Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I have malware on my computer that is causing it to play ads in the background.


  • This topic is locked This topic is locked
18 replies to this topic

#1 chuchi

chuchi

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 28 September 2014 - 01:37 PM

For the past week my computer has been playing audio ads sporadically. I'm not getting redirects in my browser (Chrome), but my browser is definitely running slower. No browser windows have to be open for the ads to play, and sometime it's not even full audio ads--just choppy bits of audio. I've tried a lot of different methods that I found online by searching for solutions, but nothing has worked so far. Malwarebytes anti-virus and anti-rootkit haven't found anything. TDSS killer doesn't detect anything, but the audio ads won't stop. I'm at a loss for what the issue is, and have not been able to figure out what the problem is. Hope you can help me find a solution!

 

Here is the DDS log:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17207  BrowserJavaVersion: 10.65.2
Run by Rebekah at 14:15:58 on 2014-09-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.956 [GMT -4:00]
.
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ===============
.
c:\PROGRA~2\AVG\AVG2014\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\progra~2\Adobe\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\SysWOW64\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\puush\puush.exe
C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files (x86)\Adobe\apdproxy.exe
C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files (x86)\Digsby\lib\digsby-app.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Digsby\lib\aspell\bin\aspell.exe
C:\Windows\system32\consent.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Rebekah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll
uRun: [puush] C:\Program Files (x86)\puush\puush.exe
uRun: [MusicManager] "C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google Update] "C:\Users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Amazon Cloud Player] "C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe"
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [NVC] "C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe" -autostart
mRun: [Adobe Photo Downloader] "C:\progra~2\Adobe\apdproxy.exe"
mRun: [Acrobat Assistant 8.0] "C:\progra~2\Adobe\Acrobat\Acrotray.exe"
mRun: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
mRun: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
StartupFolder: C:\Users\Rebekah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms
StartupFolder: C:\Users\Rebekah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Digsby.lnk - C:\Program Files (x86)\Digsby\digsby.exe
StartupFolder: C:\Users\Rebekah\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EVERNO~1.LNK - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~1.LNK - C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEA~2.LNK - C:\Program Files (x86)\Adobe\Acrobat\AdobeCollabSync.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\1427961602446353239363 : DHCPNameServer = 192.168.240.1
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\35541402358454C4C40213 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\35541402358454C4C40243 : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\749616E647023517579646 : DHCPNameServer = 192.168.1.1 192.168.1.1
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\7525944502255637964656E64737 : DHCPNameServer = 8.8.8.8 4.2.2.2
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\D6573686F63686573686F6 : DHCPNameServer = 192.168.2.1 208.59.247.45 208.59.247.46 192.168.1.1
TCP: Interfaces\{6937EFF0-9312-4AE2-8BBD-C43CA8C9D4FF}\E45445745414253303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{ABE96629-575A-4AB3-ACD4-5A75A4116F01} : DHCPNameServer = 192.168.1.1
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned>
x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - 
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-STS: FencesShlExt Class - {1984DD45-52CF-49cd-AB77-18F378FEA264} - C:\Program Files (x86)\Stardock\Fences\FencesMenu64.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2014-6-17 190744]
R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2014-6-17 328984]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2014-8-6 123672]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2014-6-17 31512]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-2-9 55856]
R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2014-6-30 152344]
R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2014-7-21 244504]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2014-6-17 235800]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2014-6-17 269080]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-9-4 50976]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/02/09 16:11:12];C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [2011-2-9 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-2-9 89600]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2014-8-25 3242000]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2014-8-25 289328]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-5-19 1436192]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-2-9 13336]
R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2014-3-23 225792]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvcSvcMgr;Nortel VPN Client;C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [2010-3-1 628064]
R2 nvcwfpco;nvcwfpco;C:\Windows\System32\drivers\nvcwfpco.sys [2010-3-1 79440]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-2-9 705856]
R2 SpyHunter 4 Service;SpyHunter 4 Service;C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [2014-1-9 1025408]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-2-9 2320920]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2013-12-12 560528]
R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2011-2-9 20984]
R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2011-2-9 53800]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2011-2-9 35104]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-2-9 172704]
R3 esgiguard;esgiguard;C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [2014-1-7 14872]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2011-2-9 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-2-9 158976]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-2-9 289280]
R3 NT_NvcA;Nortel VPN Adapter;C:\Windows\System32\drivers\ntnvca.sys [2010-3-1 44112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-9-4 219632]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe --> C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [?]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2013-12-12 112496]
S3 EsgScanner;EsgScanner;C:\Windows\System32\drivers\EsgScanner.sys [2014-9-26 22704]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-7-9 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [2013-9-6 288776]
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2010-7-30 25072]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-9-4 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-2-9 232480]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-2-9 325152]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-1 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-19 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-09-28 04:51:49 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA7674A8-6C4C-42FD-8EFC-CEAD3B99796B}\offreg.dll
2014-09-28 04:46:42 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CA7674A8-6C4C-42FD-8EFC-CEAD3B99796B}\mpengine.dll
2014-09-28 04:46:40 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-09-27 21:59:28 -------- d-----w- C:\Windows\ERUNT
2014-09-27 21:10:49 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-09-27 21:09:25 -------- d-----w- C:\AdwCleaner
2014-09-27 15:36:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-27 15:03:39 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-27 15:03:27 92888 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-09-27 15:03:27 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-09-27 15:03:27 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-09-27 15:03:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-09-27 15:03:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-27 03:05:15 22704 ----a-w- C:\Windows\System32\drivers\EsgScanner.sys
2014-09-27 03:04:11 110080 ----a-r- C:\Users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-09-27 03:04:11 110080 ----a-r- C:\Users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-09-27 03:04:11 110080 ----a-r- C:\Users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-09-27 03:04:08 -------- d-----w- C:\sh4ldr
2014-09-27 03:04:08 -------- d-----w- C:\Program Files\Enigma Software Group
2014-09-27 02:58:59 -------- d-----w- C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-27 02:58:23 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2014-09-27 02:08:06 37624 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-09-22 22:49:09 -------- d-----w- C:\EEK
2014-09-22 03:35:46 -------- d-----w- C:\ProgramData\HitmanPro
2014-09-22 02:50:34 -------- d-----w- C:\ProgramData\RogueKiller
.
==================== Find3M  ====================
.
2014-09-28 00:20:11 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-28 00:20:11 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-08-11 21:16:09 50976 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2014-08-06 14:50:04 123672 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
2014-07-22 01:03:12 244504 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
2014-07-11 07:02:05 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 14:23:18.72 ===============
 

Attached Files


Edited by chuchi, 28 September 2014 - 01:40 PM.


BC AdBot (Login to Remove)

 


m

#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 28 September 2014 - 04:16 PM

Hello and welcome.  Please follow these guidelines while we work on your PC:

  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.”  Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.

icon11.gif   Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 28 September 2014 - 06:04 PM

Thanks for replying. Here are the results:
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by Rebekah (administrator) on REBEKAH-PC on 28-09-2014 19:01:48
Running from C:\Users\Rebekah\Desktop
Loaded Profiles: Rebekah & Guest (Available profiles: Rebekah & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
() C:\Program Files (x86)\Adobe\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files (x86)\puush\puush.exe
(Google Inc.) C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\apdproxy.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Rebekah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-02] ()
HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-10] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [MusicManager] => C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Google Update] => C:\Users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-15] (Google Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Amazon Cloud Player] => C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1687653752-2044026659-2788394353-501\...\Run: [Google Update] => C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
ShortcutTarget: Digsby.lnk -> C:\Program Files (x86)\Digsby\digsby.exe ()
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6EF10DAF9ADACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rebekah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rebekah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Rebekah\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rebekah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rebekah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rebekah\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rebekah\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Profile: C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Entanglement Web App) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-05-17]
CHR Extension: (Google Docs) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Phonetizer) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmdhabjkgnocagfmpjhmllfdjgedfab [2013-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google Cast) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-09-11]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-05-17]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-06-06]
CHR Extension: (Pixlr Grabber - Screen capture/image grabbing) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn [2013-05-17]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-07-11]
CHR Extension: (Google Search) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Google+) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-05-17]
CHR Extension: (Gmail Offline) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-05-17]
CHR Extension: (My Fitness Pal Data Downloader) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejigkdnkmegmdnemjpnfmnapmpgjeopn [2014-03-09]
CHR Extension: (Google Sheets) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (MyFitnessPal Pie Chart by FOODFASTFIT) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomhleglpcohdnniiafhekkaakdgdkdh [2014-06-04]
CHR Extension: (AdBlock) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-17]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-05-17]
CHR Extension: (Pin It Button) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-17]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-09-26]
CHR Extension: (Spotify Chrome Extension) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-12-03]
CHR Extension: (NPR Infinite Player) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-05-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-11]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-05-17]
CHR Extension: (Lose It!) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn [2013-05-17]
CHR Extension: (Google +1 Button) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2013-05-17]
CHR Extension: (Awesome Dictionary Widget [ANTP]) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdigjjbkpjljoknifbgaijaemafihhga [2014-04-04]
CHR Extension: (TweetDeck Launcher) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-09-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2013-05-17]
CHR Extension: (Poppit!) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-05-17]
CHR Extension: (Awesome New Tab Page™) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-05-17]
CHR Extension: (Google Mail Checker) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-05-17]
CHR Extension: (feedly) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-05-17]
CHR Extension: (Save to Pocket) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-17]
CHR Extension: (Google Wallet) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-05-17]
CHR Extension: (MyFitnessPal Data Exporter by FOODFASTFIT) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjhcgkchlaggpkjioockflccjfkmnccn [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-14] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-15] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-03] (Dell Inc.) [File not signed]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-25] (CACE Technologies, Inc.)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 28 September 2014 - 09:34 PM

Please do this next:

icon11.gif  Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • when the window opens, click on Change Parameters
  • under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”
  • click OK
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected.  Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.3.0.0.40_19.01.2012_17.24.26_log.txt
  • Post that log, please.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 28 September 2014 - 10:45 PM

I ran the program and it found no threats. There was never a prompt to reboot. Here is the log:

 

23:40:26.0394 0x1798  TDSS rootkit removing tool 3.0.0.40 Jul 10 2014 12:37:58
23:40:30.0732 0x1798  ============================================================
23:40:30.0732 0x1798  Current date / time: 2014/09/28 23:40:30.0732
23:40:30.0732 0x1798  SystemInfo:
23:40:30.0733 0x1798  
23:40:30.0733 0x1798  OS Version: 6.1.7601 ServicePack: 1.0
23:40:30.0733 0x1798  Product type: Workstation
23:40:30.0733 0x1798  ComputerName: REBEKAH-PC
23:40:30.0733 0x1798  UserName: Rebekah
23:40:30.0733 0x1798  Windows directory: C:\Windows
23:40:30.0733 0x1798  System windows directory: C:\Windows
23:40:30.0733 0x1798  Running under WOW64
23:40:30.0733 0x1798  Processor architecture: Intel x64
23:40:30.0733 0x1798  Number of processors: 4
23:40:30.0733 0x1798  Page size: 0x1000
23:40:30.0733 0x1798  Boot type: Normal boot
23:40:30.0733 0x1798  ============================================================
23:40:31.0180 0x1798  KLMD registered as C:\Windows\system32\drivers\82516295.sys
23:40:32.0259 0x1798  System UUID: {72B23F9D-2AE5-ADC1-6FC2-7949B9B47B46}
23:40:34.0618 0x1798  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:40:34.0625 0x1798  ============================================================
23:40:34.0625 0x1798  \Device\Harddisk0\DR0:
23:40:34.0625 0x1798  MBR partitions:
23:40:34.0626 0x1798  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D4C000
23:40:34.0626 0x1798  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D7E800, BlocksNum 0x38607030
23:40:34.0626 0x1798  ============================================================
23:40:34.0719 0x1798  C: <-> \Device\Harddisk0\DR0\Partition2
23:40:34.0720 0x1798  ============================================================
23:40:34.0720 0x1798  Initialize success
23:40:34.0720 0x1798  ============================================================
23:40:50.0338 0x1964  ============================================================
23:40:50.0338 0x1964  Scan started
23:40:50.0338 0x1964  Mode: Manual; TDLFS; 
23:40:50.0338 0x1964  ============================================================
23:40:50.0338 0x1964  KSN ping started
23:40:53.0561 0x1964  KSN ping finished: true
23:40:54.0489 0x1964  ================ Scan system memory ========================
23:40:54.0489 0x1964  System memory - ok
23:40:54.0489 0x1964  ================ Scan services =============================
23:40:54.0675 0x1964  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
23:40:54.0681 0x1964  1394ohci - ok
23:40:54.0760 0x1964  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
23:40:54.0768 0x1964  ACPI - ok
23:40:54.0818 0x1964  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
23:40:54.0819 0x1964  AcpiPmi - ok
23:40:54.0914 0x1964  [ D0B11E40EA74A98A5E133DF1F5276240, BAD5885CD8CC271D59DFA95159EFC3AC36D2BA11B6DA593AAED0C45F1C2F280F ] acsock          C:\Windows\system32\DRIVERS\acsock64.sys
23:40:54.0918 0x1964  acsock - ok
23:40:55.0019 0x1964  [ 8B46D5A1D3EF08232C04D0EAFB871FB2, 5306F8452EF675851CB0015F9E5C5EB750137D6D65C9CB7E47F8EF5B10A44D10 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:40:55.0021 0x1964  Adobe LM Service - ok
23:40:55.0092 0x1964  [ 177FF6608B48638D4066726F3A3F8444, D0D7B7EAEFDF30210CE4D31E9C7AB349CEB862A452D5925E698B60204AAE8A49 ] AdobeActiveFileMonitor5.0 C:\progra~2\Adobe\PhotoshopElementsFileAgent.exe
23:40:55.0095 0x1964  AdobeActiveFileMonitor5.0 - ok
23:40:55.0232 0x1964  [ ADDA5E1951B90D3D23C56D3CF0622ADC, E85E7BFD29F00ED34BF5BE8BD4DA93CBB14278E16809BB55406875F0DA88551E ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:40:55.0235 0x1964  AdobeARMservice - ok
23:40:55.0423 0x1964  [ 4ECFCAAE5CB380F58934F0DCF5F64E7F, D82B37E57D93484D7A3CB65470BCD54A578A695F0203A8DD441B1348C1EEA751 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:40:55.0429 0x1964  AdobeFlashPlayerUpdateSvc - ok
23:40:55.0515 0x1964  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:40:55.0526 0x1964  adp94xx - ok
23:40:55.0579 0x1964  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:40:55.0587 0x1964  adpahci - ok
23:40:55.0635 0x1964  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:40:55.0639 0x1964  adpu320 - ok
23:40:55.0688 0x1964  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:40:55.0691 0x1964  AeLookupSvc - ok
23:40:55.0785 0x1964  [ A6FB9DB8F1A86861D955FD6975977AE0, 788C6EE50719227D7A9B7F08C8D5E1289FCD0E8AC23A1021A5093D2E8368F696 ] AESTFilters     C:\Program Files\IDT\WDM\AESTSr64.exe
23:40:55.0788 0x1964  AESTFilters - ok
23:40:55.0866 0x1964  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
23:40:55.0877 0x1964  AFD - ok
23:40:55.0951 0x1964  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
23:40:55.0955 0x1964  agp440 - ok
23:40:55.0987 0x1964  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
23:40:55.0989 0x1964  ALG - ok
23:40:56.0057 0x1964  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:40:56.0058 0x1964  aliide - ok
23:40:56.0109 0x1964  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
23:40:56.0110 0x1964  amdide - ok
23:40:56.0141 0x1964  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:40:56.0144 0x1964  AmdK8 - ok
23:40:56.0161 0x1964  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:40:56.0163 0x1964  AmdPPM - ok
23:40:56.0231 0x1964  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:40:56.0234 0x1964  amdsata - ok
23:40:56.0261 0x1964  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:40:56.0266 0x1964  amdsbs - ok
23:40:56.0296 0x1964  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:40:56.0297 0x1964  amdxata - ok
23:40:56.0364 0x1964  [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID           C:\Windows\system32\drivers\appid.sys
23:40:56.0366 0x1964  AppID - ok
23:40:56.0408 0x1964  [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:40:56.0410 0x1964  AppIDSvc - ok
23:40:56.0453 0x1964  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
23:40:56.0455 0x1964  Appinfo - ok
23:40:56.0512 0x1964  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:40:56.0515 0x1964  arc - ok
23:40:56.0522 0x1964  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:40:56.0525 0x1964  arcsas - ok
23:40:56.0704 0x1964  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
23:40:56.0706 0x1964  aspnet_state - ok
23:40:56.0760 0x1964  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:40:56.0762 0x1964  AsyncMac - ok
23:40:56.0829 0x1964  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
23:40:56.0830 0x1964  atapi - ok
23:40:56.0912 0x1964  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:40:56.0926 0x1964  AudioEndpointBuilder - ok
23:40:56.0960 0x1964  [ F23FEF6D569FCE88671949894A8BECF1, FCE7B156ED663471CF9A736915F00302E93B50FC647563D235313A37FCE8F0F6 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:40:56.0979 0x1964  AudioSrv - ok
23:40:57.0080 0x1964  [ CDE60914D4ED81291F0CCFDB2CA311B9, 414D9BFF4E7DA17194695CB99B9E7F82C1616F4C228E6E9087208D290B9ED64D ] Avgdiska        C:\Windows\system32\DRIVERS\avgdiska.sys
23:40:57.0084 0x1964  Avgdiska - ok
23:40:57.0319 0x1964  [ B6E2D865C5936A4FEE68F11E97DF6B82, 02807C38BF6DF72BF49636371BA9CDBC1C531C239DF26930F320ABD937AA1B9D ] AVGIDSAgent     C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
23:40:57.0399 0x1964  AVGIDSAgent - ok
23:40:57.0473 0x1964  [ E7E1A0AB30587BF3734A2EC66BBCE743, F2D662A2CC29B9B8C1D7AA3424CAAB18A78C60E9557D992EF14BC15DB1438B54 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdrivera.sys
23:40:57.0478 0x1964  AVGIDSDriver - ok
23:40:57.0551 0x1964  [ B0E4A1F342A3F8B75C4A4ADB044761C9, 208D033EE04206FEDFC99102025A53D53EF2D3FB373882776DE43D663BE9A01B ] AVGIDSHA        C:\Windows\system32\DRIVERS\avgidsha.sys
23:40:57.0556 0x1964  AVGIDSHA - ok
23:40:57.0621 0x1964  [ 5D115BF49AE159D4D7D1EBC640CB138F, F529FB749AB8098B657DEB4637B9B87FA2DE4806F37AC9257542B7E522BA487E ] Avgldx64        C:\Windows\system32\DRIVERS\avgldx64.sys
23:40:57.0627 0x1964  Avgldx64 - ok
23:40:57.0703 0x1964  [ 197F28711B4B71E6575E5298CCEDC737, 16B7A9E59CA5EF8241029E16408CC1DD77004B195C9FE0677DE35A723FCA3DB4 ] Avgloga         C:\Windows\system32\DRIVERS\avgloga.sys
23:40:57.0710 0x1964  Avgloga - ok
23:40:57.0766 0x1964  [ 22B257B0A8A83924CB96D1BA2A076C2F, BA1E33DC2D76F9347160E159BFB857E673222745409686E32E707EB2847A2520 ] Avgmfx64        C:\Windows\system32\DRIVERS\avgmfx64.sys
23:40:57.0780 0x1964  Avgmfx64 - ok
23:40:57.0828 0x1964  [ C4F9056928B26BCAF15872E46B29184F, 0A1574937D120B8872947C4C68F1706BB9713B0D00AD62BE8082499C944114BA ] Avgrkx64        C:\Windows\system32\DRIVERS\avgrkx64.sys
23:40:57.0830 0x1964  Avgrkx64 - ok
23:40:57.0855 0x1964  [ 0971913995F5FAFD711B0B2426A175E9, 1009E628997B56697BA976E376A9E9D39082E7057D6EFF37D57FDCA2057B9498 ] Avgtdia         C:\Windows\system32\DRIVERS\avgtdia.sys
23:40:57.0861 0x1964  Avgtdia - ok
23:40:57.0944 0x1964  [ 68430AD3FB0FADBFA5D1677617D1E1F5, CF732DD21B472653AB0A4063455F2E7608F3075C255B9882D18CB52026B6C972 ] avgtp           C:\Windows\system32\drivers\avgtpx64.sys
23:40:57.0946 0x1964  avgtp - ok
23:40:57.0997 0x1964  [ D7CBEEA4500BFDC63E99B06A1C512BE8, F8408E339AD022DD78D6C856A330F5A40CAF21F3B0C69FA352D66E3B8E75AA0F ] avgwd           C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
23:40:58.0003 0x1964  avgwd - ok
23:40:58.0106 0x1964  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:40:58.0109 0x1964  AxInstSV - ok
23:40:58.0180 0x1964  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
23:40:58.0190 0x1964  b06bdrv - ok
23:40:58.0260 0x1964  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
23:40:58.0266 0x1964  b57nd60a - ok
23:40:58.0327 0x1964  [ AC4E2D84DE54CD3A013AEFF0CC56095C, E0BAB08DCD60D06426209BA7465097E9F5AA243A93B29FD0A45607574086A123 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
23:40:58.0329 0x1964  BCM42RLY - ok
23:40:58.0462 0x1964  [ 8B5D16D20774FC3727F44E161BE2C0AC, 0EF2489E1ACC86403B1D6931140C5DF082127B327143ECB6EF28A4FF57D3C371 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
23:40:58.0526 0x1964  BCM43XX - ok
23:40:58.0601 0x1964  [ D224B2E6BB543F1D8F1177D57FEC2950, F5D4096A275E0AF24E38778EFAFFAFFAE3185BF8AD7A0547D50D8E7354EF7FCD ] BcmVWL          C:\Windows\system32\DRIVERS\bcmvwl64.sys
23:40:58.0602 0x1964  BcmVWL - ok
23:40:58.0663 0x1964  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:40:58.0666 0x1964  BDESVC - ok
23:40:58.0720 0x1964  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:40:58.0721 0x1964  Beep - ok
23:40:58.0818 0x1964  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
23:40:58.0833 0x1964  BFE - ok
23:40:58.0891 0x1964  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\System32\qmgr.dll
23:40:58.0910 0x1964  BITS - ok
23:40:58.0949 0x1964  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:40:58.0951 0x1964  blbdrive - ok
23:40:59.0007 0x1964  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:40:59.0009 0x1964  bowser - ok
23:40:59.0054 0x1964  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:40:59.0056 0x1964  BrFiltLo - ok
23:40:59.0095 0x1964  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:40:59.0096 0x1964  BrFiltUp - ok
23:40:59.0148 0x1964  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
23:40:59.0151 0x1964  Browser - ok
23:40:59.0188 0x1964  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:40:59.0195 0x1964  Brserid - ok
23:40:59.0223 0x1964  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:40:59.0225 0x1964  BrSerWdm - ok
23:40:59.0234 0x1964  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:40:59.0236 0x1964  BrUsbMdm - ok
23:40:59.0253 0x1964  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:40:59.0254 0x1964  BrUsbSer - ok
23:40:59.0309 0x1964  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
23:40:59.0311 0x1964  BthEnum - ok
23:40:59.0332 0x1964  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:40:59.0335 0x1964  BTHMODEM - ok
23:40:59.0381 0x1964  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:40:59.0384 0x1964  BthPan - ok
23:40:59.0454 0x1964  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
23:40:59.0466 0x1964  BTHPORT - ok
23:40:59.0530 0x1964  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
23:40:59.0532 0x1964  bthserv - ok
23:40:59.0576 0x1964  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
23:40:59.0579 0x1964  BTHUSB - ok
23:40:59.0608 0x1964  [ D3466F77C2C49C6E393BA5FBA963A33E, FD5E48A29E153BBAB095AB2E3B86F592B1FC1F790978911093B5F8A2CD6C5652 ] btusbflt        C:\Windows\system32\drivers\btusbflt.sys
23:40:59.0610 0x1964  btusbflt - ok
23:40:59.0661 0x1964  [ AF838D8029AE7C27470862D63FA54D24, 96247094D2446CEE594AD765B98DE8583762A96FE83223CB18B4CDB3A4958376 ] btwaudio        C:\Windows\system32\drivers\btwaudio.sys
23:40:59.0666 0x1964  btwaudio - ok
23:40:59.0715 0x1964  [ 5C849BD7C78791C5CEE9F4651D7FE38D, BC93A1B911FB4A44EC4DB64AF9AFC6F2013CD76BFB6FA9E4834CFDAAAF4BCD9F ] btwavdt         C:\Windows\system32\drivers\btwavdt.sys
23:40:59.0719 0x1964  btwavdt - ok
23:40:59.0799 0x1964  [ 10FFB5FA51D5713D872B41A59DFC2213, E0C0EA99C862E3FCE4D121BB34DEC00E74A371DF4093A44055E70E9F4CFA3DC6 ] btwdins         C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
23:40:59.0817 0x1964  btwdins - ok
23:40:59.0854 0x1964  [ 6149301DC3F81D6F9667A3FBAC410975, 120E201AFB07054C7F6321461D194843C695012431DBD791E36BBF73FDD41E8A ] btwl2cap        C:\Windows\system32\DRIVERS\btwl2cap.sys
23:40:59.0856 0x1964  btwl2cap - ok
23:40:59.0901 0x1964  [ 3E1991AFA851A36DC978B0A1B0535C8B, F55F7FDDD2A71532F163E4F14B26A09DCDB7C970E806D803418D4CE0DFF09FB6 ] btwrchid        C:\Windows\system32\DRIVERS\btwrchid.sys
23:40:59.0902 0x1964  btwrchid - ok
23:40:59.0960 0x1964  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:40:59.0963 0x1964  cdfs - ok
23:41:00.0035 0x1964  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\drivers\cdrom.sys
23:41:00.0039 0x1964  cdrom - ok
23:41:00.0092 0x1964  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:41:00.0095 0x1964  CertPropSvc - ok
23:41:00.0133 0x1964  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:41:00.0135 0x1964  circlass - ok
23:41:00.0164 0x1964  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
23:41:00.0173 0x1964  CLFS - ok
23:41:00.0238 0x1964  [ D88040F816FDA31C3B466F0FA0918F29, 39D3630E623DA25B8444B6D3AAAB16B98E7E289C5619E19A85D47B74C71449F3 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:41:00.0240 0x1964  clr_optimization_v2.0.50727_32 - ok
23:41:00.0308 0x1964  [ D1CEEA2B47CB998321C579651CE3E4F8, 654013B8FD229A50017B08DEC6CA19C7DDA8CE0771260E057A92625201D539B1 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:41:00.0311 0x1964  clr_optimization_v2.0.50727_64 - ok
23:41:00.0396 0x1964  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:41:00.0399 0x1964  clr_optimization_v4.0.30319_32 - ok
23:41:00.0444 0x1964  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:41:00.0447 0x1964  clr_optimization_v4.0.30319_64 - ok
23:41:00.0496 0x1964  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:41:00.0497 0x1964  CmBatt - ok
23:41:00.0545 0x1964  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:41:00.0546 0x1964  cmdide - ok
23:41:00.0604 0x1964  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
23:41:00.0613 0x1964  CNG - ok
23:41:00.0663 0x1964  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:41:00.0665 0x1964  Compbatt - ok
23:41:00.0730 0x1964  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
23:41:00.0732 0x1964  CompositeBus - ok
23:41:00.0756 0x1964  COMSysApp - ok
23:41:00.0780 0x1964  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:41:00.0781 0x1964  crcdisk - ok
23:41:00.0884 0x1964  [ 3C8B6609712F4FF78E521F6DCFC4032B, DFCFD5F2D35DDA25DD91B4D732BDF84D1526AB11084E22523D51ABB2A8608402 ] Creative Service for CDROM Access C:\Windows\SysWOW64\CTsvcCDA.exe
23:41:00.0886 0x1964  Creative Service for CDROM Access - ok
23:41:00.0945 0x1964  [ 6B400F211BEE880A37A1ED0368776BF4, 2F27C6FA96A1C8CBDA467846DA57E63949A7EA37DB094B13397DDD30114295BD ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:41:00.0950 0x1964  CryptSvc - ok
23:41:01.0030 0x1964  [ ED5CF92396A62F4C15110DCDB5E854D9, CD26216B8B3F558A0466843C8161E86EEDB78E6031E1AC0A00DCDE700A2B6EE2 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:41:01.0035 0x1964  CtClsFlt - ok
23:41:01.0090 0x1964  [ 15C2AFD86D8A58354FC100434C78B621, 08E049A0A8A62EB9E2039D72D4F0039D2A1612B94DE468D312EA5C8C1EA63538 ] dc3d            C:\Windows\system32\DRIVERS\dc3d.sys
23:41:01.0092 0x1964  dc3d - ok
23:41:01.0166 0x1964  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:41:01.0184 0x1964  DcomLaunch - ok
23:41:01.0258 0x1964  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:41:01.0264 0x1964  defragsvc - ok
23:41:01.0321 0x1964  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:41:01.0324 0x1964  DfsC - ok
23:41:01.0470 0x1964  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:41:01.0478 0x1964  Dhcp - ok
23:41:01.0513 0x1964  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
23:41:01.0515 0x1964  discache - ok
23:41:01.0573 0x1964  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:41:01.0576 0x1964  Disk - ok
23:41:01.0660 0x1964  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:41:01.0667 0x1964  Dnscache - ok
23:41:01.0727 0x1964  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:41:01.0734 0x1964  dot3svc - ok
23:41:01.0787 0x1964  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
23:41:01.0792 0x1964  DPS - ok
23:41:01.0861 0x1964  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:41:01.0862 0x1964  drmkaud - ok
23:41:01.0938 0x1964  [ 88612F1CE3BF42256913BF6E61C70D52, 7CF190F83FA8F15C33008EB381D3E345CEF37CBC046227DED26B36799EF4D9A7 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:41:01.0958 0x1964  DXGKrnl - ok
23:41:02.0048 0x1964  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
23:41:02.0054 0x1964  EapHost - ok
23:41:02.0915 0x1964  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
23:41:02.0999 0x1964  ebdrv - ok
23:41:03.0047 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
23:41:03.0049 0x1964  EFS - ok
23:41:03.0134 0x1964  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:41:03.0149 0x1964  ehRecvr - ok
23:41:03.0184 0x1964  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
23:41:03.0187 0x1964  ehSched - ok
23:41:03.0246 0x1964  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:41:03.0258 0x1964  elxstor - ok
23:41:03.0299 0x1964  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:41:03.0300 0x1964  ErrDev - ok
23:41:03.0445 0x1964  [ EECCA21D35EF3D0C5DB21EE68A74DF9A, 4EDA8FD39C0514579BB87A7D8389AE01077F11F3DA7A02193546A55087013B5C ] esgiguard       C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
23:41:03.0446 0x1964  esgiguard - ok
23:41:03.0511 0x1964  [ 3B32CAA07D672F8A2E0DF5CB3A873F45, 09687E30FA5779C3593769D66CAEBED95C932746EDD6E83DABE3DCFD126AB5EC ] EsgScanner      C:\Windows\system32\DRIVERS\EsgScanner.sys
23:41:03.0512 0x1964  EsgScanner - ok
23:41:03.0581 0x1964  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
23:41:03.0590 0x1964  EventSystem - ok
23:41:03.0609 0x1964  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
23:41:03.0614 0x1964  exfat - ok
23:41:03.0639 0x1964  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:41:03.0644 0x1964  fastfat - ok
23:41:03.0724 0x1964  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
23:41:03.0739 0x1964  Fax - ok
23:41:03.0747 0x1964  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:41:03.0749 0x1964  fdc - ok
23:41:03.0760 0x1964  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
23:41:03.0762 0x1964  fdPHost - ok
23:41:03.0780 0x1964  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:41:03.0782 0x1964  FDResPub - ok
23:41:03.0805 0x1964  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:41:03.0807 0x1964  FileInfo - ok
23:41:03.0827 0x1964  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:41:03.0828 0x1964  Filetrace - ok
23:41:04.0024 0x1964  [ 31AC02203B716CBF8829343C91C8FD75, 6231A842733887C9A0CD513E9AFEF4A35152F4BCC9706EEAB38DC898B10AF9BD ] Fitbit Connect  C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
23:41:04.0054 0x1964  Fitbit Connect - ok
23:41:04.0178 0x1964  [ 227846995AFEEFA70D328BF5334A86A5, B8EF22DE552B44E7DC352742C775BB6B4992B653AF4B66B231A60182CE7A7201 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
23:41:04.0192 0x1964  FLEXnet Licensing Service - ok
23:41:04.0213 0x1964  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:41:04.0215 0x1964  flpydisk - ok
23:41:04.0278 0x1964  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:41:04.0285 0x1964  FltMgr - ok
23:41:04.0368 0x1964  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
23:41:04.0393 0x1964  FontCache - ok
23:41:04.0455 0x1964  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:41:04.0457 0x1964  FontCache3.0.0.0 - ok
23:41:04.0490 0x1964  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:41:04.0492 0x1964  FsDepends - ok
23:41:04.0537 0x1964  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:41:04.0538 0x1964  Fs_Rec - ok
23:41:04.0611 0x1964  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:41:04.0616 0x1964  fvevol - ok
23:41:04.0641 0x1964  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:41:04.0643 0x1964  gagp30kx - ok
23:41:04.0744 0x1964  [ C403C5DB49A0F9AAF4F2128EDC0106D8, 3C6948B63278022D8182F773C5FA15784514F76C1546118DDBADBA322B962D12 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
23:41:04.0749 0x1964  GamesAppService - ok
23:41:04.0809 0x1964  [ 8F6AE606EB0CC884EE12C41948424422, 4AC74E18D197E31F50A7CB9AE17F6BD1EAA701DA1EC5ABDCBB2858AB0AEDC345 ] GoToAssist      C:\Program Files (x86)\Citrix\GoToAssist\615\g2aservice.exe
23:41:04.0810 0x1964  GoToAssist - ok
23:41:04.0879 0x1964  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
23:41:04.0896 0x1964  gpsvc - ok
23:41:04.0993 0x1964  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:41:04.0996 0x1964  gupdate - ok
23:41:05.0031 0x1964  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:41:05.0034 0x1964  gupdatem - ok
23:41:05.0069 0x1964  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:41:05.0071 0x1964  hcw85cir - ok
23:41:05.0140 0x1964  [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:41:05.0148 0x1964  HdAudAddService - ok
23:41:05.0190 0x1964  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
23:41:05.0193 0x1964  HDAudBus - ok
23:41:05.0253 0x1964  [ B6AC71AAA2B10848F57FC49D55A651AF, 4FAD833654E86F9FAF972AC8AF87FD4A9A765B26B96F096BBD63506B5D521A91 ] HECIx64         C:\Windows\system32\DRIVERS\HECIx64.sys
23:41:05.0255 0x1964  HECIx64 - ok
23:41:05.0275 0x1964  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:41:05.0276 0x1964  HidBatt - ok
23:41:05.0294 0x1964  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:41:05.0297 0x1964  HidBth - ok
23:41:05.0303 0x1964  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:41:05.0304 0x1964  HidIr - ok
23:41:05.0331 0x1964  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\system32\hidserv.dll
23:41:05.0335 0x1964  hidserv - ok
23:41:05.0384 0x1964  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:41:05.0386 0x1964  HidUsb - ok
23:41:05.0426 0x1964  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:41:05.0431 0x1964  hkmsvc - ok
23:41:05.0495 0x1964  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:41:05.0507 0x1964  HomeGroupListener - ok
23:41:05.0555 0x1964  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:41:05.0562 0x1964  HomeGroupProvider - ok
23:41:05.0610 0x1964  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
23:41:05.0614 0x1964  HpSAMD - ok
23:41:05.0717 0x1964  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:41:05.0738 0x1964  HTTP - ok
23:41:05.0754 0x1964  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:41:05.0756 0x1964  hwpolicy - ok
23:41:05.0836 0x1964  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
23:41:05.0840 0x1964  i8042prt - ok
23:41:05.0935 0x1964  [ 2064090C9FAAD92C090D77E50E735B2E, 802BF10AF2F4B5DC93926C34DB2782DA6FD7243766D583E85603879483A592D2 ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:41:05.0946 0x1964  iaStor - ok
23:41:06.0055 0x1964  [ A9BE186ABF28B3D3D698CB855EDF457E, 03E1851132E1C8669CF9B3CEB1C9E6AE45BBAC2632FEEDD311F3B3FAA9B623DD ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
23:41:06.0057 0x1964  IAStorDataMgrSvc - ok
23:41:06.0134 0x1964  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:41:06.0152 0x1964  iaStorV - ok
23:41:06.0243 0x1964  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD, 2B9512324DBA4A97F6AC34E8067EE08E3B6874CD60F6CB4209AFC22A34D2BE99 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:41:06.0261 0x1964  idsvc - ok
23:41:06.0296 0x1964  IEEtwCollectorService - ok
23:41:06.0732 0x1964  [ 677AA5991026A65ADA128C4B59CF2BAD, 013F9D7362960EEE1DB70EE8B90A896EACA0B752924717FD019A6DD3BFF50C00 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
23:41:07.0002 0x1964  igfx - ok
23:41:07.0083 0x1964  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:41:07.0084 0x1964  iirsp - ok
23:41:07.0168 0x1964  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
23:41:07.0199 0x1964  IKEEXT - ok
23:41:07.0279 0x1964  [ DD587A55390ED2295BCE6D36AD567DA9, AEB7DCB8EF89BEE8D9649A05FC482B1E4E3F44243D57A2577C862EB69166C48E ] Impcd           C:\Windows\system32\DRIVERS\Impcd.sys
23:41:07.0283 0x1964  Impcd - ok
23:41:07.0352 0x1964  [ C6C1F19205DA83C801BE7C25F4E2EE07, AE28686272D0F3789751C8F73BE998026BA80D93539C81DDE148E34A34A9AD0C ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
23:41:07.0365 0x1964  IntcDAud - ok
23:41:07.0414 0x1964  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:41:07.0415 0x1964  intelide - ok
23:41:07.0462 0x1964  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:41:07.0464 0x1964  intelppm - ok
23:41:07.0491 0x1964  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:41:07.0495 0x1964  IPBusEnum - ok
23:41:07.0535 0x1964  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:41:07.0538 0x1964  IpFilterDriver - ok
23:41:07.0595 0x1964  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:41:07.0608 0x1964  iphlpsvc - ok
23:41:07.0651 0x1964  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
23:41:07.0654 0x1964  IPMIDRV - ok
23:41:07.0677 0x1964  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:41:07.0680 0x1964  IPNAT - ok
23:41:07.0730 0x1964  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:41:07.0731 0x1964  IRENUM - ok
23:41:07.0775 0x1964  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:41:07.0776 0x1964  isapnp - ok
23:41:07.0831 0x1964  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
23:41:07.0842 0x1964  iScsiPrt - ok
23:41:07.0885 0x1964  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
23:41:07.0887 0x1964  kbdclass - ok
23:41:07.0942 0x1964  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
23:41:07.0943 0x1964  kbdhid - ok
23:41:07.0971 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
23:41:07.0974 0x1964  KeyIso - ok
23:41:08.0032 0x1964  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:41:08.0035 0x1964  KSecDD - ok
23:41:08.0092 0x1964  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:41:08.0096 0x1964  KSecPkg - ok
23:41:08.0122 0x1964  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
23:41:08.0124 0x1964  ksthunk - ok
23:41:08.0186 0x1964  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:41:08.0195 0x1964  KtmRm - ok
23:41:08.0261 0x1964  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:41:08.0271 0x1964  LanmanServer - ok
23:41:08.0331 0x1964  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:41:08.0336 0x1964  LanmanWorkstation - ok
23:41:08.0394 0x1964  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:41:08.0396 0x1964  lltdio - ok
23:41:08.0457 0x1964  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:41:08.0465 0x1964  lltdsvc - ok
23:41:08.0488 0x1964  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:41:08.0491 0x1964  lmhosts - ok
23:41:08.0582 0x1964  [ 23DE5B62B0445A6F874BE633C95B483E, 39A8E5BD057F5EE049FA48848C5881DCD2CFB16CD9E2A03CC9DDF35F116FEE0B ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
23:41:08.0588 0x1964  LMS - ok
23:41:08.0641 0x1964  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:41:08.0644 0x1964  LSI_FC - ok
23:41:08.0651 0x1964  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:41:08.0654 0x1964  LSI_SAS - ok
23:41:08.0660 0x1964  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:41:08.0663 0x1964  LSI_SAS2 - ok
23:41:08.0691 0x1964  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:41:08.0694 0x1964  LSI_SCSI - ok
23:41:08.0751 0x1964  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
23:41:08.0754 0x1964  luafv - ok
23:41:08.0886 0x1964  [ 968BFF74AEB683C962960ECE0CAE4135, 3E08B39DE27FE27A27BD3E81486F0FCA1947D4B50BFE0167A0C27CE48DD56793 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
23:41:08.0893 0x1964  McComponentHostService - ok
23:41:08.0951 0x1964  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:41:08.0955 0x1964  Mcx2Svc - ok
23:41:08.0962 0x1964  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:41:08.0964 0x1964  megasas - ok
23:41:08.0990 0x1964  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:41:08.0996 0x1964  MegaSR - ok
23:41:09.0025 0x1964  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
23:41:09.0028 0x1964  MMCSS - ok
23:41:09.0045 0x1964  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
23:41:09.0046 0x1964  Modem - ok
23:41:09.0096 0x1964  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:41:09.0098 0x1964  monitor - ok
23:41:09.0154 0x1964  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:41:09.0156 0x1964  mouclass - ok
23:41:09.0196 0x1964  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:41:09.0197 0x1964  mouhid - ok
23:41:09.0243 0x1964  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:41:09.0246 0x1964  mountmgr - ok
23:41:09.0287 0x1964  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:41:09.0291 0x1964  mpio - ok
23:41:09.0340 0x1964  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:41:09.0342 0x1964  mpsdrv - ok
23:41:09.0403 0x1964  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:41:09.0422 0x1964  MpsSvc - ok
23:41:09.0472 0x1964  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:41:09.0476 0x1964  MRxDAV - ok
23:41:09.0521 0x1964  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:41:09.0525 0x1964  mrxsmb - ok
23:41:09.0578 0x1964  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:41:09.0584 0x1964  mrxsmb10 - ok
23:41:09.0608 0x1964  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:41:09.0611 0x1964  mrxsmb20 - ok
23:41:09.0651 0x1964  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:41:09.0652 0x1964  msahci - ok
23:41:09.0699 0x1964  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
23:41:09.0702 0x1964  msdsm - ok
23:41:09.0727 0x1964  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
23:41:09.0732 0x1964  MSDTC - ok
23:41:09.0770 0x1964  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:41:09.0771 0x1964  Msfs - ok
23:41:09.0792 0x1964  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:41:09.0793 0x1964  mshidkmdf - ok
23:41:09.0847 0x1964  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:41:09.0848 0x1964  msisadrv - ok
23:41:09.0902 0x1964  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:41:09.0907 0x1964  MSiSCSI - ok
23:41:09.0911 0x1964  msiserver - ok
23:41:09.0952 0x1964  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:41:09.0953 0x1964  MSKSSRV - ok
23:41:09.0968 0x1964  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:41:09.0969 0x1964  MSPCLOCK - ok
23:41:10.0015 0x1964  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:41:10.0016 0x1964  MSPQM - ok
23:41:10.0091 0x1964  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:41:10.0099 0x1964  MsRPC - ok
23:41:10.0135 0x1964  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
23:41:10.0136 0x1964  mssmbios - ok
23:41:10.0178 0x1964  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:41:10.0179 0x1964  MSTEE - ok
23:41:10.0228 0x1964  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:41:10.0230 0x1964  MTConfig - ok
23:41:10.0276 0x1964  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
23:41:10.0278 0x1964  Mup - ok
23:41:10.0335 0x1964  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
23:41:10.0346 0x1964  napagent - ok
23:41:10.0411 0x1964  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:41:10.0418 0x1964  NativeWifiP - ok
23:41:10.0499 0x1964  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:41:10.0519 0x1964  NDIS - ok
23:41:10.0549 0x1964  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:41:10.0551 0x1964  NdisCap - ok
23:41:10.0610 0x1964  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:41:10.0611 0x1964  NdisTapi - ok
23:41:10.0664 0x1964  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:41:10.0666 0x1964  Ndisuio - ok
23:41:10.0738 0x1964  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:41:10.0743 0x1964  NdisWan - ok
23:41:10.0792 0x1964  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:41:10.0794 0x1964  NDProxy - ok
23:41:10.0837 0x1964  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:41:10.0839 0x1964  NetBIOS - ok
23:41:10.0908 0x1964  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:41:10.0915 0x1964  NetBT - ok
23:41:11.0037 0x1964  [ E929ADCB7898767A401A36FDF6A49060, EB67B6EA2E1D1E6B3DC9D089AA1270911111F6DC867581CDEFE2AC45A250BDDD ] NETGEARGenieDaemon C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
23:41:11.0042 0x1964  NETGEARGenieDaemon - ok
23:41:11.0077 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
23:41:11.0079 0x1964  Netlogon - ok
23:41:11.0113 0x1964  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
23:41:11.0123 0x1964  Netman - ok
23:41:11.0231 0x1964  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:11.0235 0x1964  NetMsmqActivator - ok
23:41:11.0244 0x1964  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:11.0249 0x1964  NetPipeActivator - ok
23:41:11.0280 0x1964  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
23:41:11.0291 0x1964  netprofm - ok
23:41:11.0301 0x1964  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:11.0305 0x1964  NetTcpActivator - ok
23:41:11.0315 0x1964  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
23:41:11.0319 0x1964  NetTcpPortSharing - ok
23:41:11.0353 0x1964  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:41:11.0355 0x1964  nfrd960 - ok
23:41:11.0400 0x1964  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:41:11.0409 0x1964  NlaSvc - ok
23:41:11.0617 0x1964  [ B9B72FAAAA41D59B73B88FE3DD737ED1, 050E741FB5313523340B19C9C168611222C4AE9A6084FE3E2F908A49EA909A29 ] NOBU            C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
23:41:11.0673 0x1964  NOBU - ok
23:41:11.0755 0x1964  [ 351533ACC2A069B94E80BBFC177E8FDF, 54B2749E0496ECC94CE65657627762B485CBC825767BAEDDAD0D2598820FFB9E ] NPF             C:\Windows\system32\drivers\npf.sys
23:41:11.0756 0x1964  NPF - ok
23:41:11.0771 0x1964  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:41:11.0773 0x1964  Npfs - ok
23:41:11.0805 0x1964  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
23:41:11.0807 0x1964  nsi - ok
23:41:11.0827 0x1964  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:41:11.0828 0x1964  nsiproxy - ok
23:41:11.0939 0x1964  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:41:11.0974 0x1964  Ntfs - ok
23:41:12.0038 0x1964  [ 13A1CCB48C64EE9B75CFBA77EC3E5721, FEE24D6C7B45299E18C62651200D8018B84AFFE71D7298F6E001E2D8F80E7B5B ] NT_NvcA         C:\Windows\system32\DRIVERS\ntnvca.sys
23:41:12.0040 0x1964  NT_NvcA - ok
23:41:12.0106 0x1964  [ 317020D31F1696334679B9D0416EB62E, 7A12A86FAD9F3767B8578D5A79B7AE109E3FADC8FD876A8A326FCC70D83D4E7E ] NuidFltr        C:\Windows\system32\DRIVERS\NuidFltr.sys
23:41:12.0108 0x1964  NuidFltr - ok
23:41:12.0147 0x1964  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
23:41:12.0148 0x1964  Null - ok
23:41:12.0250 0x1964  [ E7BE0669645CAC693CA12D767DB50E23, 3A2F3DABBCE7CD702652743D5208F00393B47FA4F571313EFD20C9BD7A3E9947 ] NvcSvcMgr       C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
23:41:12.0265 0x1964  NvcSvcMgr - ok
23:41:12.0340 0x1964  [ 06DE0AE24D9CF7E8B675BA1EB6A2F7CF, 89043F9985754808184AB0681C07FF7760152A4A85E363FCEE28FA7B5EDBA576 ] nvcwfpco        C:\Windows\system32\DRIVERS\nvcwfpco.sys
23:41:12.0342 0x1964  nvcwfpco - ok
23:41:12.0388 0x1964  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:41:12.0392 0x1964  nvraid - ok
23:41:12.0445 0x1964  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:41:12.0449 0x1964  nvstor - ok
23:41:12.0492 0x1964  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:41:12.0495 0x1964  nv_agp - ok
23:41:12.0606 0x1964  [ 785F487A64950F3CB8E9F16253BA3B7B, 02445344BD214370A6D48B1CA04921D8EFCB13E676B5648266DD0E076C0822B6 ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:41:12.0615 0x1964  odserv - ok
23:41:12.0631 0x1964  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:41:12.0633 0x1964  ohci1394 - ok
23:41:12.0699 0x1964  [ 9D10F99A6712E28F8ACD5641E3A7EA6B, 70964A0ED9011EA94044E15FA77EDD9CF535CC79ED8E03A3721FF007E69595CC ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:41:12.0703 0x1964  ose - ok
23:41:12.0942 0x1964  [ 61BFFB5F57AD12F83AB64B7181829B34, 1DD0DD35E4158F95765EE6639F217DF03A0A19E624E020DBA609268C08A13846 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:41:13.0049 0x1964  osppsvc - ok
23:41:13.0100 0x1964  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:41:13.0111 0x1964  p2pimsvc - ok
23:41:13.0140 0x1964  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
23:41:13.0154 0x1964  p2psvc - ok
23:41:13.0180 0x1964  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:41:13.0184 0x1964  Parport - ok
23:41:13.0227 0x1964  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:41:13.0230 0x1964  partmgr - ok
23:41:13.0247 0x1964  [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:41:13.0253 0x1964  PcaSvc - ok
23:41:13.0332 0x1964  [ 7317A0B550F7AC0223B7070897670476, ABB0A1296BA267467C16CF99383EFCAB1732B07EE5B2494197A26B8432DD0A94 ] PCDSRVC{1E208CE0-FB7451FF-06020101}_0 c:\program files\dell support center\pcdsrvc_x64.pkms
23:41:13.0334 0x1964  PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - ok
23:41:13.0352 0x1964  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
23:41:13.0358 0x1964  pci - ok
23:41:13.0402 0x1964  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:41:13.0403 0x1964  pciide - ok
23:41:13.0425 0x1964  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:41:13.0430 0x1964  pcmcia - ok
23:41:13.0445 0x1964  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
23:41:13.0447 0x1964  pcw - ok
23:41:13.0479 0x1964  [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:41:13.0492 0x1964  PEAUTH - ok
23:41:13.0559 0x1964  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:41:13.0561 0x1964  PerfHost - ok
23:41:13.0705 0x1964  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
23:41:13.0734 0x1964  pla - ok
23:41:13.0803 0x1964  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:41:13.0814 0x1964  PlugPlay - ok
23:41:13.0847 0x1964  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:41:13.0850 0x1964  PNRPAutoReg - ok
23:41:13.0875 0x1964  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:41:13.0884 0x1964  PNRPsvc - ok
23:41:13.0952 0x1964  [ 33328FA8A580885AB0065BE6DB266E9F, 645A1B1702ADB0D3F784B998CDF17524CC6C4891594AA075D538A0656BAE69B8 ] Point64         C:\Windows\system32\DRIVERS\point64.sys
23:41:13.0954 0x1964  Point64 - ok
23:41:14.0015 0x1964  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:41:14.0027 0x1964  PolicyAgent - ok
23:41:14.0079 0x1964  [ 6BA9D927DDED70BD1A9CADED45F8B184, 66203CE70A5EDE053929A940F38924C6792239CCCE10DD2C1D90D5B4D6748B55 ] Power           C:\Windows\system32\umpo.dll
23:41:14.0085 0x1964  Power - ok
23:41:14.0164 0x1964  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:41:14.0167 0x1964  PptpMiniport - ok
23:41:14.0205 0x1964  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:41:14.0207 0x1964  Processor - ok
23:41:14.0267 0x1964  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
23:41:14.0273 0x1964  ProfSvc - ok
23:41:14.0294 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:41:14.0296 0x1964  ProtectedStorage - ok
23:41:14.0339 0x1964  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:41:14.0343 0x1964  Psched - ok
23:41:14.0408 0x1964  [ 87B04878A6D59D6C79251DC960C674C1, 3EB8DB0624E646F0A65D0381408D35CF9FDC5ABFC30DF6431F4070A8EB68447C ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
23:41:14.0410 0x1964  PxHlpa64 - ok
23:41:14.0487 0x1964  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:41:14.0533 0x1964  ql2300 - ok
23:41:14.0558 0x1964  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:41:14.0561 0x1964  ql40xx - ok
23:41:14.0592 0x1964  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
23:41:14.0599 0x1964  QWAVE - ok
23:41:14.0628 0x1964  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:41:14.0630 0x1964  QWAVEdrv - ok
23:41:14.0651 0x1964  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:41:14.0653 0x1964  RasAcd - ok
23:41:14.0708 0x1964  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:41:14.0711 0x1964  RasAgileVpn - ok
23:41:14.0726 0x1964  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
23:41:14.0730 0x1964  RasAuto - ok
23:41:14.0772 0x1964  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:41:14.0776 0x1964  Rasl2tp - ok
23:41:14.0846 0x1964  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
23:41:14.0855 0x1964  RasMan - ok
23:41:14.0875 0x1964  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:41:14.0877 0x1964  RasPppoe - ok
23:41:14.0887 0x1964  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:41:14.0890 0x1964  RasSstp - ok
23:41:14.0939 0x1964  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:41:14.0946 0x1964  rdbss - ok
23:41:14.0959 0x1964  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:41:14.0961 0x1964  rdpbus - ok
23:41:14.0980 0x1964  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:41:14.0981 0x1964  RDPCDD - ok
23:41:15.0025 0x1964  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:41:15.0026 0x1964  RDPENCDD - ok
23:41:15.0046 0x1964  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:41:15.0048 0x1964  RDPREFMP - ok
23:41:15.0099 0x1964  [ E61608AA35E98999AF9AAEEEA6114B0A, F754CDE89DC96786D2A3C4D19EE2AEF1008E634E4DE3C0CBF927436DE90C04A6 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:41:15.0104 0x1964  RDPWD - ok
23:41:15.0177 0x1964  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:41:15.0183 0x1964  rdyboost - ok
23:41:15.0203 0x1964  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:41:15.0207 0x1964  RemoteAccess - ok
23:41:15.0241 0x1964  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:41:15.0247 0x1964  RemoteRegistry - ok
23:41:15.0301 0x1964  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:41:15.0305 0x1964  RFCOMM - ok
23:41:15.0360 0x1964  [ 7B04C9843921AB1F695FB395422C5360, C9B02BE0384357FD242613C2A12029B45322AF9A795CD69F33500CA7530899A7 ] RimUsb          C:\Windows\system32\Drivers\RimUsb_AMD64.sys
23:41:15.0361 0x1964  RimUsb - ok
23:41:15.0490 0x1964  [ BDDC447AB46625A54619808575D5CB46, 5321343BFB972A111D27DED7A3F3A3520E0C77104E6139ADC7765C76A459ED9C ] RoxMediaDB12OEM C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
23:41:15.0513 0x1964  RoxMediaDB12OEM - ok
23:41:15.0539 0x1964  [ CE203243ADF512540249DF9C264F12DD, 7BC0A6E9A422D832DDF046F28EA0F80A879A007B7116C4B830D6A39DCDD09EF5 ] RoxWatch12      C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
23:41:15.0546 0x1964  RoxWatch12 - ok
23:41:15.0572 0x1964  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:41:15.0575 0x1964  RpcEptMapper - ok
23:41:15.0607 0x1964  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
23:41:15.0609 0x1964  RpcLocator - ok
23:41:15.0664 0x1964  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
23:41:15.0678 0x1964  RpcSs - ok
23:41:15.0748 0x1964  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:41:15.0750 0x1964  rspndr - ok
23:41:15.0818 0x1964  [ 30F463768D5143BFD7B2DF822B53CF4D, 3DD94DDF95086C7C2A83617B499627C04D020BF9F230C0F080B169CB846F796F ] RSUSBSTOR       C:\Windows\system32\Drivers\RtsUStor.sys
23:41:15.0824 0x1964  RSUSBSTOR - ok
23:41:15.0892 0x1964  [ FD978B2BF8A9B2390DCBEF435E9C1F9F, 52CFFE354006CCF087D3651D9D2AF201FD8A8FE8FB7D9CAAC8A527E91838ACE6 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
23:41:15.0899 0x1964  RTL8167 - ok
23:41:15.0925 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
23:41:15.0927 0x1964  SamSs - ok
23:41:15.0953 0x1964  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:41:15.0956 0x1964  sbp2port - ok
23:41:15.0993 0x1964  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:41:15.0998 0x1964  SCardSvr - ok
23:41:16.0039 0x1964  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:41:16.0041 0x1964  scfilter - ok
23:41:16.0133 0x1964  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
23:41:16.0168 0x1964  Schedule - ok
23:41:16.0209 0x1964  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:41:16.0212 0x1964  SCPolicySvc - ok
23:41:16.0277 0x1964  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:41:16.0282 0x1964  SDRSVC - ok
23:41:16.0343 0x1964  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:41:16.0345 0x1964  secdrv - ok
23:41:16.0402 0x1964  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
23:41:16.0407 0x1964  seclogon - ok
23:41:16.0440 0x1964  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\System32\sens.dll
23:41:16.0446 0x1964  SENS - ok
23:41:16.0457 0x1964  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:41:16.0459 0x1964  SensrSvc - ok
23:41:16.0480 0x1964  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:41:16.0481 0x1964  Serenum - ok
23:41:16.0506 0x1964  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:41:16.0509 0x1964  Serial - ok
23:41:16.0548 0x1964  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:41:16.0549 0x1964  sermouse - ok
23:41:16.0611 0x1964  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
23:41:16.0615 0x1964  SessionEnv - ok
23:41:16.0652 0x1964  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
23:41:16.0653 0x1964  sffdisk - ok
23:41:16.0664 0x1964  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:41:16.0665 0x1964  sffp_mmc - ok
23:41:16.0685 0x1964  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
23:41:16.0686 0x1964  sffp_sd - ok
23:41:16.0693 0x1964  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:41:16.0694 0x1964  sfloppy - ok
23:41:16.0755 0x1964  [ 38F88F0DF46C4D42125EF721ABD7F6B9, 8CE1D5D0905F7CC7826036763600AD041B87E340DA8D6D64EA34CC48F2FA9B7B ] SftService      C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
23:41:16.0769 0x1964  SftService - ok
23:41:16.0806 0x1964  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:41:16.0815 0x1964  SharedAccess - ok
23:41:16.0875 0x1964  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:41:16.0884 0x1964  ShellHWDetection - ok
23:41:16.0908 0x1964  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:41:16.0910 0x1964  SiSRaid2 - ok
23:41:16.0918 0x1964  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:41:16.0920 0x1964  SiSRaid4 - ok
23:41:17.0033 0x1964  [ 50D9949020E02B847CD48F1243FCB895, 5BDAD5E44DE5B412645142810C5FCE4B2D9685F928FF4A6B836A9DCE7725BD78 ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe
23:41:17.0037 0x1964  SkypeUpdate - ok
23:41:17.0084 0x1964  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:41:17.0087 0x1964  Smb - ok
23:41:17.0152 0x1964  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:41:17.0155 0x1964  SNMPTRAP - ok
23:41:17.0171 0x1964  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:41:17.0172 0x1964  spldr - ok
23:41:17.0231 0x1964  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
23:41:17.0244 0x1964  Spooler - ok
23:41:17.0408 0x1964  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
23:41:17.0485 0x1964  sppsvc - ok
23:41:17.0510 0x1964  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:41:17.0513 0x1964  sppuinotify - ok
23:41:17.0648 0x1964  [ 5F242E1A03ACA19044BC55F9C0DA747B, D913BA9C63AFD9AD482681A25FF5E2BC629CDF2CE193EE4B1517CEA2934BAB3B ] SpyHunter 4 Service C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
23:41:17.0669 0x1964  SpyHunter 4 Service - ok
23:41:17.0724 0x1964  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:41:17.0734 0x1964  srv - ok
23:41:17.0793 0x1964  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:41:17.0801 0x1964  srv2 - ok
23:41:17.0826 0x1964  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:41:17.0830 0x1964  srvnet - ok
23:41:17.0892 0x1964  [ ED161B91FDF7EAA39469D72D463D5F4E, FC793E378FB709313D0AC44F59BF5C9488D73235AA2B1A21C50C3DED91C6BE62 ] sscdbus         C:\Windows\system32\DRIVERS\sscdbus.sys
23:41:17.0896 0x1964  sscdbus - ok
23:41:17.0938 0x1964  [ 4CB09E77593DBD8D7AF33B37375CA715, 7B14851A8EDAA996D28335FD4DA812C6114DD5012E1E929F4813797CDC77E5BC ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:41:17.0940 0x1964  sscdmdfl - ok
23:41:17.0963 0x1964  [ C7B4CF53497A6E5363F3439427663882, 993278ADAAC18F12FE00CCF76681461451DA335F67BB581FC7326045048EC085 ] sscdmdm         C:\Windows\system32\DRIVERS\sscdmdm.sys
23:41:17.0971 0x1964  sscdmdm - ok
23:41:18.0005 0x1964  [ 05FFA552F578E27AB2D41B6828DB477F, F3292A431D656C039F4300AA584FA13F26A69B351C2F903B3E47CEF464A6233A ] sscdserd        C:\Windows\system32\DRIVERS\sscdserd.sys
23:41:18.0009 0x1964  sscdserd - ok
23:41:18.0035 0x1964  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:41:18.0041 0x1964  SSDPSRV - ok
23:41:18.0078 0x1964  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:41:18.0081 0x1964  SstpSvc - ok
23:41:18.0162 0x1964  [ 463E33B1EA7AF1E6EB87B66B831DB41A, E76654F8E301829C0F27775A5673A3BA929FE4FA6C1C214A98C2915C5EC189A4 ] STacSV          C:\Program Files\IDT\WDM\STacSV64.exe
23:41:18.0168 0x1964  STacSV - ok
23:41:18.0200 0x1964  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:41:18.0201 0x1964  stexstor - ok
23:41:18.0278 0x1964  [ 4304B75094E106FB5423A290C95841E5, 55670F1DBC9B25A5E31FBEB3CB3C97E2B11CCD6359DA89FF1310C1BBCEC66A80 ] STHDA           C:\Windows\system32\DRIVERS\stwrt64.sys
23:41:18.0290 0x1964  STHDA - ok
23:41:18.0358 0x1964  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
23:41:18.0377 0x1964  stisvc - ok
23:41:18.0438 0x1964  [ 9E182DD94496550A22A392CC1A8E0F52, 6F630982F7AFDF409F24BB0D9815592000FC8A47200F4FEC4A5C5ED241810244 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:41:18.0440 0x1964  stllssvr - ok
23:41:18.0487 0x1964  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\drivers\swenum.sys
23:41:18.0488 0x1964  swenum - ok
23:41:18.0559 0x1964  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
23:41:18.0573 0x1964  swprv - ok
23:41:18.0643 0x1964  [ 8A3FBCB3D6D4710730D27DA4392A4863, 392CCBB54FF2017EDA147283F479E8DED525F41A316EAE114596BBA02D04AF82 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
23:41:18.0651 0x1964  SynTP - ok
23:41:18.0747 0x1964  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
23:41:18.0785 0x1964  SysMain - ok
23:41:18.0841 0x1964  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:41:18.0846 0x1964  TabletInputService - ok
23:41:18.0885 0x1964  [ 3B73C849B41FB20D77B0E553214061A5, 359F2DFEFF5B294B087F7F7DF0F6496CA06901135BB7D6DC52E41F393DA90059 ] tap0901         C:\Windows\system32\DRIVERS\tap0901.sys
23:41:18.0886 0x1964  tap0901 - ok
23:41:18.0912 0x1964  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:41:18.0921 0x1964  TapiSrv - ok
23:41:18.0940 0x1964  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
23:41:18.0943 0x1964  TBS - ok
23:41:19.0055 0x1964  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:41:19.0096 0x1964  Tcpip - ok
23:41:19.0184 0x1964  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:41:19.0230 0x1964  TCPIP6 - ok
23:41:19.0273 0x1964  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:41:19.0275 0x1964  tcpipreg - ok
23:41:19.0303 0x1964  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:41:19.0304 0x1964  TDPIPE - ok
23:41:19.0341 0x1964  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:41:19.0343 0x1964  TDTCP - ok
23:41:19.0391 0x1964  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:41:19.0394 0x1964  tdx - ok
23:41:19.0446 0x1964  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\drivers\termdd.sys
23:41:19.0449 0x1964  TermDD - ok
23:41:19.0517 0x1964  [ 2E648163254233755035B46DD7B89123, 6FA0D07CE18A3A69D82EE49D875F141E39406E92C34EAC76AC4EB052E6EBCBCD ] TermService     C:\Windows\System32\termsrv.dll
23:41:19.0533 0x1964  TermService - ok
23:41:19.0553 0x1964  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
23:41:19.0556 0x1964  Themes - ok
23:41:19.0585 0x1964  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
23:41:19.0588 0x1964  THREADORDER - ok
23:41:19.0602 0x1964  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
23:41:19.0607 0x1964  TrkWks - ok
23:41:19.0680 0x1964  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:41:19.0685 0x1964  TrustedInstaller - ok
23:41:19.0726 0x1964  [ 4CE278FC9671BA81A138D70823FCAA09, CBE501436696E32A3701B9F377B823AC36647B6626595F76CC63E2396AD7D300 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:41:19.0727 0x1964  tssecsrv - ok
23:41:19.0797 0x1964  [ D11C783E3EF9A3C52C0EBE83CC5000E9, A136C355D4C8945729163D15801364A614E23217B15F9313C85BA45BB71A74EB ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
23:41:19.0799 0x1964  TsUsbFlt - ok
23:41:19.0873 0x1964  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:41:19.0877 0x1964  tunnel - ok
23:41:19.0902 0x1964  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:41:19.0904 0x1964  uagp35 - ok
23:41:19.0962 0x1964  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:41:19.0972 0x1964  udfs - ok
23:41:20.0006 0x1964  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:41:20.0010 0x1964  UI0Detect - ok
23:41:20.0075 0x1964  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:41:20.0078 0x1964  uliagpkx - ok
23:41:20.0147 0x1964  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\drivers\umbus.sys
23:41:20.0149 0x1964  umbus - ok
23:41:20.0187 0x1964  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:41:20.0188 0x1964  UmPass - ok
23:41:20.0373 0x1964  [ CC3775100ABA633984F73DFAE1F55CAE, 845F129289BB73FD78A6C3B497F17BA973FD691BC9242200F81993417C803FE9 ] UNS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
23:41:20.0419 0x1964  UNS - ok
23:41:20.0491 0x1964  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
23:41:20.0506 0x1964  upnphost - ok
23:41:20.0545 0x1964  [ DCA68B0943D6FA415F0C56C92158A83A, BEE5A5B33B22D1DF50B884D46D89FC3B8286EB16E38AD5A20F0A49E5C6766C57 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:41:20.0548 0x1964  usbccgp - ok
23:41:20.0600 0x1964  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:41:20.0603 0x1964  usbcir - ok
23:41:20.0642 0x1964  [ 18A85013A3E0F7E1755365D287443965, 811C5EDF38C765BCF71BCE25CB6626FF6988C3699F5EF1846240EA0052F34C33 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
23:41:20.0644 0x1964  usbehci - ok
23:41:20.0706 0x1964  [ 8D1196CFBB223621F2C67D45710F25BA, B5D7AFE51833B24FC9576F3AED3D8A2B290E5846060E73F9FFFAC1890A8B6003 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:41:20.0715 0x1964  usbhub - ok
23:41:20.0763 0x1964  [ 765A92D428A8DB88B960DA5A8D6089DC, 56DE8A2ED58E53B202C399CA7BACB1551136303C2EE0AB426BDBBF880E3C542C ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:41:20.0764 0x1964  usbohci - ok
23:41:20.0792 0x1964  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:41:20.0793 0x1964  usbprint - ok
23:41:20.0842 0x1964  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:41:20.0844 0x1964  USBSTOR - ok
23:41:20.0879 0x1964  [ DD253AFC3BC6CBA412342DE60C3647F3, 146F8613F1057AC054DC3593E84BC52899DA27EA33B0E72ACFB78C3699ADCDE7 ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
23:41:20.0880 0x1964  usbuhci - ok
23:41:20.0952 0x1964  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
23:41:20.0956 0x1964  usbvideo - ok
23:41:20.0985 0x1964  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
23:41:20.0989 0x1964  UxSms - ok
23:41:21.0005 0x1964  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
23:41:21.0007 0x1964  VaultSvc - ok
23:41:21.0050 0x1964  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
23:41:21.0052 0x1964  vdrvroot - ok
23:41:21.0116 0x1964  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
23:41:21.0129 0x1964  vds - ok
23:41:21.0179 0x1964  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:41:21.0181 0x1964  vga - ok
23:41:21.0202 0x1964  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:41:21.0203 0x1964  VgaSave - ok
23:41:21.0247 0x1964  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
23:41:21.0253 0x1964  vhdmp - ok
23:41:21.0298 0x1964  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
23:41:21.0299 0x1964  viaide - ok
23:41:21.0319 0x1964  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:41:21.0322 0x1964  volmgr - ok
23:41:21.0379 0x1964  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:41:21.0387 0x1964  volmgrx - ok
23:41:21.0407 0x1964  [ 0D08D2F3B3FF84E433346669B5E0F639, 3D6716CEC95B8861A7CC5778E91F310528DC6BEE0E57A3C8757FC675154EBDEC ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:41:21.0414 0x1964  volsnap - ok
23:41:21.0547 0x1964  [ 0B0772247B85FC844A06498386E32F59, 47FBF825649C78E52A13EBD06336209C15414293A414757CF424E4B4490319BA ] vpnagent        C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
23:41:21.0560 0x1964  vpnagent - ok
23:41:21.0630 0x1964  [ 5932B2999AEF21C4599A792599F28D89, 78B2842BA71F9DAB5BB64BA4AB97BD19DEEFB075F83D735244906D046E78B2DC ] vpnva           C:\Windows\system32\DRIVERS\vpnva64-6.sys
23:41:21.0633 0x1964  vpnva - ok
23:41:21.0654 0x1964  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:41:21.0658 0x1964  vsmraid - ok
23:41:21.0758 0x1964  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
23:41:21.0807 0x1964  VSS - ok
23:41:21.0849 0x1964  vToolbarUpdater18.1.9 - ok
23:41:21.0890 0x1964  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
23:41:21.0891 0x1964  vwifibus - ok
23:41:21.0938 0x1964  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:41:21.0940 0x1964  vwififlt - ok
23:41:21.0972 0x1964  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
23:41:21.0982 0x1964  W32Time - ok
23:41:22.0008 0x1964  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:41:22.0010 0x1964  WacomPen - ok
23:41:22.0074 0x1964  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:41:22.0077 0x1964  WANARP - ok
23:41:22.0084 0x1964  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:41:22.0086 0x1964  Wanarpv6 - ok
23:41:22.0163 0x1964  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
23:41:22.0192 0x1964  WatAdminSvc - ok
23:41:22.0306 0x1964  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
23:41:22.0342 0x1964  wbengine - ok
23:41:22.0379 0x1964  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:41:22.0385 0x1964  WbioSrvc - ok
23:41:22.0440 0x1964  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:41:22.0450 0x1964  wcncsvc - ok
23:41:22.0463 0x1964  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:41:22.0466 0x1964  WcsPlugInService - ok
23:41:22.0490 0x1964  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:41:22.0492 0x1964  Wd - ok
23:41:22.0564 0x1964  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:41:22.0581 0x1964  Wdf01000 - ok
23:41:22.0630 0x1964  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:41:22.0635 0x1964  WdiServiceHost - ok
23:41:22.0640 0x1964  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:41:22.0644 0x1964  WdiSystemHost - ok
23:41:22.0706 0x1964  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
23:41:22.0713 0x1964  WebClient - ok
23:41:22.0739 0x1964  [ C749025A679C5103E575E3B48E092C43, B71171D07EE7AB085A24BF3A1072FF2CE7EA021AAE695F6A90640E6EE8EB55C1 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:41:22.0746 0x1964  Wecsvc - ok
23:41:22.0769 0x1964  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:41:22.0773 0x1964  wercplsupport - ok
23:41:22.0832 0x1964  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:41:22.0837 0x1964  WerSvc - ok
23:41:22.0881 0x1964  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:41:22.0882 0x1964  WfpLwf - ok
23:41:22.0934 0x1964  [ B14EF15BD757FA488F9C970EEE9C0D35, F27DF2D47E7076786AE7C396583D7A1C56B93E766711066C900964FC7313E794 ] WimFltr         C:\Windows\system32\DRIVERS\wimfltr.sys
23:41:22.0939 0x1964  WimFltr - ok
23:41:22.0963 0x1964  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:41:22.0965 0x1964  WIMMount - ok
23:41:22.0989 0x1964  WinDefend - ok
23:41:23.0023 0x1964  WinHttpAutoProxySvc - ok
23:41:23.0090 0x1964  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:41:23.0096 0x1964  Winmgmt - ok
23:41:23.0200 0x1964  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:41:23.0242 0x1964  WinRM - ok
23:41:23.0308 0x1964  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:41:23.0310 0x1964  WinUsb - ok
23:41:23.0377 0x1964  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:41:23.0399 0x1964  Wlansvc - ok
23:41:23.0468 0x1964  [ 06C8FA1CF39DE6A735B54D906BA791C6, D8FEC7DE227781CDA876904701B2AA995268F74DCD6CB34AA0296C557FC283B6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:41:23.0470 0x1964  wlcrasvc - ok
23:41:23.0646 0x1964  [ 2BACD71123F42CEA603F4E205E1AE337, 1FEF20554110371D738F462ECFFA999158EFEED02062414C58C1B61C422BF0B9 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:41:23.0697 0x1964  wlidsvc - ok
23:41:23.0736 0x1964  [ DE816A0624D54D68E1FB8A9028DCF81A, 30C718E72E98F20BE55A7B74E0C6FAB6A9F236E0D41D1E224C8A32771A440641 ] wltrysvc        C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
23:41:23.0738 0x1964  wltrysvc - ok
23:41:23.0797 0x1964  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
23:41:23.0799 0x1964  WmiAcpi - ok
23:41:23.0845 0x1964  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:41:23.0850 0x1964  wmiApSrv - ok
23:41:23.0919 0x1964  WMPNetworkSvc - ok
23:41:23.0941 0x1964  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:41:23.0944 0x1964  WPCSvc - ok
23:41:23.0990 0x1964  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:41:23.0995 0x1964  WPDBusEnum - ok
23:41:24.0018 0x1964  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:41:24.0019 0x1964  ws2ifsl - ok
23:41:24.0039 0x1964  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\System32\wscsvc.dll
23:41:24.0044 0x1964  wscsvc - ok
23:41:24.0047 0x1964  WSearch - ok
23:41:24.0173 0x1964  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:41:24.0241 0x1964  wuauserv - ok
23:41:24.0280 0x1964  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:41:24.0283 0x1964  WudfPf - ok
23:41:24.0321 0x1964  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:41:24.0325 0x1964  WUDFRd - ok
23:41:24.0346 0x1964  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:41:24.0350 0x1964  wudfsvc - ok
23:41:24.0391 0x1964  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:41:24.0398 0x1964  WwanSvc - ok
23:41:24.0441 0x1964  [ B3EEACF62445E24FBB2CD4B0FB4DB026, 2E5B6220094C47754233EDA59E6514CE47AC6C6879F367C72B2C02330EABE8E0 ] yukonw7         C:\Windows\system32\DRIVERS\yk62x64.sys
23:41:24.0450 0x1964  yukonw7 - ok
23:41:24.0540 0x1964  [ 74983ADDCA2D9618512C088D856D6615, C4592EFC1206BD813221814FD529AD38ED26E4AE086613EB95D3D5E20448A1F0 ] {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl
23:41:24.0544 0x1964  {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7} - ok
23:41:24.0593 0x1964  ================ Scan global ===============================
23:41:24.0632 0x1964  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
23:41:24.0679 0x1964  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:41:24.0694 0x1964  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
23:41:24.0728 0x1964  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
23:41:24.0764 0x1964  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
23:41:24.0774 0x1964  [ Global ] - ok
23:41:24.0774 0x1964  ================ Scan MBR ==================================
23:41:24.0790 0x1964  [ C3220EB08ADD62E3ED9F72A1F4E4B1BB ] \Device\Harddisk0\DR0
23:41:25.0000 0x1964  \Device\Harddisk0\DR0 - ok
23:41:25.0001 0x1964  ================ Scan VBR ==================================
23:41:25.0004 0x1964  [ B4A651EA79A9998884DA67ECFFB5E2E7 ] \Device\Harddisk0\DR0\Partition1
23:41:25.0006 0x1964  \Device\Harddisk0\DR0\Partition1 - ok
23:41:25.0012 0x1964  [ 9353CF31A6EC515E78353D1600509A2F ] \Device\Harddisk0\DR0\Partition2
23:41:25.0058 0x1964  \Device\Harddisk0\DR0\Partition2 - ok
23:41:25.0059 0x1964  ================ Scan generic autorun ======================
23:41:25.0081 0x1964  [ 71B4CE3E69FCF0B4603C5A7D98C797E6, 96AECE9AFB06672437C6BC2676E8FFCED16B499B6D88BCEA81D0C78C14D875D4 ] C:\Windows\system32\igfxtray.exe
23:41:25.0085 0x1964  IgfxTray - ok
23:41:25.0116 0x1964  [ 96305625A2552BF9AC62C4736971E1B6, 422C38D7C38F839A89975F660DE9747BDFB210AADD04EC2F1E8ABD6833649F27 ] C:\Windows\system32\hkcmd.exe
23:41:25.0126 0x1964  HotKeysCmds - ok
23:41:25.0153 0x1964  [ E6EA1C8C14003F5454672D315EB41892, B7694F2AE6353D709149FB5A2C40E8984DDEFDBA8BCB7CC21F17FC2466CD40B7 ] C:\Windows\system32\igfxpers.exe
23:41:25.0164 0x1964  Persistence - ok
23:41:25.0331 0x1964  [ 4A8C07E86AF82ED7F8677BDDDAD9A1A3, F81E8DCB6CDE0CF56487E308811943A9081EDCB8C5F13CCE26AE614C65BD1F2D ] C:\Program Files\Dell\QuickSet\QuickSet.exe
23:41:25.0424 0x1964  QuickSet - ok
23:41:25.0466 0x1964  [ 82A420C1388C76FD18018B0676933D33, B9A97A07F77B641B9FC3AEC04DD48C52DA850DB794AE757F9863B9FA166607A6 ] C:\Program Files\IDT\WDM\sttray64.exe
23:41:25.0478 0x1964  SysTrayApp - ok
23:41:25.0480 0x1964  SynTPEnh - ok
23:41:25.0680 0x1964  [ D98EF2E62B94F243E1BAF4350BF48C61, 3B75F64F0A2C8BAFDBBB3DE13060455D0B47D09658F8A67703F149B48111DCB3 ] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
23:41:25.0902 0x1964  Broadcom Wireless Manager UI - ok
23:41:26.0030 0x1964  [ 65F3F7216B1306D1184544FCB07E22C3, B974F91EBD0161464D55FB7EEAE8DED4156C90661BC15B3F02AF59D1430E08C0 ] C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
23:41:26.0072 0x1964  DellStage - ok
23:41:26.0195 0x1964  [ 0080231EC57D26B380F630CC790DAB85, CA59ED2E67D03C70A77AB0D605C6172B72B8238A42425D0F75C1C891DB89FF9A ] c:\Program Files\Microsoft IntelliPoint\ipoint.exe
23:41:26.0255 0x1964  IntelliPoint - ok
23:41:26.0406 0x1964  [ BDBF2A7AD6CF18F2A7FBC431692B7B96, 73A91EC0E78773B4138132D5D6D4C8A702116C4BF7D1D986B52BE0070F19E5FC ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
23:41:26.0419 0x1964  AdobeAAMUpdater-1.0 - ok
23:41:26.0481 0x1964  [ CBEBF85763814AD2CA23491050B08D76, E67ECEB3B9921DF8EB4236FC811E4C40AE7EE3272ED5D1E6CBF1ACB1E205963B ] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
23:41:26.0488 0x1964  IAStorIcon - ok
23:41:26.0505 0x1964  [ ECF207CD20FB05CEF8F3C7A101ED812C, 394F0A0864BECD920647D4766B358ED00DE0D4F83BC8F990AEC9455E266E0B3A ] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe
23:41:26.0511 0x1964  RoxWatchTray - ok
23:41:26.0543 0x1964  [ 76BF13E24442B4A3314379ABEAD51C99, 34CF0D7787DE0D3A737E87DDF18A100DB2CCFB6A7413D11A42A5C82656A8F8A6 ] C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
23:41:26.0548 0x1964  PDVDDXSrv - ok
23:41:26.0610 0x1964  [ 80B62FF105908EC9E4B072AFB1CFC824, B124F309CB42167D59097DB3346487A26D431EC05694CECF19F0C5938312B3E8 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
23:41:26.0620 0x1964  Dell Webcam Central - ok
23:41:26.0749 0x1964  [ EBE1962DC5EEFC13D20543013A891ABC, E6E993B38267D17EF4FFAD8870817DA0D65405C920177D077FA3FD7B98DB4C3D ] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
23:41:26.0795 0x1964  Dell DataSafe Online - ok
23:41:26.0873 0x1964  [ F6E0DC2C8C213B8B6348A106C89E7CCA, 62E00D2BCEF82BBC1590CE229B561A7670F8063F55158E2477B0CD19CA447AF1 ] C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe
23:41:26.0886 0x1964  Desktop Disc Tool - ok
23:41:26.0985 0x1964  [ FDC4AFFF3B685099C4E9E8714FDC52C7, 87456E2C4FDE95C25D4B84244E8CA484ED7009A762859EDB9CE02C52E6D18ABD ] C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe
23:41:27.0025 0x1964  NVC - ok
23:41:27.0096 0x1964  [ EABCB3EBAB22B981A09DBC1E65D05E96, 9980D2ADF2CB726DC6832A7D8697605608C3C8121DC631134735386A402896A8 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe
23:41:27.0110 0x1964  "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" - ok
23:41:27.0156 0x1964  [ 2E1BFF06765597930EFC259D6BFE5F7B, 94BCBD709830FDEF51A8BE529E2BFDCEF9FAA829B03C2D70AB8D20E8F3D69FD1 ] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
23:41:27.0161 0x1964  Launcher - ok
23:41:27.0282 0x1964  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:41:27.0322 0x1964  Sidebar - ok
23:41:27.0350 0x1964  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:41:27.0354 0x1964  mctadmin - ok
23:41:27.0391 0x1964  [ DCCA4B04AF87E52EF9EAA2190E06CBAC, 8858CFD159BB32AE9FCCA1A79EA83C876D481A286E914071D48F42FCA5B343D8 ] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
23:41:27.0414 0x1964  Sidebar - ok
23:41:27.0423 0x1964  [ 0FA760BF380B08D0B67B5507CD8B32AA, 0F73A7F64C4FDAB98CD3A865CC54B3A7195761530FCB115B725CC5A9FB738739 ] C:\Windows\System32\mctadmin.exe
23:41:27.0426 0x1964  mctadmin - ok
23:41:27.0493 0x1964  [ 9A0ABBB44CBDF1F35D9657E9BF141898, B5D7822EE77998EBA4A4F08998B387BC8BE835C6668615F88C9910FFFD96A421 ] C:\Program Files (x86)\puush\puush.exe
23:41:27.0504 0x1964  puush - ok
23:41:28.0260 0x1964  [ C51EC7188311F8C94437371AFE47909C, A848CD24E328B31D9F32B80611CA7DC82628289F65B6EF028819DD5D087A8375 ] C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
23:41:28.0833 0x1964  MusicManager - ok
23:41:28.0902 0x1964  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe
23:41:28.0905 0x1964  Google Update - ok
23:41:29.0089 0x1964  [ B8C93930C5F4F8C8EC46BFACD32078ED, C219B07C13DE0C45CB0D51CCD6971A389DCEDA316964CCBBF4F87CA60B31D01A ] C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
23:41:29.0176 0x1964  Amazon Cloud Player - ok
23:41:29.0374 0x1964  [ 15F3F063FAABB583C0A383DC0D4AAACC, FC0044F32E7805E382AED9670C59D1FC3238B43F9797839981B010E794BC7D24 ] C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
23:41:29.0454 0x1964  Fitbit Connect - ok
23:41:29.0618 0x1964  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe
23:41:29.0623 0x1964  Google Update - ok
23:41:29.0624 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:30.0624 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:31.0624 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:32.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:33.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:34.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:35.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:36.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:37.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:38.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:39.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:40.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:41.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:42.0625 0x1964  Waiting for KSN requests completion. In queue: 91
23:41:43.0675 0x1964  AV detected via SS2: AVG AntiVirus Free Edition 2014, C:\Program Files (x86)\AVG\AVG2014\avgwsc.exe ( 14.0.0.4765 ), 0x41000 ( enabled : updated )
23:41:43.0680 0x1964  Win FW state via NFP2: enabled
23:41:46.0446 0x1964  ============================================================
23:41:46.0446 0x1964  Scan finished
23:41:46.0446 0x1964  ============================================================
23:41:46.0460 0x2324  Detected object count: 0
23:41:46.0460 0x2324  Actual detected object count: 0


#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 29 September 2014 - 09:25 AM

The FRST log you posted appears to be cut off.  Can you try to post the FRST.txt log again, please.  I don't need the addition.txt log.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 29 September 2014 - 05:13 PM

Sorry about that. Here you go:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by Rebekah (administrator) on REBEKAH-PC on 28-09-2014 19:04:09
Running from C:\Users\Rebekah\Desktop
Loaded Profiles: Rebekah & Guest (Available profiles: Rebekah & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
() C:\Program Files (x86)\Adobe\PhotoshopElementsFileAgent.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTSVCCDA.EXE
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NETGEAR) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(Nortel Networks) C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
() C:\Program Files (x86)\puush\puush.exe
(Google Inc.) C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\apdproxy.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe
(Google Inc.) C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Macrovision Europe Ltd.) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google) C:\Users\Rebekah\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-18] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2010-03-17] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-03] (Dell Inc.)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [1802472 2011-01-25] ()
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2399632 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-12-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-09-04] (Sonic Solutions)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-12-29] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe [522736 2010-11-02] ()
HKLM-x32\...\Run: [NVC] => C:\Program Files (x86)\Nortel\Nortel VPN Client\Nvc.exe [1717584 2010-03-01] (Nortel Networks)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\apdproxy.exe [61440 2006-09-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat\acrotray.exe [620152 2006-10-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] => C:\Program Files (x86)\Google\Gmail Notifier\gnotify.exe [479232 2005-07-15] (Google Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2239376 2013-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2013-12-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe [559616 2011-10-10] (Dell)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe [165184 2011-01-13] (Softthinks)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\615\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [puush] => C:\Program Files (x86)\puush\puush.exe [567880 2013-07-14] ()
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [MusicManager] => C:\Users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Google Update] => C:\Users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-15] (Google Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Amazon Cloud Player] => C:\Users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3168576 2014-03-07] ()
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-1687653752-2044026659-2788394353-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-1687653752-2044026659-2788394353-501\...\Run: [Google Update] => C:\Users\Guest\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-10-13] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
ShortcutTarget: Adobe Acrobat Speed Launcher.lnk -> C:\Windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Synchronizer.lnk
ShortcutTarget: Adobe Acrobat Synchronizer.lnk -> C:\Program Files (x86)\Adobe\Acrobat\AdobeCollabSync.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.appref-ms ()
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Digsby.lnk
ShortcutTarget: Digsby.lnk -> C:\Program Files (x86)\Digsby\digsby.exe ()
Startup: C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
ShellIconOverlayIdentifiers:  AccExtIco1 -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco2 -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers:  AccExtIco3 -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://g.msn.com/USCON/1
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x6EF10DAF9ADACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
URLSearchHook: HKCU - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper -> {9FDDE16B-836F-4806-AB1F-1455CBEFF289} -> C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} -  No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - C:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll (Cozi Group, Inc.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Rebekah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Rebekah\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Rebekah\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Rebekah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Rebekah\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Rebekah\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Rebekah\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-04]
 
Chrome: 
=======
CHR NewTab: Default -> "chrome-extension://mgmiemnjjchgkmgbeljfocdjjnpjnmcg/ntp.html"
CHR Profile: C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (Entanglement Web App) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-05-17]
CHR Extension: (Google Docs) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (Phonetizer) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcmdhabjkgnocagfmpjhmllfdjgedfab [2013-05-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-25]
CHR Extension: (YouTube) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Google Cast) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2013-09-11]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgbogdmdefihhljhfeiklfiedefalcde [2013-05-17]
CHR Extension: (Add to Amazon Wish List) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ciagpekplgpbepdgggflgmahnjgiaced [2014-06-06]
CHR Extension: (Pixlr Grabber - Screen capture/image grabbing) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjjghkapdciaiogkeofggpblmbbnjinn [2013-05-17]
CHR Extension: (Spotify - Music for every moment) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnkjkdjlofllcpbemipjbcpfnglbgieh [2013-07-11]
CHR Extension: (Google Search) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Google+) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2013-05-17]
CHR Extension: (Gmail Offline) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-05-17]
CHR Extension: (My Fitness Pal Data Downloader) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejigkdnkmegmdnemjpnfmnapmpgjeopn [2014-03-09]
CHR Extension: (Google Sheets) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (MyFitnessPal Pie Chart by FOODFASTFIT) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\fomhleglpcohdnniiafhekkaakdgdkdh [2014-06-04]
CHR Extension: (AdBlock) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-05-17]
CHR Extension: (Awesome Weather Widget [ANTP]) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\goeepbfnllchoihkoiecpkkekbpfiboc [2013-05-17]
CHR Extension: (Pin It Button) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2013-05-17]
CHR Extension: (TweetDeck by Twitter) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbdpomandigafcibbmofojjchbcdagbl [2014-09-26]
CHR Extension: (Spotify Chrome Extension) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbjmlahipheaaghllkabfkpolljilkjb [2013-12-03]
CHR Extension: (NPR Infinite Player) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\hkpcelemhneoooapbbopolpjhmbfmnbf [2013-05-17]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2014-08-11]
CHR Extension: (No Name) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\iflpcokdamgefbghpdipcibmhlkdopop [2013-05-17]
CHR Extension: (Lose It!) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jehemifhdilebjjpibeianiedocpgocn [2013-05-17]
CHR Extension: (Google +1 Button) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2013-05-17]
CHR Extension: (Awesome Dictionary Widget [ANTP]) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdigjjbkpjljoknifbgaijaemafihhga [2014-04-04]
CHR Extension: (TweetDeck Launcher) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmjdnkpkpnjblbgbnkeedepgnomafojk [2014-09-26]
CHR Extension: (Numerics Calculator & Converter) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\liglcienpnkhdajdfmnpbgmpjglonipe [2013-05-17]
CHR Extension: (Poppit!) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2013-05-17]
CHR Extension: (Awesome New Tab Page™) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgmiemnjjchgkmgbeljfocdjjnpjnmcg [2013-05-17]
CHR Extension: (Google Mail Checker) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-05-17]
CHR Extension: (feedly) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2013-05-17]
CHR Extension: (Save to Pocket) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj [2013-05-17]
CHR Extension: (Google Wallet) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2013-05-17]
CHR Extension: (MyFitnessPal Data Exporter by FOODFASTFIT) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjhcgkchlaggpkjioockflccjfkmnccn [2014-03-09]
CHR Extension: (Gmail) - C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-14] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\PhotoshopElementsFileAgent.exe [102400 2006-09-14] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Creative Service for CDROM Access; C:\Windows\SysWOW64\CTsvcCDA.exe [44032 1999-12-13] (Creative Technology Ltd) [File not signed]
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2013-01-15] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [225792 2014-03-23] (NETGEAR) [File not signed]
R2 NvcSvcMgr; C:\Program Files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [628064 2010-03-01] (Nortel Networks)
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2014-01-09] (Enigma Software Group USA, LLC.)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-03] (Dell Inc.) [File not signed]
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2014-05-25] (CACE Technologies, Inc.)
R3 NT_NvcA; C:\Windows\System32\DRIVERS\ntnvca.sys [44112 2010-03-01] (Nortel Networks)
R2 nvcwfpco; C:\Windows\System32\DRIVERS\nvcwfpco.sys [79440 2010-03-01] (Nortel Networks Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-11] (MCCI Corporation)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52080 2013-12-12] (Cisco Systems, Inc.)
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}; C:\Program Files (x86)\CyberLink\PowerDVD DX\000.fcl [146928 2009-12-29] (CyberLink Corp.)
S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 18:56 - 2014-09-28 19:04 - 00049603 _____ () C:\Users\Rebekah\Desktop\Addition.txt
2014-09-28 18:54 - 2014-09-28 19:04 - 00033535 _____ () C:\Users\Rebekah\Desktop\FRST.txt
2014-09-28 18:54 - 2014-09-28 19:04 - 00000000 ____D () C:\FRST
2014-09-28 18:50 - 2014-09-28 18:51 - 02108928 _____ (Farbar) C:\Users\Rebekah\Desktop\FRST64.exe
2014-09-28 14:23 - 2014-09-28 14:24 - 00027237 _____ () C:\Users\Rebekah\Desktop\dds.txt
2014-09-28 14:23 - 2014-09-28 14:24 - 00013816 _____ () C:\Users\Rebekah\Desktop\attach.txt
2014-09-28 14:07 - 2014-09-28 14:07 - 00688992 ____R (Swearware) C:\Users\Rebekah\Desktop\dds.com.com
2014-09-28 00:46 - 2014-09-15 09:06 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-27 20:32 - 2014-09-27 20:32 - 00002221 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-27 20:32 - 2014-09-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-27 18:01 - 2014-09-27 18:01 - 00004996 _____ () C:\Users\Rebekah\Desktop\JRT.txt
2014-09-27 17:59 - 2014-09-27 17:59 - 00000000 ____D () C:\Windows\ERUNT
2014-09-27 17:58 - 2014-09-27 17:59 - 01699276 _____ (Thisisu) C:\Users\Rebekah\Desktop\JRT.exe
2014-09-27 17:23 - 2014-09-27 17:24 - 01373475 _____ () C:\Users\Rebekah\Downloads\AdwCleaner.exe
2014-09-27 17:10 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-27 17:09 - 2014-09-27 17:51 - 00000000 ____D () C:\AdwCleaner
2014-09-27 17:01 - 2014-09-27 17:02 - 01373475 _____ () C:\Users\Rebekah\Desktop\AdwCleaner.exe
2014-09-27 12:04 - 2014-09-27 12:04 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Rebekah\Desktop\tdsskiller.exe
2014-09-27 11:36 - 2014-09-27 12:01 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-27 11:35 - 2014-09-27 12:01 - 00000000 ____D () C:\Users\Rebekah\Desktop\mbar
2014-09-27 11:34 - 2014-09-27 11:34 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Rebekah\Downloads\mbar-1.07.0.1012.exe
2014-09-27 11:03 - 2014-09-28 13:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-27 11:03 - 2014-09-27 11:35 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-27 11:03 - 2014-09-27 11:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-27 11:03 - 2014-09-27 11:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-27 11:03 - 2014-09-27 11:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-27 11:03 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-27 11:03 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-27 10:57 - 2014-09-27 10:57 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Rebekah\Desktop\mbam-clean-2.1.1.1001.exe
2014-09-27 10:48 - 2014-09-27 10:49 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Rebekah\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-26 23:07 - 2014-09-26 23:07 - 00000000 _____ () C:\autoexec.bat
2014-09-26 23:05 - 2014-09-26 23:05 - 00003338 _____ () C:\Windows\System32\Tasks\SpyHunter4Startup
2014-09-26 23:05 - 2012-06-22 11:01 - 00022704 _____ () C:\Windows\system32\Drivers\EsgScanner.sys
2014-09-26 23:04 - 2014-09-26 23:04 - 00002264 _____ () C:\Users\Rebekah\Desktop\SpyHunter.lnk
2014-09-26 23:04 - 2014-09-26 23:04 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-09-26 23:04 - 2014-09-26 23:04 - 00000000 ____D () C:\sh4ldr
2014-09-26 23:04 - 2014-09-26 23:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-26 22:58 - 2014-09-26 23:04 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-26 22:29 - 2014-09-26 22:30 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Rebekah\Downloads\SpyHunter-Installer.exe
2014-09-26 22:27 - 2014-09-26 22:28 - 05472344 _____ () C:\Users\Rebekah\Downloads\RogueKillerX64 (1).exe
2014-09-26 22:08 - 2014-09-26 22:29 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-09-22 18:49 - 2014-09-26 19:46 - 00000000 ____D () C:\EEK
2014-09-21 23:35 - 2014-09-26 19:46 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-21 22:50 - 2014-09-26 22:08 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-21 22:28 - 2014-09-21 22:28 - 05451352 _____ () C:\Users\Rebekah\Downloads\RogueKillerX64.exe
2014-09-21 21:17 - 2014-09-26 18:14 - 00002660 _____ () C:\Users\Rebekah\Desktop\Rkill.txt
2014-09-11 20:12 - 2014-09-11 20:55 - 00000000 ____D () C:\Users\Rebekah\Desktop\olaf hajek
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-28 18:52 - 2011-02-09 17:40 - 01599565 _____ () C:\Windows\WindowsUpdate.log
2014-09-28 18:39 - 2011-02-24 23:48 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-28 18:35 - 2011-02-15 23:58 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-28 18:25 - 2011-02-15 23:51 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001UA.job
2014-09-28 18:20 - 2013-03-27 21:15 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-28 17:37 - 2012-07-09 23:27 - 00000936 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001UA.job
2014-09-28 17:37 - 2012-07-09 23:27 - 00000914 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001Core.job
2014-09-28 14:10 - 2009-07-14 00:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-28 14:10 - 2009-07-14 00:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-28 14:03 - 2011-02-15 23:58 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Digsby
2014-09-28 13:58 - 2011-02-24 23:48 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-28 13:58 - 2011-02-15 23:45 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\SoftThinks
2014-09-28 13:58 - 2011-02-09 18:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-09-28 13:58 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-28 13:57 - 2011-02-09 17:59 - 00182880 _____ () C:\Windows\PFRO.log
2014-09-28 13:57 - 2009-07-14 00:51 - 00084658 _____ () C:\Windows\setupact.log
2014-09-28 02:02 - 2011-02-16 12:20 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Adobe
2014-09-27 23:25 - 2011-02-15 23:51 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001Core.job
2014-09-27 20:32 - 2011-02-24 23:48 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-27 20:20 - 2013-03-27 21:15 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-27 20:20 - 2013-03-27 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-27 20:20 - 2013-03-27 21:15 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-27 17:27 - 2011-02-28 13:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-27 12:14 - 2011-02-09 17:56 - 00000000 ____D () C:\ProgramData\Sonic
2014-09-27 00:52 - 2011-10-13 07:17 - 00002592 _____ () C:\Users\Guest\Desktop\Google Chrome.lnk
2014-09-26 22:06 - 2014-07-15 18:22 - 00000000 ____D () C:\Users\Rebekah\Desktop\asadi booklet 7-15-14 Folder
2014-09-26 22:03 - 2011-06-25 19:18 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\uTorrent
2014-09-26 19:50 - 2011-02-15 22:43 - 00000000 ____D () C:\Users\Rebekah
2014-09-26 19:47 - 2014-05-17 16:49 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-26 19:47 - 2013-04-18 19:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-09-26 19:47 - 2013-01-15 00:20 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-09-26 19:47 - 2012-10-23 14:22 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\puush
2014-09-26 19:47 - 2011-10-13 07:13 - 00000000 ____D () C:\Users\Guest
2014-09-26 19:47 - 2011-07-06 20:27 - 00000000 ____D () C:\Users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Music Manager
2014-09-26 19:47 - 2011-02-16 13:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\servicing
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\schemas
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2014-09-26 19:47 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-26 19:45 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2014-09-26 18:51 - 2011-02-15 23:50 - 00000000 ____D () C:\Users\Rebekah\AppData\Local\Deployment
2014-09-21 15:25 - 2013-11-26 06:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-03 08:03 - 2014-03-31 09:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-03 08:03 - 2013-09-27 22:21 - 00000927 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
 
Files to move or delete:
====================
C:\Users\Rebekah\CTX.DAT
C:\Users\Rebekah\XobniSetup.exe
 
 
Some content of TEMP:
====================
C:\Users\Rebekah\AppData\Local\Temp\avguidx.dll
C:\Users\Rebekah\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Rebekah\AppData\Local\Temp\converter.exe
C:\Users\Rebekah\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Rebekah\AppData\Local\Temp\iGearedHelper.dll
C:\Users\Rebekah\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-6u38-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Rebekah\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Rebekah\AppData\Local\Temp\MSN14D9.exe
C:\Users\Rebekah\AppData\Local\Temp\mssinstaller.exe
C:\Users\Rebekah\AppData\Local\Temp\ose00000.exe
C:\Users\Rebekah\AppData\Local\Temp\Quarantine.exe
C:\Users\Rebekah\AppData\Local\Temp\SHSetup.exe
C:\Users\Rebekah\AppData\Local\Temp\SpotifyUpgrader.exe
C:\Users\Rebekah\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Rebekah\AppData\Local\Temp\ToolbarInstaller.exe
C:\Users\Rebekah\AppData\Local\Temp\vlc-2.0.4-win32.exe
C:\Users\Rebekah\AppData\Local\Temp\wmpfirefoxplugin.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 00:47
 
==================== End Of Log ============================


#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 30 September 2014 - 02:02 PM

Please do this next:

icon11.gif  Download Combofix from HERE, and save it to your desktop.  

**Note:  It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.

  • If you have trouble, stop and post back.  Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Note: If after running ComboFix you receive a message stating, "Illegal Operation Attempted on a registry key that has been marked for deletion" rebooting your computer will resolve the problem.

Please include the following in your next post:
  • ComboFix log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 30 September 2014 - 07:51 PM

I'm not sure how long it's supposed to take to run, but I started running combofix an hour ago and it seems to be hung up at the stage of creating a restore point. Should I restart my computer and try again?



#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 01 October 2014 - 10:24 AM

Try running it from the safe mode.


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 01 October 2014 - 06:58 PM

That worked. Here is the log file:

 

ComboFix 14-09-29.02 - Rebekah 10/01/2014  19:29:24.1.4 - x64 NETWORK
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3895.1968 [GMT -4:00]
Running from: c:\users\Rebekah\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Rebekah\AppData\Local\assembly\tmp
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-01 to 2014-10-01  )))))))))))))))))))))))))))))))
.
.
2014-10-01 23:42 . 2014-10-01 23:42 -------- d-----w- c:\users\Guest\AppData\Local\temp
2014-10-01 23:42 . 2014-10-01 23:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-28 22:54 . 2014-09-28 23:05 -------- d-----w- C:\FRST
2014-09-28 04:46 . 2014-09-15 06:08 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CA7674A8-6C4C-42FD-8EFC-CEAD3B99796B}\mpengine.dll
2014-09-28 04:46 . 2014-09-15 13:06 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-27 21:59 . 2014-09-27 21:59 -------- d-----w- c:\windows\ERUNT
2014-09-27 21:10 . 2010-08-30 12:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-09-27 21:09 . 2014-09-27 21:51 -------- d-----w- C:\AdwCleaner
2014-09-27 15:36 . 2014-09-27 16:01 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-09-27 15:03 . 2014-09-28 17:26 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-27 15:03 . 2014-09-27 15:35 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-09-27 15:03 . 2014-05-12 11:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-09-27 15:03 . 2014-05-12 11:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-27 15:03 . 2014-09-27 15:03 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-09-27 15:03 . 2014-09-27 15:03 -------- d-----w- c:\programdata\Malwarebytes
2014-09-27 03:05 . 2012-06-22 15:01 22704 ----a-w- c:\windows\system32\drivers\EsgScanner.sys
2014-09-27 03:04 . 2014-09-27 03:04 110080 ----a-r- c:\users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconF7A21AF7.exe
2014-09-27 03:04 . 2014-09-27 03:04 110080 ----a-r- c:\users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\IconD7F16134.exe
2014-09-27 03:04 . 2014-09-27 03:04 110080 ----a-r- c:\users\Rebekah\AppData\Roaming\Microsoft\Installer\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}\Icon1226A4C5.exe
2014-09-27 03:04 . 2014-09-27 03:04 -------- d-----w- C:\sh4ldr
2014-09-27 03:04 . 2014-09-27 03:04 -------- d-----w- c:\program files\Enigma Software Group
2014-09-27 02:58 . 2014-09-27 03:04 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-27 02:58 . 2014-09-27 02:58 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-09-27 02:08 . 2014-09-27 02:29 37624 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2014-09-22 22:49 . 2014-09-26 23:46 -------- d-----w- C:\EEK
2014-09-22 03:35 . 2014-09-26 23:46 -------- d-----w- c:\programdata\HitmanPro
2014-09-22 02:50 . 2014-09-27 02:08 -------- d-----w- c:\programdata\RogueKiller
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-28 00:20 . 2013-03-28 01:15 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-28 00:20 . 2013-03-28 01:15 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-03 22:49 . 2012-07-21 15:21 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-11 21:16 . 2012-09-04 04:28 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-11 07:02 . 2014-07-19 17:28 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"puush"="c:\program files (x86)\puush\puush.exe" [2013-07-14 567880]
"MusicManager"="c:\users\Rebekah\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2014-07-22 7631872]
"Amazon Cloud Player"="c:\users\Rebekah\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe" [2014-03-07 3168576]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-06-08 284696]
"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-09-04 240112]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-02 522736]
"NVC"="c:\program files (x86)\Nortel\Nortel VPN Client\Nvc.exe" [2010-03-01 1717584]
"Adobe Photo Downloader"="c:\progra~2\Adobe\apdproxy.exe" [2006-09-14 61440]
"Acrobat Assistant 8.0"="c:\progra~2\Adobe\Acrobat\Acrotray.exe" [2006-10-23 620152]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"="c:\program files (x86)\Google\Gmail Notifier\gnotify.exe" [2005-07-15 479232]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-12-19 2239376]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2013-12-12 707472]
"Fitbit Connect"="c:\program files (x86)\Fitbit Connect\Fitbit Connect.exe" [2014-05-19 3414560]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-10 559616]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Rebekah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Amazon Cloud Drive.appref-ms [2013-6-5 408]
Digsby.lnk - c:\program files (x86)\Digsby\digsby.exe [2010-3-3 141488]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2011-4-27 973824]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2013-1-15 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys;c:\windows\SYSNATIVE\DRIVERS\acsock64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [x]
R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms;c:\program files\dell support center\pcdsrvc_x64.pkms [x]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};Power Control [2011/02/09 16:11];c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl;c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvcSvcMgr;Nortel VPN Client;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe;c:\program files (x86)\Nortel\Nortel VPN Client\NvcSvcMgr.exe [x]
S2 nvcwfpco;nvcwfpco;c:\windows\system32\DRIVERS\nvcwfpco.sys;c:\windows\SYSNATIVE\DRIVERS\nvcwfpco.sys [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [x]
S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NT_NvcA;Nortel VPN Adapter;c:\windows\system32\DRIVERS\ntnvca.sys;c:\windows\SYSNATIVE\DRIVERS\ntnvca.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - AVGTP
*NewlyCreated* - NPF
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-28 00:32 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-28 00:20]
.
2014-10-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001Core.job
- c:\users\Rebekah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-10 21:32]
.
2014-10-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001UA.job
- c:\users\Rebekah\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-10 21:32]
.
2014-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 03:51]
.
2014-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-25 03:51]
.
2014-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001Core.job
- c:\users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 03:51]
.
2014-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1687653752-2044026659-2788394353-1001UA.job
- c:\users\Rebekah\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-16 03:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-12-13 17:20 3359600 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-08-08 14:34 777032 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-07 415256]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-06-18 487424]
"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-03 5712896]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-01-25 1802472]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-12-10 472984]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: Append to existing PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\progra~2\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\program files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0]
"ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{9D425283-D487-4337-BAB6-AB8354A81457}"=hex:51,66,7a,6c,4c,1d,38,12,ed,51,51,
   99,b5,9a,59,06,c5,a0,e8,c3,51,f6,50,43
"{95B7759C-8C7F-4BF1-B163-73684A933233}"=hex:51,66,7a,6c,4c,1d,38,12,f2,76,a4,
   91,4d,c2,9f,0e,ce,75,30,28,4f,cd,76,27
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}"=hex:51,66,7a,6c,4c,1d,38,12,7c,f0,b1,
   38,5c,21,3d,0e,d9,78,0d,25,e1,c9,8c,d4
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,
   9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
   b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
   df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:f4,de,39,89,4b,26,cd,01
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\progra~2\Adobe\PhotoshopElementsFileAgent.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\CTsvcCDA.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Completion time: 2014-10-01  19:54:12 - machine was rebooted
ComboFix-quarantined-files.txt  2014-10-01 23:54
.
Pre-Run: 194,333,478,912 bytes free
Post-Run: 199,396,929,536 bytes free
.
- - End Of File - - 04EEC0D124FD0772AFB10E79C350FEA7


#12 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 02 October 2014 - 12:33 PM

Please do this next:

icon11.gif  Open Malwarebytes AntiMalware (MBAM)

  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


icon11.gif   Run adwCleaner again:
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

Please include the following in your next post:
  • MBAM log
  • adwCleaner log


Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#13 chuchi

chuchi
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 October 2014 - 07:29 PM

MBAM log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/2/2014
Scan Time: 7:11:15 PM
Logfile: 
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.10.02.10
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rebekah
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 375545
Time Elapsed: 57 min, 21 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
AdwCleaner log:
 
# AdwCleaner v3.311 - Report created 02/10/2014 at 20:21:12
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rebekah - REBEKAH-PC
# Running from : C:\Users\Rebekah\Desktop\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Found : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\Extensions\niloccemoadcdkdjlinkgdfekeahmflj
Folder Found : C:\Users\Rebekah\Documents\Updater
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17207
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Rebekah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11963 octets] - [27/09/2014 17:09:29]
AdwCleaner[R1].txt - [1379 octets] - [27/09/2014 17:24:09]
AdwCleaner[R2].txt - [1195 octets] - [27/09/2014 17:49:40]
AdwCleaner[R3].txt - [1118 octets] - [02/10/2014 20:21:12]
AdwCleaner[S0].txt - [13516 octets] - [27/09/2014 17:16:54]
AdwCleaner[S1].txt - [3191 octets] - [27/09/2014 17:29:57]
AdwCleaner[S2].txt - [1257 octets] - [27/09/2014 17:51:57]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1359 octets] ##########
 


#14 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:14 PM

Posted 04 October 2014 - 10:36 AM

How is your computer running now? Please do this next:
 
icon11.gif  Go here to run an online scannner from ESET. Windows Vista/Windows 7 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator
  • Note: For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
  • Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
  •  
    Please include the following in your next post:
    • How is your computer running now?
  • ESET log

  • Threads are closed after 5 days of inactivity.

    ASAP & UNITE Member


    The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


    #15 chuchi

    chuchi
    • Topic Starter

    • Members
    • 9 posts
    • OFFLINE
    •  
    • Local time:08:14 PM

    Posted 05 October 2014 - 12:40 AM

    the audio ads and  choppy sound have stopped, which is definitely a step in the right direction. Chrome seems to be running slower and using a lot more RAM than before, but I'm not sure if that's related. Here is the log from ESET:

     

     

    C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Toolbar\SearchToolbarUpdater.exe.vir Win32/Toolbar.Zugo potentially unwanted application
    C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe a variant of Win32/Systweak potentially unwanted application
    C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\UpdateWorkingDirectory\DSL\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Users\Rebekah\Downloads\CuteWriter.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application
    C:\Users\Rebekah\Downloads\Exhilarate - The Ultimate Zumba Fitness DVD Experience (2011) (V_secure.exe Win32/TopMedia.A potentially unwanted application
    C:\Users\Rebekah\Downloads\InstallFreeRARExtractFrog.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users