok

15:23:38.0748 6608 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

15:23:38.0750 6608 Smb - ok

15:23:38.0783 6608 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

15:23:38.0786 6608 SNMPTRAP - ok

15:23:38.0849 6608 [ 12583AF6CBE0050651EAF2723B3AD7B3 ] speedfan C:\Windows\syswow64\speedfan.sys

15:23:38.0852 6608 speedfan - ok

15:23:38.0880 6608 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

15:23:38.0882 6608 spldr - ok

15:23:38.0936 6608 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

15:23:38.0948 6608 Spooler - ok

15:23:39.0041 6608 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

15:23:39.0060 6608 sppsvc - ok

15:23:39.0079 6608 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

15:23:39.0081 6608 sppuinotify - ok

15:23:39.0182 6608 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

15:23:39.0184 6608 SQLBrowser - ok

15:23:39.0228 6608 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

15:23:39.0229 6608 SQLWriter - ok

15:23:39.0265 6608 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

15:23:39.0268 6608 srv - ok

15:23:39.0283 6608 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

15:23:39.0286 6608 srv2 - ok

15:23:39.0299 6608 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

15:23:39.0301 6608 srvnet - ok

15:23:39.0336 6608 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

15:23:39.0338 6608 SSDPSRV - ok

15:23:39.0354 6608 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

15:23:39.0358 6608 SstpSvc - ok

15:23:39.0410 6608 [ A97BFF59B3B983FDBDCD8AE6CF3C1E2D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

15:23:39.0414 6608 ssudmdm - ok

15:23:39.0480 6608 Steam Client Service - ok

15:23:39.0517 6608 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

15:23:39.0519 6608 stexstor - ok

15:23:39.0558 6608 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

15:23:39.0559 6608 StillCam - ok

15:23:39.0611 6608 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

15:23:39.0622 6608 stisvc - ok

15:23:39.0651 6608 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

15:23:39.0651 6608 swenum - ok

15:23:39.0678 6608 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

15:23:39.0689 6608 swprv - ok

15:23:39.0759 6608 [ AAD83760A0887975D8F524B4D2C86060 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

15:23:39.0768 6608 SynTP - ok

15:23:39.0836 6608 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

15:23:39.0856 6608 SysMain - ok

15:23:39.0889 6608 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

15:23:39.0895 6608 TabletInputService - ok

15:23:39.0920 6608 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

15:23:39.0923 6608 TapiSrv - ok

15:23:39.0939 6608 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

15:23:39.0941 6608 TBS - ok

15:23:40.0027 6608 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

15:23:40.0037 6608 Tcpip - ok

15:23:40.0082 6608 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

15:23:40.0092 6608 TCPIP6 - ok

15:23:40.0127 6608 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

15:23:40.0129 6608 tcpipreg - ok

15:23:40.0167 6608 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

15:23:40.0168 6608 TDPIPE - ok

15:23:40.0193 6608 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

15:23:40.0195 6608 TDTCP - ok

15:23:40.0211 6608 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

15:23:40.0213 6608 tdx - ok

15:23:40.0222 6608 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

15:23:40.0223 6608 TermDD - ok

15:23:40.0270 6608 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

15:23:40.0275 6608 TermService - ok

15:23:40.0289 6608 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

15:23:40.0291 6608 Themes - ok

15:23:40.0305 6608 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

15:23:40.0306 6608 THREADORDER - ok

15:23:40.0317 6608 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

15:23:40.0319 6608 TrkWks - ok

15:23:40.0361 6608 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

15:23:40.0365 6608 TrustedInstaller - ok

15:23:40.0391 6608 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

15:23:40.0393 6608 tssecsrv - ok

15:23:40.0420 6608 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

15:23:40.0422 6608 TsUsbFlt - ok

15:23:40.0442 6608 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

15:23:40.0443 6608 TsUsbGD - ok

15:23:40.0481 6608 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

15:23:40.0484 6608 tunnel - ok

15:23:40.0527 6608 [ FD24F98D2898BE093FE926604BE7DB99 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys

15:23:40.0529 6608 TurboB - ok

15:23:40.0567 6608 [ 600B406A04D90F577FEA8A88D7379F08 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe

15:23:40.0570 6608 TurboBoost - ok

15:23:40.0599 6608 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

15:23:40.0600 6608 uagp35 - ok

15:23:40.0621 6608 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

15:23:40.0623 6608 udfs - ok

15:23:40.0655 6608 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

15:23:40.0660 6608 UI0Detect - ok

15:23:40.0688 6608 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

15:23:40.0690 6608 uliagpkx - ok

15:23:40.0712 6608 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

15:23:40.0715 6608 umbus - ok

15:23:40.0732 6608 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

15:23:40.0733 6608 UmPass - ok

15:23:40.0848 6608 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:23:40.0861 6608 UNS - ok

15:23:41.0312 6608 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

15:23:41.0321 6608 upnphost - ok

15:23:41.0392 6608 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

15:23:41.0394 6608 USBAAPL64 - ok

15:23:41.0438 6608 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

15:23:41.0441 6608 usbaudio - ok

15:23:41.0481 6608 [ 19AD7990C0B67E48DAC5B26F99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

15:23:41.0483 6608 usbccgp - ok

15:23:41.0506 6608 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

15:23:41.0508 6608 usbcir - ok

15:23:41.0527 6608 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

15:23:41.0529 6608 usbehci - ok

15:23:41.0588 6608 [ 8B892002D7B79312821169A14317AB86 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

15:23:41.0594 6608 usbhub - ok

15:23:41.0619 6608 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

15:23:41.0621 6608 usbohci - ok

15:23:41.0648 6608 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

15:23:41.0648 6608 usbprint - ok

15:23:41.0681 6608 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

15:23:41.0682 6608 usbscan - ok

15:23:41.0709 6608 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:23:41.0710 6608 USBSTOR - ok

15:23:41.0729 6608 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

15:23:41.0730 6608 usbuhci - ok

15:23:41.0758 6608 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys

15:23:41.0760 6608 usbvideo - ok

15:23:41.0784 6608 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

15:23:41.0789 6608 UxSms - ok

15:23:41.0809 6608 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

15:23:41.0813 6608 VaultSvc - ok

15:23:41.0848 6608 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

15:23:41.0850 6608 vdrvroot - ok

15:23:41.0883 6608 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

15:23:41.0895 6608 vds - ok

15:23:41.0908 6608 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

15:23:41.0910 6608 vga - ok

15:23:41.0932 6608 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

15:23:41.0933 6608 VgaSave - ok

15:23:41.0946 6608 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

15:23:41.0948 6608 vhdmp - ok

15:23:41.0958 6608 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

15:23:41.0959 6608 viaide - ok

15:23:41.0977 6608 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

15:23:41.0979 6608 volmgr - ok

15:23:42.0010 6608 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

15:23:42.0014 6608 volmgrx - ok

15:23:42.0030 6608 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

15:23:42.0034 6608 volsnap - ok

15:23:42.0075 6608 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

15:23:42.0078 6608 vsmraid - ok

15:23:42.0152 6608 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

15:23:42.0168 6608 VSS - ok

15:23:42.0182 6608 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

15:23:42.0182 6608 vwifibus - ok

15:23:42.0204 6608 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

15:23:42.0206 6608 vwififlt - ok

15:23:42.0230 6608 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys

15:23:42.0231 6608 vwifimp - ok

15:23:42.0260 6608 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

15:23:42.0270 6608 W32Time - ok

15:23:42.0295 6608 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

15:23:42.0296 6608 WacomPen - ok

15:23:42.0323 6608 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

15:23:42.0325 6608 WANARP - ok

15:23:42.0333 6608 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

15:23:42.0335 6608 Wanarpv6 - ok

15:23:42.0422 6608 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

15:23:42.0435 6608 WatAdminSvc - ok

15:23:42.0507 6608 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

15:23:42.0525 6608 wbengine - ok

15:23:42.0550 6608 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

15:23:42.0553 6608 WbioSrvc - ok

15:23:42.0577 6608 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

15:23:42.0584 6608 wcncsvc - ok

15:23:42.0592 6608 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

15:23:42.0594 6608 WcsPlugInService - ok

15:23:42.0621 6608 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

15:23:42.0621 6608 Wd - ok

15:23:42.0783 6608 [ 1A3F1BC1E48804867CA30469442DA00E ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

15:23:42.0797 6608 WDBackup - ok

15:23:42.0826 6608 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

15:23:42.0828 6608 WDC_SAM - ok

15:23:42.0894 6608 [ C5213CB145C80C10369752D8EE412914 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

15:23:42.0899 6608 WDDriveService - ok

15:23:42.0963 6608 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

15:23:42.0973 6608 Wdf01000 - ok

15:23:42.0991 6608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

15:23:42.0993 6608 WdiServiceHost - ok

15:23:42.0997 6608 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

15:23:42.0999 6608 WdiSystemHost - ok

15:23:43.0025 6608 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

15:23:43.0028 6608 WebClient - ok

15:23:43.0068 6608 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

15:23:43.0076 6608 Wecsvc - ok

15:23:43.0093 6608 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

15:23:43.0095 6608 wercplsupport - ok

15:23:43.0103 6608 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

15:23:43.0105 6608 WerSvc - ok

15:23:43.0131 6608 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

15:23:43.0132 6608 WfpLwf - ok

15:23:43.0175 6608 [ B14EF15BD757FA488F9C970EEE9C0D35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys

15:23:43.0179 6608 WimFltr - ok

15:23:43.0207 6608 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

15:23:43.0209 6608 WIMMount - ok

15:23:43.0223 6608 WinDefend - ok

15:23:43.0237 6608 WinHttpAutoProxySvc - ok

15:23:43.0290 6608 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

15:23:43.0295 6608 Winmgmt - ok

15:23:43.0370 6608 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

15:23:43.0392 6608 WinRM - ok

15:23:43.0443 6608 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys

15:23:43.0445 6608 WinUSB - ok

15:23:43.0482 6608 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

15:23:43.0487 6608 Wlansvc - ok

15:23:43.0648 6608 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:23:43.0696 6608 wlidsvc - ok

15:23:43.0722 6608 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

15:23:43.0722 6608 WmiAcpi - ok

15:23:43.0750 6608 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

15:23:43.0751 6608 wmiApSrv - ok

15:23:43.0779 6608 WMPNetworkSvc - ok

15:23:43.0794 6608 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

15:23:43.0795 6608 WPCSvc - ok

15:23:43.0805 6608 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

15:23:43.0808 6608 WPDBusEnum - ok

15:23:43.0827 6608 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

15:23:43.0827 6608 ws2ifsl - ok

15:23:43.0846 6608 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

15:23:43.0851 6608 wscsvc - ok

15:23:43.0859 6608 WSearch - ok

15:23:43.0980 6608 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

15:23:44.0000 6608 wuauserv - ok

15:23:44.0062 6608 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

15:23:44.0064 6608 WudfPf - ok

15:23:44.0110 6608 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

15:23:44.0112 6608 WUDFRd - ok

15:23:44.0135 6608 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

15:23:44.0137 6608 wudfsvc - ok

15:23:44.0177 6608 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll

15:23:44.0185 6608 WwanSvc - ok

15:23:44.0206 6608 ================ Scan global ===============================

15:23:44.0263 6608 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

15:23:44.0305 6608 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:23:44.0332 6608 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

15:23:44.0349 6608 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

15:23:44.0384 6608 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

15:23:44.0392 6608 [Global] - ok

15:23:44.0393 6608 ================ Scan MBR ==================================

15:23:44.0413 6608 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0

15:23:44.0653 6608 \Device\Harddisk0\DR0 - ok

15:23:44.0654 6608 ================ Scan VBR ==================================

15:23:44.0656 6608 [ AB4CBDDF8CEA4EAF9E4C16C7DC4764B6 ] \Device\Harddisk0\DR0\Partition1

15:23:44.0658 6608 \Device\Harddisk0\DR0\Partition1 - ok

15:23:44.0678 6608 [ DBB0815AB75214AC1963B30B23097F3B ] \Device\Harddisk0\DR0\Partition2

15:23:44.0680 6608 \Device\Harddisk0\DR0\Partition2 - ok

15:23:44.0680 6608 ============================================================

15:23:44.0680 6608 Scan finished

15:23:44.0680 6608 ============================================================

15:23:44.0688 5532 Detected object count: 0

15:23:44.0688 5532 Actual detected object count: 0

[Maurice Naggar]

Hello Adam,

The TDSSKILLER result is good.

First, we will use Roguekiller to remove some stuff from the registry.

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external storage drives from the computer before you run this scan!
  
• For Vista or Windows 7 / 8, do a right-click on the Roguekiller.exe program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [RUN][sUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms) [-] -> FOUND
  [RUN][sUSP PATH] HKUS\S-1-5-21-2677679354-1192122103-4054240909-1000[...]\Run : DellSystemDetect (C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms) [-] -> FOUND
  [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
  [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
  [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
  [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
  
  UN-check any -other - lines shown on your screen that are not listed in the above list.
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Task 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

When all done, rkill.txt log file will be on your desktop. Copy & Paste contents of Rkill.txt into a reply.

More Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html

Task 3

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

Re-enable your antivirus when all done.

There will be more to do later.

[admoskowitz]

There is still a system hang, and as far as the hd diagnosis that was fine

RogueKiller V8.5.4 [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Adam Moskowitz [Admin rights]

Mode : Remove -- Date : 05/28/2013 16:45:39

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 10 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : DellSystemDetect (C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms) [-] -> DELETED

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)

[HJ] HKLM\[...]\System : EnableLUA (0) -> NOT SELECTED

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> NOT SELECTED

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowUser (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyPics (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> REPLACED (1)

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500325AS +++++

--- User ---

[MBR] 9d490dd7e6adfb6a473e12293cc8b6b4

[bSP] dea9defa67a18cc486b8c709b2ee22f0 : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 212992 | Size: 20000 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 41172992 | Size: 456835 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4]_D_05282013_02d1645.txt >>

RKreport[1]_S_05282013_02d1519.txt ; RKreport[2]_S_05282013_02d1634.txt ; RKreport[3]_S_05282013_02d1641.txt ; RKreport[4]_D_05282013_02d1645.txt

# AdwCleaner v2.301 - Logfile created 05/28/2013 at 17:04:56

# Updated 16/05/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Adam Moskowitz - MINAUROS

# Boot Mode : Normal

# Running from : C:\Users\Adam Moskowitz\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\END

Folder Deleted : C:\ProgramData\conetinuetioSaVaee

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Users\Adam Moskowitz\AppData\Local\PackageAware

Folder Deleted : C:\Users\Adam Moskowitz\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Adam Moskowitz\AppData\Roaming\yourfiledownloader

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

Key Deleted : HKLM\Software\InfoAtoms

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\Software\PIP

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\YourFileDownloader

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1902 octets] - [28/05/2013 15:10:16]

AdwCleaner[R2].txt - [1960 octets] - [28/05/2013 17:04:48]

AdwCleaner[s1].txt - [1935 octets] - [28/05/2013 17:04:56]

########## EOF - C:\AdwCleaner[s1].txt - [1995 octets] ##########

[Maurice Naggar]

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Disconnect any external storage drives from the computer.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

OR If you have the Windows o.s. DVD, then To enter System Recovery Options, by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select English as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    
  • Startup Repair
    
  • System Restore
    
  • Windows Complete PC Restore
    
  • Windows Memory Diagnostic Tool
    
  • Command Prompt

[*]Select Command Prompt

Now, Plug the flashdrive with FRST tool into the PC.

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

[admoskowitz]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-05-2013

Ran by SYSTEM on 28-05-2013 19:34:15

Running from F:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2771240 2011-04-22] (Synaptics Incorporated)

HKLM\...\Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray [1935120 2011-11-01] (Intel® Corporation)

HKLM\...\Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10357008 2011-10-18] (Intel Corporation)

HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4500640 2011-03-10] (Dell Inc.)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation)

HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [7214696 2011-05-25] (Realtek Semiconductor)

HKLM\...\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming [1744152 2011-10-07] (Logitech, Inc.)

HKLM\...\Run: [LogiScrollApp] C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [37960 2013-05-09] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)

HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [520330 2011-08-12] (Creative Technology Ltd)

HKLM-x32\...\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun [139264 2011-04-20] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN [2629632 2011-05-19] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-11-28] (Apple Inc.)

HKLM-x32\...\Run: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN [1163264 2012-09-25] ()

HKLM-x32\...\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun [114688 2008-12-24] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [253816 2013-03-12] (Oracle Corporation)

HKLM-x32\...\Run: [MegaPanel] "C:\Program Files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe" [2113536 2011-03-21] (NCP)

HKLM-x32\...\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1688008 2012-09-06] (Western Digital)

HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5687152 2013-04-22] (Western Digital Technologies, Inc.)

HKU\Adam Moskowitz\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)

HKU\Adam Moskowitz\...\Run: [7188611AA85B2FC959C1B10DB7C3A09935722597._service_run] "C:\Users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service [825808 2013-05-22] (Google Inc.)

HKU\Adam Moskowitz\...\Run: [Google Update] "C:\Users\Adam Moskowitz\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-11-29] (Google Inc.)

HKU\Guest\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [x]

HKU\Guest\...\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)

HKU\Guest\...\Run: [iSUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler [x]

HKU\Guest\...\Run: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)

Startup: C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> (No File)

Startup: C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files (x86)\ERUNT\AUTOBACK.EXE ()

Startup: C:\Users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SpeedFan.lnk

ShortcutTarget: SpeedFan.lnk -> C:\Program Files (x86)\SpeedFan\speedfan.exe (Almico Software (www.almico.com))

==================== Services (Whitelisted) =================

S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)

S2 MSSQL$ITSQLEXPRESS; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)

S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-11-01] ()

S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)

S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-04-22] (Western Digital Technologies, Inc.)

S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270192 2013-04-22] (Western Digital Technologies, Inc.)

==================== Drivers (Whitelisted) ====================

S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)

S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-05-28 19:33 - 2013-05-28 19:33 - 00000000 ____D C:\FRST

2013-05-28 16:04 - 2013-05-28 16:05 - 00002062 ____A C:\AdwCleaner[s1].txt

2013-05-28 16:04 - 2013-05-28 16:04 - 00001960 ____A C:\AdwCleaner[R2].txt

2013-05-28 16:02 - 2013-05-28 16:03 - 00002298 ____A C:\Users\Adam Moskowitz\Desktop\Rkill.txt

2013-05-28 16:02 - 2013-05-28 16:02 - 00000000 ____D C:\Users\Adam Moskowitz\Desktop\rkill

2013-05-28 15:57 - 2013-05-28 16:01 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\Adam Moskowitz\Desktop\rkill.com

2013-05-28 15:45 - 2013-05-28 15:45 - 00002229 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[4]_D_05282013_02d1645.txt

2013-05-28 15:41 - 2013-05-28 15:41 - 00002428 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[3]_S_05282013_02d1641.txt

2013-05-28 15:34 - 2013-05-28 15:34 - 00002391 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[2]_S_05282013_02d1634.txt

2013-05-28 14:19 - 2013-05-28 14:19 - 00001994 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[1]_S_05282013_02d1519.txt

2013-05-28 14:17 - 2013-05-28 15:44 - 00000000 ____D C:\Users\Adam Moskowitz\Desktop\RK_Quarantine

2013-05-28 14:16 - 2013-05-28 14:17 - 00816128 ____A C:\Users\Adam Moskowitz\Desktop\RogueKiller.exe

2013-05-28 14:11 - 2013-05-28 14:12 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Adam Moskowitz\Desktop\tdsskiller.exe

2013-05-28 14:10 - 2013-05-28 14:10 - 00001902 ____A C:\AdwCleaner[R1].txt

2013-05-28 13:56 - 2013-05-28 13:57 - 00632031 ____A C:\Users\Adam Moskowitz\Desktop\adwcleaner.exe

2013-05-28 13:49 - 2013-05-28 15:49 - 00000000 ____D C:\Windows\ERDNT

2013-05-28 13:48 - 2013-05-28 13:48 - 00000930 ____A C:\Users\Guest\Desktop\NTREGOPT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000930 ____A C:\Users\Adam Moskowitz\Desktop\NTREGOPT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000911 ____A C:\Users\Guest\Desktop\ERUNT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000911 ____A C:\Users\Adam Moskowitz\Desktop\ERUNT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-05-28 13:46 - 2013-05-28 13:46 - 00791393 ____A (Lars Hederer ) C:\Users\Adam Moskowitz\Downloads\erunt-setup.exe

2013-05-28 12:50 - 2013-05-28 12:50 - 00028323 ____A C:\Users\Adam Moskowitz\Desktop\dds.txt

2013-05-28 12:50 - 2013-05-28 12:50 - 00009096 ____A C:\Users\Adam Moskowitz\Desktop\attach.txt

2013-05-28 12:14 - 2013-05-28 12:25 - 00015998 ____A C:\Windows\PFRO.log

2013-05-25 16:15 - 2013-05-25 16:15 - 00353352 ____A (Malwarebytes Corporation) C:\Users\Adam Moskowitz\Downloads\mbam-check-2.0.0.1000.exe

2013-05-25 15:45 - 2013-05-25 15:45 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter

2013-05-25 15:44 - 2013-05-25 15:44 - 04625656 ____A (ManiacTools.com ) C:\Users\Adam Moskowitz\Downloads\m4a-to-mp3-converter.exe

2013-05-25 15:38 - 2013-05-28 18:23 - 00001186 ____A C:\Windows\setupact.log

2013-05-25 15:38 - 2013-05-25 15:38 - 00000000 ____A C:\Windows\setuperr.log

2013-05-24 22:33 - 2013-05-24 22:33 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western_Digital_Technolog

2013-05-24 22:33 - 2013-05-24 22:33 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western Digital

2013-05-24 22:27 - 2013-05-28 18:23 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat

2013-05-24 22:27 - 2013-05-24 22:27 - 00012758 ____A C:\Windows\DPINST.LOG

2013-05-24 22:26 - 2013-05-24 22:26 - 00000000 ____D C:\Program Files\Western Digital

2013-05-24 22:26 - 2013-05-24 22:26 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2013-05-24 22:24 - 2013-05-24 22:24 - 00000000 ____D C:\ProgramData\Package Cache

2013-05-24 22:22 - 2013-05-24 22:23 - 34756882 ____A C:\Users\Adam Moskowitz\Downloads\WD_SmartWare_Installer_2.0.1.2.zip

2013-05-24 16:31 - 2013-05-24 16:31 - 00076369 ____A C:\Users\Adam Moskowitz\Documents\awesome pic.jpeg

2013-05-24 16:19 - 2013-05-24 16:19 - 00028420 ____A C:\Users\Adam Moskowitz\Documents\DDS.txt

2013-05-24 16:16 - 2013-05-24 16:16 - 00688992 ____R (Swearware) C:\Users\Adam Moskowitz\Downloads\dds.com

2013-05-24 15:45 - 2013-05-24 15:45 - 04346816 ____A (Piriform Ltd) C:\Users\Adam Moskowitz\Downloads\ccsetup401.exe

2013-05-24 14:43 - 2013-05-24 14:43 - 00000000 ____D C:\Windows\pss

2013-05-24 13:42 - 2013-05-24 13:42 - 00017288 ____A (Sysinternals) C:\Windows\System32\Drivers\Dbgv.sys

2013-05-24 13:31 - 2013-05-24 13:31 - 00293495 ____A C:\Users\Adam Moskowitz\Downloads\DebugView.zip

2013-05-24 10:15 - 2013-05-24 10:15 - 00000000 ____D C:\Program Files\Dell Support Center

2013-05-24 10:12 - 2013-05-24 10:12 - 00010778 ____A C:\Users\Adam Moskowitz\Downloads\dellsystemdetect (1).application

2013-05-23 18:29 - 2013-05-24 11:08 - 00000000 ____D C:\Program Files\My Dell

2013-05-23 18:21 - 2013-05-23 18:21 - 00000236 ____A C:\Users\Adam Moskowitz\AppData\Local\poetsch.bat

2013-05-23 08:45 - 2013-05-23 08:45 - 00001232 ____A C:\Users\Adam Moskowitz\Documents\embermage frost build.txt

2013-05-20 13:45 - 2013-05-20 13:45 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-05-20 13:42 - 2013-05-23 18:26 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\Samsung

2013-05-20 13:42 - 2013-05-23 18:26 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Samsung

2013-05-20 13:42 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log

2013-05-20 13:42 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\samsung

2013-05-20 12:55 - 2013-04-02 23:58 - 00203672 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudmdm.sys

2013-05-20 12:55 - 2013-04-02 23:58 - 00103064 ____A (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\System32\Drivers\ssudbus.sys

2013-05-20 12:53 - 2013-05-23 18:28 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-05-20 11:30 - 2013-04-18 18:08 - 04659712 ____A (Dmitry Streblechenko) C:\Windows\SysWOW64\Redemption.dll

2013-05-20 11:29 - 2013-05-23 18:26 - 00000000 ____D C:\ProgramData\Samsung

2013-05-20 11:29 - 2013-05-23 18:26 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-05-19 13:55 - 2013-05-19 13:55 - 00000222 ____A C:\Users\Adam Moskowitz\Desktop\Torchlight II.url

2013-05-16 02:01 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-05-16 02:01 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-05-16 02:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-05-16 02:01 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-05-16 02:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-05-16 02:01 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-05-16 02:01 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-05-16 02:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2013-05-16 02:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-05-16 02:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-05-16 02:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-05-16 02:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

2013-05-15 08:29 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys

2013-05-15 08:29 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys

2013-05-15 08:29 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe

2013-05-15 08:29 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2013-05-15 08:29 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll

2013-05-15 08:29 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll

2013-05-15 08:29 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2013-05-15 08:29 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll

2013-05-15 08:29 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2013-05-15 08:29 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll

2013-05-15 08:28 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-05-15 08:28 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll

2013-05-15 08:28 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll

2013-05-15 08:28 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll

2013-05-14 09:13 - 2013-05-14 09:13 - 00000220 ____A C:\Users\Adam Moskowitz\Downloads\BitsDuJour_List.vcf

2013-05-13 15:46 - 2013-05-13 15:46 - 04473792 ____A (WindSolutions) C:\Users\Adam Moskowitz\Downloads\Install_CopyTrans_Suite.exe

2013-05-10 18:28 - 2013-05-10 18:28 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western_Digital

2013-05-10 18:27 - 2013-05-24 22:26 - 00000000 ____D C:\Program Files (x86)\Western Digital

2013-05-10 18:26 - 2013-05-24 22:26 - 00000000 ____D C:\ProgramData\Western Digital

2013-05-07 16:54 - 2013-05-07 16:54 - 00000000 ____D C:\ProgramData\StarApp

2013-05-07 15:58 - 2013-05-07 15:58 - 00001746 ____A C:\Users\Adam Moskowitz\Documents\new address DB0.odb

2013-05-06 09:55 - 2013-05-06 09:56 - 00000000 __HDC C:\ProgramData\{CD352F6F-406C-46C9-A890-F992D366B0BA}

2013-05-05 20:46 - 2013-05-05 21:04 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\AB.Jack.Canfield.The.Success.Principles.[unknown].[5CD.and.Book]

2013-05-05 20:45 - 2013-05-05 20:45 - 00017417 ____A C:\Users\Adam Moskowitz\Downloads\Audio Book - Jack Canfield The Success Principles-[rarbg.com].torrent

2013-05-03 16:26 - 2013-05-03 16:26 - 00064605 ____A C:\Users\Adam Moskowitz\Downloads\awesome moon.600x

2013-05-01 15:20 - 2013-05-01 16:17 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\Pathfinder

2013-04-29 18:33 - 2013-04-29 18:33 - 00024315 ____A C:\Users\Adam Moskowitz\Documents\smd list.ods

2013-04-29 18:31 - 2013-04-29 18:31 - 00000000 ____D C:\Program Files (x86)\ePadLink

2013-04-29 16:29 - 2013-04-29 16:29 - 00001905 ____A C:\Users\Adam Moskowitz\Documents\SMDemail.csv

2013-04-29 09:01 - 2013-04-29 09:01 - 00000000 ____D C:\Windows\en

2013-04-29 08:59 - 2013-04-29 08:59 - 00000000 ____D C:\Program Files\Windows Live

2013-04-29 08:58 - 2010-06-02 03:55 - 00527192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll

2013-04-29 08:58 - 2010-06-02 03:55 - 00518488 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_7.dll

2013-04-29 08:58 - 2010-06-02 03:55 - 00077656 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_5.dll

2013-04-29 08:58 - 2010-06-02 03:55 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll

2013-04-29 08:58 - 2010-05-26 10:41 - 02526056 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_43.dll

2013-04-29 08:58 - 2010-05-26 10:41 - 02106216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll

2013-04-29 08:58 - 2010-05-26 10:41 - 00276832 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_43.dll

2013-04-29 08:58 - 2010-05-26 10:41 - 00248672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll

2013-04-29 08:56 - 2013-05-23 18:30 - 00000000 ___RD C:\Users\Adam Moskowitz\SkyDrive

2013-04-29 08:56 - 2013-04-29 08:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive

2013-04-29 08:55 - 2013-04-29 08:55 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-04-28 22:19 - 2013-04-28 22:27 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\avidemux

2013-04-28 22:07 - 2013-04-28 22:07 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Aiseesoft Studio

2013-04-28 22:07 - 2013-04-28 22:07 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Aiseesoft Studio

2013-04-28 21:51 - 2013-04-28 21:51 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\AVS4YOU

2013-04-28 21:49 - 2013-04-28 21:54 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-04-28 21:49 - 2013-04-28 21:51 - 00000000 ____D C:\ProgramData\AVS4YOU

2013-04-28 21:49 - 2012-03-23 18:59 - 01700352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll

2013-04-28 21:49 - 2012-03-23 18:59 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll

2013-04-28 21:30 - 2013-04-29 18:31 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\For Harlem Shake

2013-04-28 13:23 - 2013-04-28 13:23 - 00000000 ____D C:\Program Files\DIFX

2013-04-28 13:23 - 2013-04-28 13:23 - 00000000 ____D C:\Program Files (x86)\National Consumer Panel

==================== One Month Modified Files and Folders =======

2013-05-28 19:33 - 2013-05-28 19:33 - 00000000 ____D C:\FRST

2013-05-28 18:27 - 2012-01-21 04:57 - 01401497 ____A C:\Windows\WindowsUpdate.log

2013-05-28 18:27 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-05-28 18:27 - 2009-07-13 20:45 - 00021296 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-05-28 18:23 - 2013-05-25 15:38 - 00001186 ____A C:\Windows\setupact.log

2013-05-28 18:23 - 2013-05-24 22:27 - 00008192 ____A C:\Windows\SysWOW64\WDPABKP.dat

2013-05-28 18:23 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-05-28 18:13 - 2012-06-03 10:52 - 00000000 ____D C:\Program Files (x86)\Steam

2013-05-28 18:12 - 2012-06-24 11:35 - 00000000 ____D C:\Program Files (x86)\SpeedFan

2013-05-28 18:12 - 2012-04-10 13:34 - 00000000 ___RD C:\Users\Adam Moskowitz\Dropbox

2013-05-28 18:12 - 2012-04-10 13:33 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\Dropbox

2013-05-28 18:12 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp

2013-05-28 17:42 - 2009-07-13 21:13 - 00860498 ____A C:\Windows\System32\PerfStringBackup.INI

2013-05-28 17:39 - 2012-11-29 11:15 - 00000944 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677679354-1192122103-4054240909-1000UA.job

2013-05-28 17:01 - 2012-07-02 17:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-05-28 16:26 - 2012-05-10 12:08 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Navigator Data

2013-05-28 16:05 - 2013-05-28 16:04 - 00002062 ____A C:\AdwCleaner[s1].txt

2013-05-28 16:04 - 2013-05-28 16:04 - 00001960 ____A C:\AdwCleaner[R2].txt

2013-05-28 16:03 - 2013-05-28 16:02 - 00002298 ____A C:\Users\Adam Moskowitz\Desktop\Rkill.txt

2013-05-28 16:02 - 2013-05-28 16:02 - 00000000 ____D C:\Users\Adam Moskowitz\Desktop\rkill

2013-05-28 16:01 - 2013-05-28 15:57 - 01796736 ____A (Bleeping Computer, LLC) C:\Users\Adam Moskowitz\Desktop\rkill.com

2013-05-28 15:49 - 2013-05-28 13:49 - 00000000 ____D C:\Windows\ERDNT

2013-05-28 15:45 - 2013-05-28 15:45 - 00002229 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[4]_D_05282013_02d1645.txt

2013-05-28 15:44 - 2013-05-28 14:17 - 00000000 ____D C:\Users\Adam Moskowitz\Desktop\RK_Quarantine

2013-05-28 15:41 - 2013-05-28 15:41 - 00002428 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[3]_S_05282013_02d1641.txt

2013-05-28 15:34 - 2013-05-28 15:34 - 00002391 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[2]_S_05282013_02d1634.txt

2013-05-28 14:19 - 2013-05-28 14:19 - 00001994 ____A C:\Users\Adam Moskowitz\Desktop\RKreport[1]_S_05282013_02d1519.txt

2013-05-28 14:17 - 2013-05-28 14:16 - 00816128 ____A C:\Users\Adam Moskowitz\Desktop\RogueKiller.exe

2013-05-28 14:12 - 2013-05-28 14:11 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Adam Moskowitz\Desktop\tdsskiller.exe

2013-05-28 14:10 - 2013-05-28 14:10 - 00001902 ____A C:\AdwCleaner[R1].txt

2013-05-28 13:57 - 2013-05-28 13:56 - 00632031 ____A C:\Users\Adam Moskowitz\Desktop\adwcleaner.exe

2013-05-28 13:48 - 2013-05-28 13:48 - 00000930 ____A C:\Users\Guest\Desktop\NTREGOPT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000930 ____A C:\Users\Adam Moskowitz\Desktop\NTREGOPT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000911 ____A C:\Users\Guest\Desktop\ERUNT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000911 ____A C:\Users\Adam Moskowitz\Desktop\ERUNT.lnk

2013-05-28 13:48 - 2013-05-28 13:48 - 00000000 ____D C:\Program Files (x86)\ERUNT

2013-05-28 13:46 - 2013-05-28 13:46 - 00791393 ____A (Lars Hederer ) C:\Users\Adam Moskowitz\Downloads\erunt-setup.exe

2013-05-28 12:50 - 2013-05-28 12:50 - 00028323 ____A C:\Users\Adam Moskowitz\Desktop\dds.txt

2013-05-28 12:50 - 2013-05-28 12:50 - 00009096 ____A C:\Users\Adam Moskowitz\Desktop\attach.txt

2013-05-28 12:31 - 2012-11-29 11:01 - 00000000 ___RD C:\Program Files (x86)\Skype

2013-05-28 12:31 - 2012-01-21 03:42 - 00000000 ____D C:\ProgramData\Skype

2013-05-28 12:25 - 2013-05-28 12:14 - 00015998 ____A C:\Windows\PFRO.log

2013-05-28 12:08 - 2012-11-29 11:15 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677679354-1192122103-4054240909-1000Core.job

2013-05-28 11:59 - 2012-05-30 11:02 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Windows Live

2013-05-25 16:15 - 2013-05-25 16:15 - 00353352 ____A (Malwarebytes Corporation) C:\Users\Adam Moskowitz\Downloads\mbam-check-2.0.0.1000.exe

2013-05-25 15:45 - 2013-05-25 15:45 - 00000000 ____D C:\Program Files (x86)\Free M4a to MP3 Converter

2013-05-25 15:44 - 2013-05-25 15:44 - 04625656 ____A (ManiacTools.com ) C:\Users\Adam Moskowitz\Downloads\m4a-to-mp3-converter.exe

2013-05-25 15:38 - 2013-05-25 15:38 - 00000000 ____A C:\Windows\setuperr.log

2013-05-24 22:33 - 2013-05-24 22:33 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western_Digital_Technolog

2013-05-24 22:33 - 2013-05-24 22:33 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western Digital

2013-05-24 22:27 - 2013-05-24 22:27 - 00012758 ____A C:\Windows\DPINST.LOG

2013-05-24 22:26 - 2013-05-24 22:26 - 00000000 ____D C:\Program Files\Western Digital

2013-05-24 22:26 - 2013-05-24 22:26 - 00000000 ____D C:\Program Files\Common Files\Western Digital

2013-05-24 22:26 - 2013-05-10 18:27 - 00000000 ____D C:\Program Files (x86)\Western Digital

2013-05-24 22:26 - 2013-05-10 18:26 - 00000000 ____D C:\ProgramData\Western Digital

2013-05-24 22:24 - 2013-05-24 22:24 - 00000000 ____D C:\ProgramData\Package Cache

2013-05-24 22:23 - 2013-05-24 22:22 - 34756882 ____A C:\Users\Adam Moskowitz\Downloads\WD_SmartWare_Installer_2.0.1.2.zip

2013-05-24 16:31 - 2013-05-24 16:31 - 00076369 ____A C:\Users\Adam Moskowitz\Documents\awesome pic.jpeg

2013-05-24 16:19 - 2013-05-24 16:19 - 00028420 ____A C:\Users\Adam Moskowitz\Documents\DDS.txt

2013-05-24 16:16 - 2013-05-24 16:16 - 00688992 ____R (Swearware) C:\Users\Adam Moskowitz\Downloads\dds.com

2013-05-24 16:06 - 2012-04-12 17:35 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Registry Backup

2013-05-24 15:46 - 2012-04-12 17:33 - 00000000 ____D C:\Program Files\CCleaner

2013-05-24 15:45 - 2013-05-24 15:45 - 04346816 ____A (Piriform Ltd) C:\Users\Adam Moskowitz\Downloads\ccsetup401.exe

2013-05-24 15:04 - 2012-04-11 10:00 - 00000000 ____D C:\ProgramData\PCDr

2013-05-24 15:03 - 2012-08-06 18:48 - 00000000 ____D C:\Program Files\Bulk Rename Utility

2013-05-24 14:43 - 2013-05-24 14:43 - 00000000 ____D C:\Windows\pss

2013-05-24 13:42 - 2013-05-24 13:42 - 00017288 ____A (Sysinternals) C:\Windows\System32\Drivers\Dbgv.sys

2013-05-24 13:41 - 2012-12-03 09:10 - 00468056 ____A (Sysinternals) C:\Users\Adam Moskowitz\Documents\Dbgview.exe

2013-05-24 13:41 - 2006-07-28 07:32 - 00007005 ____A C:\Users\Adam Moskowitz\Documents\Eula.txt

2013-05-24 13:41 - 2005-09-15 07:49 - 00068539 ____A C:\Users\Adam Moskowitz\Documents\dbgview.chm

2013-05-24 13:31 - 2013-05-24 13:31 - 00293495 ____A C:\Users\Adam Moskowitz\Downloads\DebugView.zip

2013-05-24 11:08 - 2013-05-23 18:29 - 00000000 ____D C:\Program Files\My Dell

2013-05-24 10:15 - 2013-05-24 10:15 - 00000000 ____D C:\Program Files\Dell Support Center

2013-05-24 10:13 - 2012-04-12 17:23 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Deployment

2013-05-24 10:12 - 2013-05-24 10:12 - 00010778 ____A C:\Users\Adam Moskowitz\Downloads\dellsystemdetect (1).application

2013-05-24 09:53 - 2013-04-18 21:44 - 00000000 ____D C:\Program Files (x86)\VideoLAN

2013-05-24 09:53 - 2013-02-03 23:06 - 00000000 ____D C:\Program Files (x86)\Mp3tag

2013-05-23 18:36 - 2012-04-11 16:00 - 00000000 ____D C:\Program Files (x86)\freestar

2013-05-23 18:34 - 2013-03-11 17:35 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\FMZilla

2013-05-23 18:30 - 2013-04-29 08:56 - 00000000 ___RD C:\Users\Adam Moskowitz\SkyDrive

2013-05-23 18:28 - 2013-05-20 12:53 - 00000000 ____D C:\Program Files (x86)\MyFree Codec

2013-05-23 18:26 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\Samsung

2013-05-23 18:26 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Samsung

2013-05-23 18:26 - 2013-05-20 11:29 - 00000000 ____D C:\ProgramData\Samsung

2013-05-23 18:26 - 2013-05-20 11:29 - 00000000 ____D C:\Program Files (x86)\Samsung

2013-05-23 18:26 - 2012-01-21 03:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-05-23 18:21 - 2013-05-23 18:21 - 00000236 ____A C:\Users\Adam Moskowitz\AppData\Local\poetsch.bat

2013-05-23 11:47 - 2012-04-11 09:57 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\WFG

2013-05-23 08:45 - 2013-05-23 08:45 - 00001232 ____A C:\Users\Adam Moskowitz\Documents\embermage frost build.txt

2013-05-21 20:46 - 2012-09-24 12:29 - 00000000 ____D C:\ProgramData\Zoom Player

2013-05-21 16:23 - 2013-03-14 10:52 - 00224768 __ASH C:\Users\Adam Moskowitz\Desktop\Thumbs.db

2013-05-20 13:45 - 2013-05-20 13:45 - 00000000 ____D C:\Users\Public\Documents\CrashDump

2013-05-20 13:42 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log

2013-05-20 13:42 - 2013-05-20 13:42 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\samsung

2013-05-20 11:28 - 2011-02-10 08:10 - 00854714 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2013-05-20 11:21 - 2012-08-08 15:47 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Downloaded Installations

2013-05-19 13:55 - 2013-05-19 13:55 - 00000222 ____A C:\Users\Adam Moskowitz\Desktop\Torchlight II.url

2013-05-18 10:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache

2013-05-17 15:47 - 2013-01-29 16:17 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Audio to be converted

2013-05-17 15:22 - 2012-07-09 19:03 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\uTorrent

2013-05-17 15:22 - 2012-07-09 17:27 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\Media Player Classic

2013-05-17 15:22 - 2011-02-10 06:02 - 00000000 ____D C:\Windows\panther

2013-05-17 14:19 - 2012-09-24 16:16 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\For Audio Manipulation

2013-05-16 02:30 - 2009-07-13 20:45 - 00410192 ____A C:\Windows\System32\FNTCACHE.DAT

2013-05-16 02:06 - 2012-04-14 08:11 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-05-15 10:01 - 2012-04-20 08:22 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2013-05-15 10:01 - 2012-01-21 03:04 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2013-05-14 09:13 - 2013-05-14 09:13 - 00000220 ____A C:\Users\Adam Moskowitz\Downloads\BitsDuJour_List.vcf

2013-05-14 08:50 - 2012-04-12 17:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-05-13 15:48 - 2013-02-25 19:54 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\from ashleys comp

2013-05-13 15:46 - 2013-05-13 15:46 - 04473792 ____A (WindSolutions) C:\Users\Adam Moskowitz\Downloads\Install_CopyTrans_Suite.exe

2013-05-12 13:25 - 2012-08-08 15:47 - 00000093 ____A C:\Windows\SysWOW64\Transware.ini

2013-05-12 11:58 - 2012-01-21 03:34 - 00000000 ____D C:\ProgramData\Adobe

2013-05-10 18:28 - 2013-05-10 18:28 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Western_Digital

2013-05-09 14:45 - 2012-05-13 10:32 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\My Games

2013-05-07 16:54 - 2013-05-07 16:54 - 00000000 ____D C:\ProgramData\StarApp

2013-05-07 15:58 - 2013-05-07 15:58 - 00001746 ____A C:\Users\Adam Moskowitz\Documents\new address DB0.odb

2013-05-06 09:56 - 2013-05-06 09:55 - 00000000 __HDC C:\ProgramData\{CD352F6F-406C-46C9-A890-F992D366B0BA}

2013-05-06 09:56 - 2012-11-29 10:28 - 00000000 ____D C:\Program Files (x86)\Pacific Life

2013-05-05 21:04 - 2013-05-05 20:46 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\AB.Jack.Canfield.The.Success.Principles.[unknown].[5CD.and.Book]

2013-05-05 20:45 - 2013-05-05 20:45 - 00017417 ____A C:\Users\Adam Moskowitz\Downloads\Audio Book - Jack Canfield The Success Principles-[rarbg.com].torrent

2013-05-03 16:26 - 2013-05-03 16:26 - 00064605 ____A C:\Users\Adam Moskowitz\Downloads\awesome moon.600x

2013-05-02 07:29 - 2010-11-20 19:27 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2013-05-01 16:17 - 2013-05-01 15:20 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\Pathfinder

2013-04-30 10:35 - 2013-04-26 13:21 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\for auto loan

2013-04-29 18:33 - 2013-04-29 18:33 - 00024315 ____A C:\Users\Adam Moskowitz\Documents\smd list.ods

2013-04-29 18:31 - 2013-04-29 18:31 - 00000000 ____D C:\Program Files (x86)\ePadLink

2013-04-29 18:31 - 2013-04-28 21:30 - 00000000 ____D C:\Users\Adam Moskowitz\Downloads\For Harlem Shake

2013-04-29 16:29 - 2013-04-29 16:29 - 00001905 ____A C:\Users\Adam Moskowitz\Documents\SMDemail.csv

2013-04-29 14:04 - 2012-04-10 14:07 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Nationwide Life Illustrator Data

2013-04-29 09:47 - 2013-01-29 14:34 - 00000000 ____D C:\Program Files (x86)\AviSynth 2.5

2013-04-29 09:24 - 2012-09-24 10:31 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\Audacity

2013-04-29 09:01 - 2013-04-29 09:01 - 00000000 ____D C:\Windows\en

2013-04-29 08:59 - 2013-04-29 08:59 - 00000000 ____D C:\Program Files\Windows Live

2013-04-29 08:59 - 2012-01-21 03:58 - 00000000 ____D C:\Program Files (x86)\Windows Live

2013-04-29 08:58 - 2009-07-13 19:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared

2013-04-29 08:56 - 2013-04-29 08:56 - 00000000 ____D C:\Program Files (x86)\Microsoft SkyDrive

2013-04-29 08:56 - 2012-04-10 12:02 - 00000000 ____D C:\users\Adam Moskowitz

2013-04-29 08:55 - 2013-04-29 08:55 - 00000000 ____D C:\ProgramData\Microsoft SkyDrive

2013-04-28 22:27 - 2013-04-28 22:19 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\avidemux

2013-04-28 22:07 - 2013-04-28 22:07 - 00000000 ____D C:\Users\Adam Moskowitz\Documents\Aiseesoft Studio

2013-04-28 22:07 - 2013-04-28 22:07 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Local\Aiseesoft Studio

2013-04-28 21:54 - 2013-04-28 21:49 - 00000000 ____D C:\Program Files (x86)\AVS4YOU

2013-04-28 21:51 - 2013-04-28 21:51 - 00000000 ____D C:\Users\Adam Moskowitz\AppData\Roaming\AVS4YOU

2013-04-28 21:51 - 2013-04-28 21:49 - 00000000 ____D C:\ProgramData\AVS4YOU

2013-04-28 13:23 - 2013-04-28 13:23 - 00000000 ____D C:\Program Files\DIFX

2013-04-28 13:23 - 2013-04-28 13:23 - 00000000 ____D C:\Program Files (x86)\National Consumer Panel

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-05-24 22:24:17

Restore point made on: 2013-05-24 23:29:22

Restore point made on: 2013-05-28 12:38:47

==================== Memory info ===========================

Percentage of memory in use: 14%

Total physical RAM: 6038.17 MB

Available physical RAM: 5148.62 MB

Total Pagefile: 6036.37 MB

Available Pagefile: 5139.29 MB

Total Virtual: 8192 MB

Available Virtual: 8191.85 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:446.13 GB) (Free:285.05 GB) NTFS (Disk=0 Partition=3)

Drive e: (W7SP1_HOMEPREMIUM) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF

Drive f: () (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT32 (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (RECOVERY) (Fixed) (Total:19.53 GB) (Free:10.45 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows Vista) (Size: 466 GB) (Disk ID: 07F2837E)

Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)

Partition 2: (Active) - (Size=20 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=446 GB) - (Type=07 NTFS)

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=2 GB) - (Type=0B)

Last Boot: 2013-05-18 09:19

==================== End Of Log ============================

[Maurice Naggar]

This next procedure will be done in the Command prompt with FRST and will trim down the startup apps that load with Windows.

Please carefully follow this procedure

Please download the attached fixlist.txt and SAVE / copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on this particular system. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

When that is all done, remove/uplug the USB-flash and Restart the system into normal Windows.

Task 2 / Windows services

This will be a batch-fix .

• Press the Windows-key on keyboard.
  
• In the box, type notepad and press Enter.
  
• Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
  

  @Echo off
  sc stop wuauserv
  sc stop bits
  sc config dcomlaunch start= auto
  sc config nsi start= auto
  sc config dhcp start= auto
  sc config rpcss start= auto
  sc config winmgmt start= auto
  sc config wscsvc start= delayed-auto
  sc config bits start= delayed-auto
  sc config wuauserv start= delayed-auto
  sc config sdrsvc start= manual
  sc config vss start= auto
  sc config eventlog start= auto
  sc config bfe start= auto
  sc config eventsystem start= auto
  sc start sdrsvc
  sc start vss
  sc start rpcss
  sc start eventsystem
  sc start bfe
  sc start bits
  sc start wuauserv
  shutdown -r -t 1
  del %0

  
  

• Select File -> Save AS.
  
• Press the Desktop button on the left side of the save dialog.
  
• In the box, type in Fix.bat.
  
• Press .
  
• Close Notepad.
  
• Right click Fix.bat on your desktop, and choose .
  
• Press Yes if prompted by User Account Control.
  

This procedure will do its tasks and then it will Restart Windows.

Task 3

1. Download Malwarebytes Anti-Rootkit from http://www.malwarebytes.org/products/mbar/

2. Unzip the contents to a folder in a convenient location.

3. Open the folder where the contents were unzipped and run mbar.exe

IF your Windows is Windows 8 or 7 or Vista, do a RIGHT-Click on mbar.exe and select Run As Administrator and allow to run.

If your Windows is XP, double-click to start.

4. Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5. Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6. Wait while the system shuts down and the cleanup process is performed.

7. Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

Fixlist.txt

[admoskowitz]

ok did all 3 steps, log attached, ran the cleanup twice...no malware

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-05-2013

Ran by SYSTEM at 2013-05-29 09:54:12 Run:1

Running from F:\

Boot Mode: Recovery

==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => Value deleted successfully.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.

HKEY_USERS\Adam Moskowitz\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.

HKEY_USERS\Adam Moskowitz\Software\Microsoft\Windows\CurrentVersion\Run\\7188611AA85B2FC959C1B10DB7C3A09935722597._service_run => Value deleted successfully.

HKEY_USERS\Guest\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.

==== End of Fixlog ====

[admoskowitz]

system still hanging

[Maurice Naggar]

Have you run the MBAR ?

Have you run the Fix.bat procedure?

Where is the "hang" .....How & when ....kindly provide detail

and tell me if at least your able to be in normal mode of Windows 7, with a visible Desktop

Whatever it is that is stopping you, I (always) need detail.

[admoskowitz]

ran the MBAR and the fix.bat

the system hang is weird if there is music playing it will sort of stall for a a sec, or whatever i am typing will pause for a sec, and the mouse will pause in mid use

[Maurice Naggar]

Those are odd and non-specific as far as pointing to a single cause -- not even malware.

At the end of this case, I'll give you a set of reference lists for issues on slow computers.

Let's proceed with these tasks.

Task 1

Download TFC by OldTimer and SAVE it to your desktop

• Double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.

Task 2

Download and Save McAfee Stinger to your Desktop

http://www.mcafee.com/us/downloads/free-tools/stinger.aspx

Close all browsers before starting. Disable your antivirus program and anti-malware,if any.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

On Windows 7 & Vista systems, Right Click and select Run as Administrator.

On XP, double-click to start it.

The GUI interface will look like this

The C drive is the default for scanning.

Press the Preferences button. In the top right-block "On virus detection", click Rename

In the bottom block "Heuristic network check for suspicious files" select High

Click the Scan Now button.

When done, use the File menu and select Save report to file

Stinger.txt is the log report and will be saved to your Desktop. I will need a copy of that log.

RE-Enable your anti-virus program.

Stinger is a standalone utility used to detect and remove specific malware. It is not a full scan for all types of malware or viruses.

It is not intended as virus protection.

Task 3

Download, & save & then run the MS Safety scanner

http://www.microsoft.com/security/scanner/en-us/default.aspx

Let me know the result.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.

Note: Any data files that are infected may only be cleaned by deleting the file entirely, which means there is a potential for data loss.

The safety scanner log should be called msert.txt

It should be located in the same folder as where you had msert.exe

If not there, then look for it under c:\windows

Task 4

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member admoskowitz only. If you are a casual viewer, do NOT try this on your system!

If you are not admoskowitz and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log

and tell me, How is the system now

Re-enable your antivirus program.

[admoskowitz]

Task 1 - Complete - no malware, no report

Task 2 - Complete - report below

McAfee® Labs Stinger™ Version 11.0.0.320 built on May 30 2013 at 12:47:31

Copyright© 2013, McAfee Inc. All rights Reserved.

Virus data file v1000.0 created on May 30, 2013

Ready to scan for 6246 Viruses, Trojans and variants.

Scan initiated on Thursday, May 30, 2013 15:16:45

Rootkit scan result : Not Scanned.

Scan completed on Thursday, May 30, 2013 15:19:22

Task 3 - no malware, I ran this twice and there was no report generated

Task 4 - no idea what it did but i did have to run it twice

ComboFix 13-05-30.02 - Adam Moskowitz 05/30/2013 16:06:38.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.4560 [GMT -7:00]

Running from: c:\users\Adam Moskowitz\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}

SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Adam Moskowitz\AppData\Local\Temp\sfamcc00001.dll

c:\users\Adam Moskowitz\AppData\Local\Temp\sfareca00001.dll

c:\users\ADAMMO~1\AppData\Local\Temp\sfamcc00001.dll

c:\users\ADAMMO~1\AppData\Local\Temp\sfareca00001.dll

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-30 )))))))))))))))))))))))))))))))

.

.

2013-05-30 23:15 . 2013-05-30 23:15 -------- d-----w- c:\users\Guest\AppData\Local\temp

2013-05-30 23:15 . 2013-05-30 23:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-30 22:21 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C1004F4A-4E8F-4245-BCA9-CD13B1201463}\mpengine.dll

2013-05-30 22:16 . 2013-05-30 22:22 -------- d-----w- C:\Stinger_Quarantine

2013-05-30 22:14 . 2013-05-30 22:25 -------- d-----w- c:\program files (x86)\stinger

2013-05-29 23:08 . 2013-05-29 23:08 -------- d-----w- c:\users\Adam Moskowitz\AppData\Local\join.me

2013-05-29 21:22 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2013-05-29 17:13 . 2013-05-29 17:43 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-29 03:33 . 2013-05-29 03:33 -------- d-----w- C:\FRST

2013-05-28 21:48 . 2013-05-28 21:48 -------- d-----w- c:\program files (x86)\ERUNT

2013-05-25 23:45 . 2013-05-25 23:45 -------- d-----w- c:\program files (x86)\Free M4a to MP3 Converter

2013-05-25 06:33 . 2013-05-25 06:33 -------- d-----w- c:\users\Adam Moskowitz\AppData\Local\Western Digital

2013-05-25 06:26 . 2013-05-25 06:26 -------- d-----w- c:\program files\Western Digital

2013-05-25 06:26 . 2013-05-25 06:26 -------- d-----w- c:\program files\Common Files\Western Digital

2013-05-25 06:24 . 2013-05-25 06:24 -------- d-----w- c:\programdata\Package Cache

2013-05-24 21:42 . 2013-05-24 21:42 17288 ----a-w- c:\windows\system32\drivers\Dbgv.sys

2013-05-24 18:15 . 2013-05-24 18:15 -------- d-----w- c:\programdata\PC-Doctor for Windows

2013-05-24 18:15 . 2013-05-24 18:15 -------- d-----w- c:\program files\Dell Support Center

2013-05-24 02:29 . 2013-05-24 19:08 -------- d-----w- c:\program files\My Dell

2013-05-24 02:21 . 2013-05-24 02:21 236 ----a-w- c:\users\Adam Moskowitz\AppData\Local\poetsch.bat

2013-05-21 08:03 . 2013-05-21 08:02 964552 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{50540F3C-8FC5-4B18-AC86-5CB05EAE2964}\gapaengine.dll

2013-05-20 21:42 . 2013-05-24 02:26 -------- d-----w- c:\users\Adam Moskowitz\AppData\Local\Samsung

2013-05-20 21:42 . 2013-05-24 02:26 -------- d-----w- c:\users\Adam Moskowitz\AppData\Roaming\Samsung

2013-05-20 20:55 . 2013-04-03 07:58 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2013-05-20 20:55 . 2013-04-03 07:58 103064 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2013-05-20 20:53 . 2013-05-24 02:28 -------- d-----w- c:\program files (x86)\MyFree Codec

2013-05-20 19:30 . 2013-04-19 02:08 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2013-05-20 19:29 . 2013-05-24 02:26 -------- d-----w- c:\program files (x86)\Samsung

2013-05-20 19:29 . 2013-05-24 02:26 -------- d-----w- c:\programdata\Samsung

2013-05-15 16:29 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 16:29 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 16:29 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 16:29 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 16:29 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 16:29 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 16:29 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 16:29 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-15 16:28 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 16:28 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-05-15 16:28 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll

2013-05-15 16:28 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-05-11 02:28 . 2013-05-11 02:28 -------- d-----w- c:\users\Adam Moskowitz\AppData\Local\Western_Digital

2013-05-11 02:27 . 2013-05-25 06:26 -------- d-----w- c:\program files (x86)\Common Files\Western Digital

2013-05-11 02:27 . 2013-05-25 06:26 -------- d-----w- c:\program files (x86)\Western Digital

2013-05-11 02:26 . 2013-05-25 06:26 -------- d-----w- c:\programdata\Western Digital

2013-05-08 00:54 . 2013-05-08 00:54 -------- d-----w- c:\programdata\StarApp

2013-05-06 17:55 . 2013-05-06 17:56 -------- dc-h--w- c:\programdata\{CD352F6F-406C-46C9-A890-F992D366B0BA}

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-16 10:06 . 2012-04-14 16:11 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-15 18:01 . 2012-04-20 16:22 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-15 18:01 . 2012-01-21 11:04 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 17:03 . 2012-07-17 21:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-04-23 20:04 . 2012-06-12 17:51 905296 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll

2013-04-19 02:06 . 2013-04-19 02:06 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2013-04-19 02:06 . 2013-04-19 02:06 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2013-04-19 02:06 . 2013-04-19 02:06 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2013-04-19 02:06 . 2013-04-19 02:06 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2013-04-19 02:06 . 2013-04-19 02:06 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2013-04-19 02:06 . 2013-04-19 02:06 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2013-04-19 02:06 . 2013-04-19 02:06 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2013-04-19 02:06 . 2013-04-19 02:06 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2013-04-19 02:06 . 2013-04-19 02:06 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2013-04-19 02:06 . 2013-04-19 02:06 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2013-04-19 02:06 . 2013-04-19 02:06 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2013-04-19 02:06 . 2013-04-19 02:06 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2013-04-19 02:06 . 2013-04-19 02:06 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2013-04-19 02:06 . 2013-04-19 02:06 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2013-04-19 02:06 . 2013-04-19 02:06 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2013-04-19 02:06 . 2013-04-19 02:06 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2013-04-19 02:06 . 2013-04-19 02:06 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2013-04-19 02:06 . 2013-04-19 02:06 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2013-04-19 02:06 . 2013-04-19 02:06 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2013-04-19 02:06 . 2013-04-19 02:06 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2013-04-19 02:06 . 2013-04-19 02:06 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2013-04-19 02:06 . 2013-04-19 02:06 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2013-04-19 02:06 . 2013-04-19 02:06 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2013-04-19 02:06 . 2013-04-19 02:06 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2013-04-19 02:06 . 2013-04-19 02:06 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2013-04-13 05:49 . 2013-05-15 16:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-04-13 05:49 . 2013-05-15 16:29 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-04-13 05:49 . 2013-05-15 16:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-04-13 05:49 . 2013-05-15 16:29 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-04-13 04:45 . 2013-05-15 16:29 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-04-13 04:45 . 2013-05-15 16:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-04-12 14:45 . 2013-04-24 19:09 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 21:50 . 2012-04-13 01:38 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-04-04 12:35 . 2013-04-18 00:12 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-02 10:02 . 2013-04-02 10:02 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-04-02 10:02 . 2013-04-02 10:02 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-04-02 10:02 . 2013-04-02 10:02 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-04-02 10:02 . 2013-04-02 10:02 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-04-02 10:02 . 2013-04-02 10:02 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-04-02 10:02 . 2013-04-02 10:02 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-04-02 10:02 . 2013-04-02 10:02 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-04-02 10:02 . 2013-04-02 10:02 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-04-02 10:02 . 2013-04-02 10:02 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-04-02 10:02 . 2013-04-02 10:02 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-04-02 10:02 . 2013-04-02 10:02 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-04-02 10:02 . 2013-04-02 10:02 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-04-02 10:02 . 2013-04-02 10:02 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-04-02 10:02 . 2013-04-02 10:02 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-04-02 10:02 . 2013-04-02 10:02 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-04-02 10:02 . 2013-04-02 10:02 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-04-02 10:02 . 2013-04-02 10:02 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-04-02 10:02 . 2013-04-02 10:02 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-04-02 10:02 . 2013-04-02 10:02 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-04-02 10:02 . 2013-04-02 10:02 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-04-02 10:02 . 2013-04-02 10:02 81408 ----a-w- c:\windows\system32\icardie.dll

2013-04-02 10:02 . 2013-04-02 10:02 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-04-02 10:02 . 2013-04-02 10:02 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-04-02 10:02 . 2013-04-02 10:02 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-04-02 10:02 . 2013-04-02 10:02 441856 ----a-w- c:\windows\system32\html.iec

2013-04-02 10:02 . 2013-04-02 10:02 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-04-02 10:02 . 2013-04-02 10:02 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-04-02 10:02 . 2013-04-02 10:02 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-04-02 10:02 . 2013-04-02 10:02 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-04-02 10:02 . 2013-04-02 10:02 235008 ----a-w- c:\windows\system32\url.dll

2013-04-02 10:02 . 2013-04-02 10:02 216064 ----a-w- c:\windows\system32\msls31.dll

2013-04-02 10:02 . 2013-04-02 10:02 197120 ----a-w- c:\windows\system32\msrating.dll

2013-04-02 10:02 . 2013-04-02 10:02 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-04-02 10:02 . 2013-04-02 10:02 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-04-02 10:02 . 2013-04-02 10:02 144896 ----a-w- c:\windows\system32\wextract.exe

2013-04-02 10:02 . 2013-04-02 10:02 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-04-02 10:02 . 2013-04-02 10:02 102912 ----a-w- c:\windows\system32\inseng.dll

2013-04-02 10:02 . 2013-04-02 10:02 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-04-02 10:02 . 2013-04-02 10:02 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-04-02 10:02 . 2013-04-02 10:02 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-04-02 10:02 . 2013-04-02 10:02 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-04-02 10:02 . 2013-04-02 10:02 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-04-02 10:02 . 2013-04-02 10:02 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-04-02 10:02 . 2013-04-02 10:02 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-04-02 10:02 . 2013-04-02 10:02 149504 ----a-w- c:\windows\system32\occache.dll

2013-04-02 10:02 . 2013-04-02 10:02 13824 ----a-w- c:\windows\system32\mshta.exe

2013-04-02 10:02 . 2013-04-02 10:02 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-04-02 10:02 . 2013-04-02 10:02 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-04-02 10:02 . 2013-04-02 10:02 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-03-19 06:04 . 2013-04-09 23:40 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-09 23:40 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-09 23:40 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-09 23:40 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-09 23:40 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-09 23:40 112640 ----a-w- c:\windows\system32\smss.exe

2013-03-06 23:51 . 2013-03-06 23:51 34936 ----a-w- c:\windows\SysWow64\uninstHelixYUV.exe

2013-03-06 23:50 . 2013-03-06 23:50 7760687 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\SetupGFD.exe

2013-03-06 23:50 . 2013-03-06 23:49 5243208 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\AvsP.exe

2013-03-06 23:49 . 2013-03-06 23:49 1357348 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\MatroskaSplitter.exe

2013-03-06 23:49 . 2013-03-06 23:49 5082084 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Avisynth.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3adefb8e-b923-35e6-86e2-2b7841f5d2a7}]

2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"7188611AA85B2FC959C1B10DB7C3A09935722597._service_run"="c:\users\Adam Moskowitz\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-05-23 825808]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-08-12 520330]

"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"BrMfcWnd"="c:\program files (x86)\Brother\Brmfcmon\BrMfcWnd.exe" [2012-09-25 1163264]

"ControlCenter3"="c:\program files (x86)\Brother\ControlCenter3\brctrcen.exe" [2008-12-24 114688]

"MegaPanel"="c:\program files (x86)\National Consumer Panel\NCP Internet Transporter\HSTrans.exe" [2011-03-21 2113536]

"WD Drive Unlocker"="c:\program files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe" [2012-09-06 1688008]

"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2013-04-22 5687152]

.

c:\users\Adam Moskowitz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

SpeedFan.lnk - c:\program files (x86)\SpeedFan\speedfan.exe [2012-3-26 4656632]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-04-10 166912]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [2011-10-19 195072]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-04-03 103064]

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2012-07-22 21712]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]

R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]

R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-11-01 340240]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-12-01 250984]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-04-03 203672]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-04-13 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]

S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504]

S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272]

S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808]

S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-21 135440]

S2 MSSQL$ITSQLEXPRESS;SQL Server (ITSQLEXPRESS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-11 29293408]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]

S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2013-04-22 1042808]

S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2013-04-22 270192]

S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [2011-10-19 195072]

S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064]

S3 btmaudio;Intel Bluetooth Audio Service;c:\windows\system32\drivers\btmaud.sys [2011-05-19 51712]

S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-08-29 53760]

S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-06-16 176000]

S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 331264]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

.

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 18:01]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677679354-1192122103-4054240909-1000Core.job

- c:\users\Adam Moskowitz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 19:15]

.

2013-05-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2677679354-1192122103-4054240909-1000UA.job

- c:\users\Adam Moskowitz\AppData\Local\Google\Update\GoogleUpdate.exe [2012-11-29 19:15]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Adam Moskowitz\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-11-01 1935120]

"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-10-18 10357008]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-05-25 7214696]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]

"LogiScrollApp"="c:\program files\Logitech\FlowScroll\KhalScroll.exe" [2012-02-08 166680]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = https://www.mywfg.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: dell.com

TCP: DhcpNameServer = 192.168.0.2

DPF: {0D8069C4-4C00-4FBD-AA88-954927AFD0B4} - hxxps://lifespeed.ebixexchange.com/Lifespeed/Wizard/eSignatureCOM/SignitXFMS.cab

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-HelixYUVCodecs - c:\windows\system32\uninstHelixYUV.exe

AddRemove-Navigator 12.03 - c:\programdata\{896A840C-59BA-4E92-BB96-C97F08660CBE}\Setup.exe

AddRemove-Navigator 13.10 - c:\programdata\{AB94EA06-A395-4062-B97F-6510E7B7F54A}\Setup.exe

AddRemove-{79E182EF-E95A-A3D8-3CD6-661FE1DF55B9} - c:\progra~3\INSTAL~2\{0DE1E~1\Setup.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{E11DB59D-5008-42FF-9069-535843BC0BE1}"=hex:51,66,7a,6c,4c,1d,38,12,f3,b6,0e,

e5,3a,1e,91,07,ef,7f,10,18,46,e2,4f,f5

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ca,c0,9c,38,de,2c,ce,01

.

[HKEY_USERS\S-1-5-21-2677679354-1192122103-4054240909-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{431AC579-66D7-AAC4-8F90-816C05E84234}*]

"iambhpoodonfencpaa"=hex:6a,61,6c,6d,6d,65,64,67,63,6e,6c,6c,63,64,6d,68,6d,64,

61,63,00,00

"hagbjppeemojbgbk"=hex:6a,61,6c,6d,6d,65,64,67,63,6e,6c,6c,63,64,6d,68,6d,64,

61,63,00,00

"gapoeeojijhkdm"=hex:61,63,6b,6d,61,6b,62,6f,6b,64,68,6b,65,6c,62,63,61,64,64,

6e,62,70,70,6b,70,62,69,65,65,6e,6a,61,66,68,70,6b,6e,69,6c,6e,61,6b,6c,6a,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe

c:\program files (x86)\Brother\Brmfcmon\BrMfcmon.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2013-05-30 16:24:12 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-30 23:24

ComboFix2.txt 2013-05-30 23:02

.

Pre-Run: 303,712,174,080 bytes free

Post-Run: 303,420,239,872 bytes free

.

- - End Of File - - DB0434379F10FBC6FDB75B711931A300

and per your request it is still hanging nothing seems to have changed, i am thinking this might be the time for a nice clean installation of windows since we are not finding malware only lack of malware

[admoskowitz]

so just on a whim i decided to run the computer in safe mode and there is no mouse hang or video hang so i guess it is a software issue

[admoskowitz]

and as a final note, i guess what ever the last fix was it seemed to work because the software hang is no longer there

[Maurice Naggar]

Here are some recommended articles:

See Miekiemoes' Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

MS Speed up your pc - Win7 / Vista

http://windows.microsoft.com/en-US/windows/explore/speed-up-your-pc

What to do if your Computer is running slowly

http://www.malwareremoval.com/tutorials/runningslowly.php

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\Adam Moskowitz\Desktop\ComboFix.exe /uninstall

  
  

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

adwcleaner.exe

Tdsskiller.exe

roguekiller.exe

RKILL

FRST

MBAR.exe

Stinger.exe

MS Safety scanner

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[admoskowitz]

I am having a problem uninstalling combo fix as i moved it with a a cut and past and when i moved it back (yes i know) it is not being found. any ideas

[Maurice Naggar]

If you had had Combofix on the Desktop, the OTC run would have removed it if it was still around.

Just go ahead and delete Combofix directly yourself.

You can also rename the exe to Uninstall.exe and then run that.

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!