Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

dllhost.exe *32 using memory - multiple instances


  • This topic is locked This topic is locked
12 replies to this topic

#1 alfadreamer1

alfadreamer1

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 28 October 2014 - 10:32 AM

Thanks for your help.  I see a lot of posts concerning this issue.  Last week, I think after some windows updates I noticed that I have several dllhost.exe*32 processes running.  It seems to start only after I open windows explorer, or a list of files.  Then my norton will start informing me of blocked trojans and sometimes I get an error about Powershell not responding.  But at that point the dllhost.exe*32 has created several instances of itself and my CPU usage and memory start reaching 90%.  I have run Norton power eraser which found a file but it was not able to remove it.  I thnk the name was rbutil?, but I am not sure. 

 

I have run the DDS program, and it is pasted below as well as the attached, file.  I am not very proficient with the actual operating system and making changes, so please keep that in mind.  I will do my best to follow your instructions.

 

I am running Windows 7 64 bit and internet explorer 10.

 

Thank you and let me know if you need further information.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.17116
Run by ASAP Consulting at 9:09:36 on 2014-10-28
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4002.675 [GMT -6:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\CmgShieldSvc.exe
C:\Windows\system32\EMSService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\msdtc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
C:\Windows\System32\EmsServiceHelper.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\system32\DRIVERS\o2flash.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\syswow64\dllhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://start.roboform.com/
uSearch Bar = Preserve
mWinlogon: Userinit = userinit.exe
BHO: CtxIEInterceptorBHO Class: {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} - C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\urlredir.dll
BHO: Constant Guard Protection Suite: {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll
TB: &RoboForm Toolbar: {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [DellSystemDetect] C:\Users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
uRunOnce: [Uninstall C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
uRunOnce: [Uninstall C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
StartupFolder: C:\Users\ASAPCO~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SENDTO~1.LNK - C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\INTUIT~1.LNK - C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~2.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableCAD = dword:1
IE: Customize Menu - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\onbttnie.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
Trusted Zone: dell.com
Trusted Zone: dla.mil
TCP: NameServer = 192.168.128.1
TCP: Interfaces\{8A75953E-76CD-4444-B65D-794802B887EF} : DHCPNameServer = 192.168.128.1
TCP: Interfaces\{8A75953E-76CD-4444-B65D-794802B887EF}\255637964656E6365694E6E6F57455543545 : DHCPNameServer = 172.20.1.1
TCP: Interfaces\{8A75953E-76CD-4444-B65D-794802B887EF}\478656362716967637 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8A75953E-76CD-4444-B65D-794802B887EF}\55E4944554D234332454 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{8A75953E-76CD-4444-B65D-794802B887EF}\6365F44543 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E97F1482-5737-4CCD-935E-FC6539FED07F} : DHCPNameServer = 172.20.10.1
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\urlredir.dll
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
x64-TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe /s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4P1
x64-Run: [WavesSvc] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
x64-Run: [RtHDVBg_PushButton] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [BLEServicesCtrl] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
x64-Run: [Logitech Download Assistant] C:\Windows\System32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [CSFTrayApp] "C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" showtraymin
x64-Run: [LocalSecurityAgent] C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe
x64-Run: [EmsService] EmsServiceHelper.exe
x64-Run: [IntelPROSet] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PROSet/Wireless
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\onbttnie.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ochelper.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - <orphaned>
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.roboform.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\extensions\2020Player_IKEA@2020Technologies.com\plugins\NP_2020Player_IKEA.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll
.
============= SERVICES / DRIVERS ===============
.
R0 cmgfve;cmgfve;C:\Windows\System32\drivers\cmgfve.sys [2013-10-31 197920]
R0 CmgHiber;CmgHiber;C:\Windows\System32\drivers\CmgHiber.sys [2013-10-31 131360]
R0 CmgPCS;Credant PCS;C:\Windows\System32\drivers\CmgPCS.sys [2013-10-31 157984]
R0 CmgShieldFFE;CmgShieldFFE;C:\Windows\System32\drivers\CmgFFE.sys [2013-10-31 388384]
R0 CredFltL;CredFltL;C:\Windows\System32\drivers\CredFltL.sys [2013-12-14 34048]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-10-26 677360]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-10-26 28656]
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-10-26 20464]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2013-10-26 22128]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-27 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-27 1148120]
R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2013-12-13 49752]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-27 162392]
R1 CMGShieldReg;CMGShieldReg;C:\Windows\System32\drivers\CmgShREG.sys [2013-10-31 76064]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2012-2-14 93272]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSviA64.sys [2014-10-24 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-27 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-27 593112]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2013-6-25 1132920]
R2 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2013-4-23 1366392]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2013-4-23 1153400]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2014-2-26 2436280]
R2 CMGShield;CMGShield;C:\Windows\System32\CmgShieldSvc.exe [2013-10-31 6713216]
R2 Dell.PowerManager.Service;Dell.PowerManager.Service;C:\Windows\System32\dllhost.exe [2009-7-13 9728]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-4-10 202248]
R2 DellEntitlement;Dell Entitlement Service;C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe [2013-12-14 324480]
R2 DellMgmtAgent;Dell Management Agent Service;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [2013-10-31 247136]
R2 DellMgmtLoader;Dell Security Framework Loader;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [2013-10-31 26464]
R2 DellMgmtServer;DELL Security Framework Local Server;C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [2013-10-31 33632]
R2 EMS;EMS;C:\Windows\System32\EmsService.exe [2013-10-31 1938304]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-5-29 15344]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2014-9-22 40240]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-5-11 733696]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2013-1-3 183200]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-10-26 169432]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-10-27 265040]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2012-3-9 1248256]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-10-26 223816]
R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2014-1-17 3816176]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2014-2-28 245760]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2013-4-23 132920]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2013-8-8 1385272]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2013-10-26 176096]
R3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2014-8-14 489752]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-10-27 142640]
R3 ibtusb;Intel® Wireless Bluetooth® 4.0 + HS Adapter;C:\Windows\System32\drivers\ibtusb.sys [2013-6-13 114632]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-10-26 368112]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-10-26 786416]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2013-11-11 25528]
R3 O2FJ2RDR;O2FJ2RDR;C:\Windows\System32\drivers\O2FJ2w7x64.sys [2013-10-26 185760]
R3 ST_Accel;STMicroelectronics Accelerometer Service;C:\Windows\System32\drivers\ST_Accel.sys [2013-10-26 89312]
R3 usb3Hub;UoIP Hub;C:\Windows\System32\drivers\usb3Hub.sys [2013-6-20 206744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-10-26 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 GemCCID;GemCCID;C:\Windows\System32\drivers\GemCCID.sys [2014-3-14 130688]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2013-11-11 35256]
S3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-10-26 452088]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-5-11 822232]
S3 InvProtectDrv;InvProtectDrv;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [2013-7-30 34824]
S3 InvProtectSvc;Invincea Enterprise Service;C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2013-7-30 2947856]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2014-1-17 284912]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 netvsc;netvsc;C:\Windows\System32\drivers\netvsc60.sys [2010-11-21 168448]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-10-24 19456]
S3 SboxDrv;SboxDrv;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [2013-7-30 202248]
S3 SboxSvc;SboxSvc;C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [2013-7-30 124616]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SynthVid;SynthVid;C:\Windows\System32\drivers\VMBusVideoM.sys [2010-11-21 22528]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2013-7-30 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-10-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2014-10-24 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-7-28 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-12-14 1255736]
S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]
.
=============== Created Last 30 ================
.
2014-10-27 15:49:40    --------    d-----w-    C:\Users\ASAP Consulting\AppData\Local\NPE
2014-10-27 15:16:46    --------    d-----w-    C:\NPE
2014-10-27 14:39:30    876248    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-10-27 14:39:30    593112    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-10-27 14:39:30    493656    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-10-27 14:39:30    37592    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-10-27 14:39:30    266968    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-10-27 14:39:30    23568    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-10-27 14:39:30    162392    ----a-r-    C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-10-27 14:39:30    1148120    ----a-w-    C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-10-27 14:39:14    --------    d-----w-    C:\Windows\System32\drivers\N360x64\1506000.020
2014-10-27 13:34:47    177752    ----a-w-    C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2014-10-27 13:34:46    --------    d-----w-    C:\Program Files\Common Files\Symantec Shared
2014-10-27 13:32:05    --------    d-----w-    C:\Windows\System32\drivers\N360x64
2014-10-27 13:32:02    --------    d-----w-    C:\Program Files (x86)\Norton Security Suite
2014-10-27 13:31:55    --------    d-----w-    C:\Program Files (x86)\NortonInstaller
2014-10-24 15:41:48    3179520    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-10-24 15:41:47    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-10-24 15:41:18    6584320    ----a-w-    C:\Windows\System32\mstscax.dll
2014-10-24 15:41:18    5703168    ----a-w-    C:\Windows\SysWow64\mstscax.dll
2014-10-24 15:15:32    30208    ----a-w-    C:\Windows\System32\drivers\TsUsbGD.sys
2014-10-24 15:15:32    19456    ----a-w-    C:\Windows\System32\drivers\rdpvideominiport.sys
2014-10-24 15:15:31    243200    ----a-w-    C:\Windows\System32\rdpudd.dll
2014-10-24 15:15:31    228864    ----a-w-    C:\Windows\System32\rdpendp_winip.dll
2014-10-24 15:15:31    192000    ----a-w-    C:\Windows\SysWow64\rdpendp_winip.dll
2014-10-22 13:39:24    --------    d-----w-    C:\Program Files\Carbonite
2014-10-22 13:39:10    --------    d-----w-    C:\ProgramData\Carbonite
2014-10-22 13:39:10    --------    d-----w-    C:\Program Files (x86)\Carbonite
2014-10-17 12:53:43    --------    d-----w-    C:\Users\ASAP Consulting\AppData\Local\Adobe
2014-10-15 13:19:47    507392    ----a-w-    C:\Windows\System32\aepdu.dll
2014-10-08 01:23:47    --------    d-----w-    C:\Users\ASAP Consulting\AppData\Local\Intel_Corporation
2014-10-04 20:29:02    --------    d-----w-    C:\Program Files\iPod
2014-10-04 20:28:59    --------    d-----w-    C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-04 20:28:59    --------    d-----w-    C:\Program Files\iTunes
2014-10-04 20:28:59    --------    d-----w-    C:\Program Files (x86)\iTunes
2014-10-01 12:46:07    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2014-10-01 12:46:07    371712    ----a-w-    C:\Windows\System32\qdvd.dll
.
==================== Find3M  ====================
.
2014-10-17 12:55:23    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 12:55:23    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-10-16 12:11:26    49752    ----a-w-    C:\Windows\System32\drivers\AntiLog64.sys
2014-10-10 02:05:59    276480    ----a-w-    C:\Windows\System32\generaltel.dll
2014-10-10 02:00:38    424448    ----a-w-    C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-09-20 05:17:42    2236928    ----a-w-    C:\Windows\System32\wininet.dll
2014-09-20 05:16:11    3959296    ----a-w-    C:\Windows\System32\jscript9.dll
2014-09-20 05:16:07    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2014-09-20 05:16:07    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2014-09-20 05:15:22    1508864    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-09-20 03:57:57    1762816    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-09-20 03:57:04    2861568    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-09-20 03:57:01    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-09-20 03:57:01    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2014-09-20 03:56:33    1440768    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-09-20 03:38:36    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-09-20 03:33:44    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-09-20 02:43:32    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2014-09-20 02:35:33    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2014-09-18 02:00:42    3241472    ----a-w-    C:\Windows\System32\msi.dll
2014-09-18 01:32:52    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18    77312    ----a-w-    C:\Windows\System32\packager.dll
2014-09-13 01:40:05    67072    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-09-12 14:51:28    829264    ----a-w-    C:\Windows\System32\msvcr100.dll
2014-09-12 14:51:28    608080    ----a-w-    C:\Windows\System32\msvcp100.dll
2014-09-12 14:03:40    773968    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2014-09-12 14:03:40    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2014-09-09 22:11:04    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-09-09 21:47:10    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-09-04 05:04:15    372736    ----a-w-    C:\Windows\SysWow64\rastls.dll
2014-08-23 02:07:00    404480    ----a-w-    C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55    311808    ----a-w-    C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28    693176    ----a-w-    C:\Windows\System32\winload.efi
2014-08-19 03:10:10    616352    ----a-w-    C:\Windows\System32\winresume.efi
2014-08-19 03:08:04    503808    ----a-w-    C:\Windows\System32\srcore.dll
2014-08-19 03:08:04    50176    ----a-w-    C:\Windows\System32\srclient.dll
2014-08-19 03:08:03    63488    ----a-w-    C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51    58880    ----a-w-    C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51    32256    ----a-w-    C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33    296960    ----a-w-    C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11    17920    ----a-w-    C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11    146944    ----a-w-    C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39    43008    ----a-w-    C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22    50688    ----a-w-    C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56    61440    ----a-w-    C:\Windows\System32\drivers\appid.sys
2014-08-15 00:12:06    85808    ----a-w-    C:\Windows\System32\NicInstD.dll
2014-08-15 00:12:04    73512    ----a-w-    C:\Windows\System32\e1dmsg.dll
2014-08-15 00:12:04    489752    ----a-w-    C:\Windows\System32\drivers\e1d62x64.sys
2014-08-15 00:12:04    125728    ----a-w-    C:\Windows\System32\NicCo4.dll
2014-08-01 11:53:22    1031168    ----a-w-    C:\Windows\System32\TSWorkspace.dll
2014-08-01 11:35:06    793600    ----a-w-    C:\Windows\SysWow64\TSWorkspace.dll
2009-05-21 19:32:58    45056    ----a-w-    C:\Program Files (x86)\Common Files\Period20.dll
2009-05-21 19:32:56    24576    ----a-w-    C:\Program Files (x86)\Common Files\Artes32X.dll
2009-05-21 19:32:54    24576    ----a-w-    C:\Program Files (x86)\Common Files\ACTripsLog.dll
.
============= FINISH:  9:11:16.87 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 28 October 2014 - 02:19 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 alfadreamer1

alfadreamer1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 28 October 2014 - 02:56 PM

Hi Jürgen,

Thank you for your quick response to my problem.  I have pasted the results from the FRST program below.

 

FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by ASAP Consulting (administrator) on ASAPCONSULTING on 28-10-2014 13:38:57
Running from C:\Users\ASAP Consulting\Desktop
Loaded Profile: ASAP Consulting (Available profiles: ASAP Consulting & Bill Craig)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc.) C:\Windows\System32\CmgShieldSvc.exe
(Dell Inc.) C:\Windows\System32\EmsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Dell Inc.) C:\Windows\System32\EmsServiceHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Dell) C:\Users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-29] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [230752 2013-10-31] ()
HKLM\...\Run: [LocalSecurityAgent] => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe [32128 2013-10-31] (Dell Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3229568 2013-10-31] (Dell Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel® Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-17] (Siber Systems)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [DellSystemDetect] => C:\Users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-25] (Dell)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\RunOnce: [Uninstall C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\RunOnce: [Uninstall C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\ASAP Consulting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [CmgEncOverlay] -> {7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll (Dell Inc.)
ShellIconOverlayIdentifiers: [CmgGhostOverlay] -> {74CD2AE0-8208-424C-8A4B-6670FE358620} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll (Dell Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com/
SearchScopes: HKLM - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL =
SearchScopes: HKCU - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CtxIEInterceptorBHO Class -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.128.1

FireFox:
========
FF ProfilePath: C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default
FF Homepage: hxxp://start.roboform.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-08-22]
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\idvaultaddon@whitesky [2014-10-22]
FF Extension: No Name - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\temp [2014-10-17]
FF Extension: DownloadHelper - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-04-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-28]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22]
CHR Extension: (Norton Identity Safe) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-04-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CMGShield; C:\Windows\system32\CmgShieldSvc.exe [6713216 2013-10-31] (Dell Inc.)
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
R2 Dell.PowerManager.Service; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 DellEntitlement; C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe [324480 2013-12-14] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [247136 2013-10-31] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2013-10-31] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2013-10-31] (Dell, Inc.)
R2 EMS; C:\Windows\system32\EMSService.exe [1938304 2013-10-31] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-29] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-01] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-09] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-09] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-16] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R0 cmgfve; C:\Windows\System32\Drivers\cmgfve.sys [197920 2013-10-31] (Dell Inc.)
R0 CmgHiber; C:\Windows\System32\DRIVERS\CmgHiber.sys [131360 2013-10-31] (Dell Inc.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [157984 2013-10-31] (Dell Inc.)
R0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [388384 2013-10-31] (Dell Inc.)
R1 CMGShieldReg; C:\Windows\System32\DRIVERS\CmgShREG.sys [76064 2013-10-31] (Dell Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [34048 2013-10-31] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-26] (Symantec Corporation)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [130688 2014-03-14] (Gemalto)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-20] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [114632 2013-08-28] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-10-24] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2162648 2013-08-01] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.032\ENG64.SYS [129752 2014-10-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141027.032\EX64.SYS [2137304 2014-10-26] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2013-07-30] (The OpenVPN Project)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 13:38 - 2014-10-28 13:40 - 00039488 _____ () C:\Users\ASAP Consulting\Desktop\FRST.txt
2014-10-28 13:38 - 2014-10-28 13:39 - 00000000 ____D () C:\FRST
2014-10-28 13:38 - 2014-10-28 13:38 - 02113024 _____ (Farbar) C:\Users\ASAP Consulting\Desktop\frst64.exe
2014-10-28 13:35 - 2014-10-28 13:35 - 02113024 _____ (Farbar) C:\Users\ASAP Consulting\Downloads\FRST64.exe
2014-10-28 09:11 - 2014-10-28 09:11 - 00041291 _____ () C:\Users\ASAP Consulting\Desktop\dds.txt
2014-10-28 09:11 - 2014-10-28 09:11 - 00020607 _____ () C:\Users\ASAP Consulting\Desktop\attach.txt
2014-10-28 09:06 - 2014-10-28 09:05 - 00688992 ____R (Swearware) C:\Users\ASAP Consulting\Desktop\dds.com
2014-10-28 09:05 - 2014-10-28 09:05 - 00688992 _____ (Swearware) C:\Users\ASAP Consulting\Downloads\dds.com
2014-10-28 06:48 - 2014-10-28 06:49 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\ASAP Consulting\Downloads\cbSetup.exe
2014-10-27 14:03 - 2014-10-27 14:04 - 120400632 _____ (Microsoft Corporation) C:\Users\ASAP Consulting\Downloads\msert.exe
2014-10-27 13:42 - 2014-10-27 13:42 - 00007605 _____ () C:\Users\ASAP Consulting\AppData\Local\Resmon.ResmonCfg
2014-10-27 09:49 - 2014-10-27 11:29 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\NPE
2014-10-27 09:16 - 2014-10-27 09:58 - 00000000 ____D () C:\NPE
2014-10-27 09:13 - 2014-10-27 09:29 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\NPE
2014-10-27 09:13 - 2014-10-27 09:13 - 03060320 ____N (Symantec Corporation) C:\Users\Bill Craig\Downloads\NPE.exe
2014-10-27 09:07 - 2014-10-27 09:07 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-10-27 07:34 - 2014-10-27 09:02 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-27 07:34 - 2014-10-27 09:01 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-10-27 07:34 - 2014-10-27 07:34 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 07:34 - 2014-10-27 07:34 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 07:34 - 2014-10-27 07:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-27 07:32 - 2014-10-27 09:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-27 07:32 - 2014-10-27 09:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-27 07:32 - 2014-10-27 07:32 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-10-26 10:00 - 2014-10-26 10:00 - 01021632 _____ (Symantec Corporation) C:\Users\ASAP Consulting\Desktop\Norton_Download_Manager.exe
2014-10-26 09:58 - 2014-10-26 09:58 - 01021632 _____ (Symantec Corporation) C:\Users\ASAP Consulting\Downloads\Norton_Download_Manager.exe
2014-10-24 09:41 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-24 09:41 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-24 09:41 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-24 09:41 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 09:16 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-24 09:16 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 09:16 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 09:16 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-24 09:16 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-24 09:16 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-24 09:16 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-24 09:16 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-24 09:16 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 09:16 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 09:16 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-24 09:16 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-24 09:16 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 09:16 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-24 09:16 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 09:16 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-24 09:15 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-24 09:15 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-24 09:15 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-10-24 09:15 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-24 09:15 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-24 08:05 - 2014-10-24 08:05 - 00010342 _____ () C:\Users\ASAP Consulting\Downloads\Checking1.qfx
2014-10-22 15:21 - 2014-10-22 15:22 - 01358968 _____ () C:\Windows\Minidump\102214-26364-01.dmp
2014-10-22 14:31 - 2014-10-22 14:31 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Nitro
2014-10-22 14:31 - 2014-10-22 14:31 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\FileOpen
2014-10-22 14:23 - 2014-10-22 14:23 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Macromedia
2014-10-22 14:22 - 2014-10-22 14:24 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Google
2014-10-22 14:22 - 2014-10-22 14:22 - 00000000 ____D () C:\Users\Bill Craig\Documents\My RoboForm Data
2014-10-22 14:19 - 2014-10-22 14:19 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Intel Corporation
2014-10-22 14:18 - 2014-10-28 13:28 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ID Vault
2014-10-22 14:18 - 2014-10-26 10:35 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\ID Vault
2014-10-22 14:18 - 2014-10-22 14:22 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Google
2014-10-22 14:18 - 2014-10-22 14:18 - 00115888 _____ () C:\Users\Bill Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 14:18 - 2014-10-22 14:18 - 00001411 _____ () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ICAClient
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Creative
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ControlCenter4
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Apple Computer
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Adobe
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Zemana
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\White_Sky,_Inc
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Intuit
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Citrix
2014-10-22 14:17 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig
2014-10-22 14:17 - 2014-10-22 14:17 - 00000020 ___SH () C:\Users\Bill Craig\ntuser.ini
2014-10-22 14:17 - 2014-10-22 14:17 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Intel
2014-10-22 14:17 - 2014-10-22 14:17 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\VirtualStore
2014-10-22 14:17 - 2013-12-14 18:57 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Microsoft Help
2014-10-22 14:17 - 2013-12-13 08:43 - 00002098 _____ () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-10-22 14:17 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 14:17 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-22 07:39 - 2014-10-22 07:39 - 00004176 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2014-10-22 07:39 - 2014-10-22 07:39 - 00002130 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\ProgramData\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\Program Files\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\Program Files (x86)\Carbonite
2014-10-22 06:44 - 2014-10-22 06:56 - 374965967 _____ () C:\Users\ASAP Consulting\Downloads\openSAP_a4h1_Week_4_All_Videos_Slides.zip
2014-10-17 06:53 - 2014-10-17 06:55 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\Adobe
2014-10-15 07:20 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 07:20 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 07:20 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 07:20 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 07:20 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 07:20 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 07:20 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 07:20 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 07:20 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 07:20 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 07:20 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 07:20 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 07:20 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 07:20 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 07:20 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 07:20 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 07:20 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 07:20 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 07:20 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 07:20 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 07:20 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 07:20 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 07:20 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 07:20 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 07:20 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 07:20 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 07:20 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 07:19 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 07:19 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 07:19 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 07:19 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 07:19 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:19 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 07:19 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:19 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:19 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 07:19 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 07:19 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 07:19 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 07:19 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:19 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 07:19 - 2014-09-19 20:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 07:19 - 2014-09-19 20:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-15 07:19 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 07:19 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 07:19 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 07:19 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 07:19 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 07:19 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 07:19 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 07:19 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 07:19 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 07:19 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 07:19 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 07:19 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 13:48 - 2014-10-12 14:44 - 567936313 _____ () C:\Users\ASAP Consulting\Downloads\openSAP_a4h1_Week_3_All_Videos_Slides.zip
2014-10-07 19:23 - 2014-10-07 19:23 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\Intel_Corporation
2014-10-04 14:31 - 2014-10-04 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 14:29 - 2014-10-04 14:29 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-04 14:29 - 2014-10-04 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-04 14:29 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files\iPod
2014-10-04 14:28 - 2014-10-04 14:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-04 14:28 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files\iTunes
2014-10-04 14:28 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-03 11:54 - 2014-10-03 11:54 - 01235416 _____ () C:\Windows\Minidump\100314-21824-01.dmp
2014-10-01 06:46 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:46 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 12:46 - 2014-09-30 12:46 - 00000000 ____H () C:\Users\ASAP Consulting\Documents\Default.rdp
2014-09-30 12:24 - 2014-09-30 12:25 - 00000113 _____ () C:\Users\ASAP Consulting\Downloads\credentials.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 13:39 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 13:39 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 13:38 - 2009-07-13 23:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 13:35 - 2013-10-26 03:33 - 01883836 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 13:34 - 2013-12-13 07:54 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\ID Vault
2014-10-28 13:33 - 2014-02-17 15:26 - 00005038 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ASAPConsulting-ASAP Consulting ASAPConsulting
2014-10-28 13:32 - 2014-08-21 05:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 13:32 - 2013-12-26 14:43 - 00131072 ___SH () C:\CredSED.dat
2014-10-28 13:32 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 13:32 - 2009-07-13 22:51 - 00406167 _____ () C:\Windows\setupact.log
2014-10-28 13:32 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2014-10-28 13:16 - 2014-08-21 05:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 12:46 - 2013-10-26 01:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 11:47 - 2014-01-03 14:23 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Nitro PDF
2014-10-28 10:52 - 2013-12-14 16:37 - 00000000 ____D () C:\ProgramData\CREDANT
2014-10-28 09:36 - 2014-06-25 05:38 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-10-28 09:36 - 2013-12-13 07:54 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-10-28 09:33 - 2013-12-13 08:45 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\Outlook Files
2014-10-27 09:15 - 2010-11-20 21:47 - 01486104 _____ () C:\Windows\PFRO.log
2014-10-27 09:13 - 2013-12-13 08:03 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 08:57 - 2014-02-28 11:32 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-10-27 08:18 - 2013-12-13 08:03 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-27 08:16 - 2013-12-13 08:03 - 00001228 _____ () C:\Users\ASAP Consulting\Desktop\Norton Installation Files.lnk
2014-10-26 13:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 09:59 - 2013-12-13 08:00 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\ID Vault
2014-10-25 21:36 - 2013-12-26 17:20 - 00031913 _____ () C:\Windows\system32\Drivers\cmghbbtl.dat
2014-10-25 21:33 - 2013-12-26 17:20 - 00018955 _____ () C:\Windows\system32\Drivers\cmghbpm.dat
2014-10-25 18:21 - 2013-12-13 11:43 - 31791617 _____ () C:\Users\ASAP Consulting\quicken file.QDF
2014-10-25 18:20 - 2013-12-13 11:43 - 04951392 _____ () C:\Users\ASAP Consulting\quicken fileOFXLOG.DAT
2014-10-25 09:31 - 2013-12-14 16:33 - 00000390 __RSH () C:\ProgramData\ntuser.pol
2014-10-24 09:20 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 09:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 08:09 - 2013-12-18 06:32 - 31793152 _____ () C:\Users\ASAP Consulting\Desktop\quicken file.QDF-backup
2014-10-23 17:11 - 2014-08-21 05:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 17:11 - 2014-08-21 05:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 15:21 - 2014-04-14 07:18 - 907364908 _____ () C:\Windows\MEMORY.DMP
2014-10-22 15:21 - 2014-04-14 07:18 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 12:06 - 2014-04-21 07:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 10:11 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-21 09:06 - 2014-06-10 05:39 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-20 13:41 - 2013-12-13 08:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-17 10:23 - 2014-06-17 18:12 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\CrashDumps
2014-10-17 07:16 - 2014-08-21 05:59 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-17 06:57 - 2014-04-30 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-17 06:57 - 2013-12-16 14:42 - 00004180 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-10-17 06:57 - 2013-12-16 14:42 - 00003524 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-10-17 06:55 - 2013-10-26 01:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 06:55 - 2013-10-26 01:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 06:55 - 2013-10-26 01:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 06:11 - 2013-12-13 07:54 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-16 06:11 - 2013-12-13 07:54 - 00002203 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-10-16 06:11 - 2013-12-13 07:54 - 00002191 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-10-16 06:11 - 2013-12-13 07:54 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
2014-10-15 11:45 - 2009-07-13 22:45 - 00447648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 11:40 - 2014-04-30 08:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 11:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 11:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 11:22 - 2013-12-14 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 11:14 - 2013-12-14 17:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 14:47 - 2013-12-14 16:16 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\ALV Template
2014-10-14 06:51 - 2013-12-19 08:59 - 00000000 ____D () C:\Users\ASAP Consulting\BACKUP
2014-10-09 08:52 - 2013-10-26 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-09 08:51 - 2013-12-13 07:40 - 00000000 ____D () C:\ProgramData\softthinks
2014-10-09 08:06 - 2010-11-20 08:42 - 00000000 ____D () C:\Temp1234
2014-10-09 06:35 - 2014-06-10 05:54 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-10-08 09:16 - 2014-02-27 12:37 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-10-04 14:41 - 2013-12-13 13:01 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Apple Computer
2014-09-30 08:35 - 2013-12-14 16:16 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\ASAP Consulting
2014-09-29 12:20 - 2014-02-26 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

Files to move or delete:
====================
C:\Users\ASAP Consulting\quicken fileOFXLOG.DAT
C:\Users\ASAP Consulting\quicken fileOFXOLD.DAT


Some content of TEMP:
====================
C:\Users\ASAP Consulting\AppData\Local\Temp\_is11AC.exe
C:\Users\ASAP Consulting\AppData\Local\Temp\_is4C5.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 13:14

==================== End Of Log ============================

 

Addition Text file

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by ASAP Consulting at 2014-10-28 13:41:20
Running from C:\Users\ASAP Consulting\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARTES U.S. Version 6.10.0.8 (HKLM-x32\...\ARTES U.S.) (Version: ARTES U.S. Version 9.10.0.10 - )
AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.19.0 - Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.200.22 - Citrix Systems, Inc.)
CloudShare RDP Extension for IE (HKLM-x32\...\{4616558A-FE4D-4B8C-805A-5D2088062D68}) (Version: 1.1.0 - CloudShare Ltd.)
CmgMasterPrerequisites (x32 Version: 1.2.0.371 - Credant Technologies Inc.) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (Version: 8.2.0.1281 - Dell) Hidden
Dell Data Protection | Encryption (Version: 8.2.0.5761 - Dell Inc) Hidden
Dell Data Protection | Security Tools (x32 Version: 1.2.0.371 - Dell) Hidden
Dell Data Protection Installer (x32 Version: 1.2.0.446 - Dell) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1652 - Intel Corporation)
Intel® Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel)
Intel® Network Connections 18.1.59.00 (Version: 18.1.59.00 - Intel) Hidden
Intel® PRO/Wireless Driver (Version: 17.00.0000.1347 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.3) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.2.1000 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{724eb565-20e3-4d9a-ad54-d36d1da130e5}) (Version: 17.0.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.0.0332 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Visio Standard 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
RoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0041 - ST Microelectronics)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-10-2014 15:53:35 Windows Update
27-10-2014 15:23:37 Norton_Power_Eraser_20141027092334395
27-10-2014 17:16:07 Norton_Power_Eraser_20141027111541934
28-10-2014 12:55:13 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2009-06-10 15:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A454D4F-B417-4C2A-A9E6-6F5D070F97DD} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {14594FBF-0913-45D8-90D3-B34A7BF70B34} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {1AAAC2FE-43DD-43A0-947A-57FAEA781A0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {3805E1F5-BE8B-4CF6-AD27-EBBF441C6351} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3D746F90-78A7-48C3-9C9C-77B9F44F0FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {48904CBE-CA92-4774-A0D9-312B7033D4DC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {6B9F91C5-27DA-4F46-8B18-AB840EC6AC3E} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: {6E361D90-B346-4A76-88A7-BC6E059CDC87} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {777D07E6-174A-4D17-A893-7AF89C3DDB6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {7EF26DB4-E9E2-494A-9B97-70E5FAEF81E9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {919C6D3B-5A58-48FA-8DC6-7B5162FDE0F5} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKJHMGMMMJJJJMJNMCNJJNMHMLMCNLMMJLJNMCNHMGMMMLMCNNJOMKMNJJMOMJJOJLJKJMMNJJNJICMIMCNGMCNOMPMFMOMPMCNPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMMMPMLMJNHICMMJBJKJLIMJJNBJCMOLMKOLPKPNMLAJBJMIKIDJLIGJBJIJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMGMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {A53607BD-BE38-4F34-8AFC-6519E90BD840} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {B41E0715-2096-4807-AF17-9972B36F7549} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B5CFEBF6-39C1-4603-B940-ABC6E1980487} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-10-17] (Siber Systems)
Task: {BE36CB87-0BD0-44F3-82A8-67470D12C2FB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASAPConsulting-ASAP Consulting ASAPConsulting => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {C84DFB7B-042D-4C22-8776-5B6FE4C218F7} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {CFBD5273-71BA-486C-B394-2947661854F7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {DE7C0F05-1FE6-4341-A008-02AFF6948B09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {ECA76F24-0223-42E1-9742-A2C0316A4CBB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F7ECE9D5-9868-418A-9EB8-8112CDAC3039} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {FEE21177-FF13-4014-B376-1CC879B8B924} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {FF49DB9D-98A6-4EDA-8EEA-43DCB7A54F9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 22:52 - 2013-10-31 22:52 - 00051040 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DellMgmtNP.dll
2014-02-26 14:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-08-22 16:44 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-02-28 11:32 - 2005-04-21 22:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 02162016 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00025440 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00081760 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00061280 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00066912 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00034656 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00130400 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00635232 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00862048 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00700768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 01483104 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00230752 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2013-10-31 22:52 - 2013-10-31 22:52 - 00352096 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-02-04 00:42 - 2014-02-04 00:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2014-02-04 00:42 - 2014-02-04 00:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2014-02-04 00:42 - 2014-02-04 00:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-06-17 06:38 - 2014-09-23 06:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-02-28 11:31 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-25 06:49 - 2014-09-25 06:49 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-06-17 06:38 - 2014-09-23 06:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-10-26 01:49 - 2013-07-01 20:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3256
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3357
AlternateDataStreams: C:\Users\ASAP Consulting\Documents\launch.ica:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-71547050-2547732492-773883006-500 - Administrator - Disabled)
ASAP Consulting (S-1-5-21-71547050-2547732492-773883006-1000 - Administrator - Enabled) => C:\Users\ASAP Consulting
Bill Craig (S-1-5-21-71547050-2547732492-773883006-1003 - Administrator - Enabled) => C:\Users\Bill Craig
Guest (S-1-5-21-71547050-2547732492-773883006-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-71547050-2547732492-773883006-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/28/2014 01:33:31 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 01:32:42 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 01:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 11:55:36 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (10/28/2014 01:33:22 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/28/2014 01:33:10 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 01:32:57 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 01:32:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 01:32:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 01:32:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 01:25:41 PM) (Source: bowser) (EventID: 8003) (User: )
Description: The master browser has received a server announcement from the computer TONDASGA-I7PC
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8A75953E-76CD-4444-B65D-794802B887EF}.
The master browser is stopping or an election is being forced.

Error: (10/28/2014 11:55:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 11:55:16 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 11:55:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (10/28/2014 01:33:31 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 01:33:08 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 01:32:42 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 01:32:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (10/28/2014 11:55:36 AM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 11:55:17 AM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 78%
Total physical RAM: 4001.58 MB
Available physical RAM: 863.53 MB
Total Pagefile: 8001.34 MB
Available Pagefile: 3746.94 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.96 GB) (Free:276.74 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 28 October 2014 - 03:16 PM

Hi,

warning.gif Malware Warning

All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums from a CLEAN COMPUTER.
 

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 alfadreamer1

alfadreamer1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 28 October 2014 - 06:09 PM

Deeprybka,

I have run combo fix and below is the combofix text file.

 

Thanks,

ComboFix 14-10-27.01 - ASAP Consulting 10/28/2014  16:27:16.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.1.1033.18.4002.1328 [GMT -6:00]
Running from: c:\users\ASAP Consulting\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\GEARDIFx.exe
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxAPI.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DifXInst64.exe
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\DIFxInstallLog.txt
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspi64.dll
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\GEARAspiWDM.inf
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\gearaspiwdmx64.cat
c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69\x64\x64\GEARAspiWDM.sys
c:\programdata\PCDr\6426\AddOnDownloaded\8996ad0f-b495-44ab-a09b-997642f10f32.dll
c:\programdata\PCDr\6426\AddOnDownloaded\c234a47d-843f-4a61-889b-e1538e961da5.dll
c:\programdata\PCDr\6426\AddOnDownloaded\caac49ab-d9d8-4f29-a409-2a9a30ae62af.dll
c:\programdata\Roaming
c:\users\ASAP Consulting\GoToAssistDownloadHelper.exe
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
.
.
CLSID={AB8902B4-09CA-4bb6-B78D-A8F59079A8D5} - infected with Poweliks and removed.
You should verify if current CLSID data is correct:
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
    (Default)    REG_SZ    Thumbnail Cache Class Factory for Out of Proc Server
    AppID    REG_SZ    {AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}
.
HKEY_CLASSES_ROOT\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\InprocServer32
    (Default)    REG_SZ    c:\windows\system32\thumbcache.dll
    ThreadingModel    REG_SZ    Apartment
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-28 to 2014-10-28  )))))))))))))))))))))))))))))))
.
.
2014-10-28 22:52 . 2014-10-28 22:52    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-10-28 19:38 . 2014-10-28 19:43    --------    d-----w-    C:\FRST
2014-10-27 15:49 . 2014-10-27 17:29    --------    d-----w-    c:\users\ASAP Consulting\AppData\Local\NPE
2014-10-27 15:16 . 2014-10-27 15:58    --------    d-----w-    C:\NPE
2014-10-27 13:34 . 2014-10-27 13:34    177752    ----a-w-    c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-10-27 13:34 . 2014-10-27 13:34    --------    d-----w-    c:\program files\Common Files\Symantec Shared
2014-10-27 13:32 . 2014-10-27 15:02    --------    d-----w-    c:\windows\system32\drivers\N360x64
2014-10-27 13:32 . 2014-10-27 13:32    --------    d-----w-    c:\program files (x86)\Norton Security Suite
2014-10-27 13:31 . 2014-10-27 13:31    --------    d-----w-    c:\program files (x86)\NortonInstaller
2014-10-24 15:41 . 2014-08-29 02:07    3179520    ----a-w-    c:\windows\system32\rdpcorets.dll
2014-10-24 15:41 . 2014-05-08 09:32    16384    ----a-w-    c:\windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 15:41 . 2014-09-05 02:11    6584320    ----a-w-    c:\windows\system32\mstscax.dll
2014-10-24 15:41 . 2014-09-05 01:52    5703168    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-10-24 15:15 . 2012-08-23 14:10    19456    ----a-w-    c:\windows\system32\drivers\rdpvideominiport.sys
2014-10-24 15:15 . 2012-08-23 14:08    30208    ----a-w-    c:\windows\system32\drivers\TsUsbGD.sys
2014-10-24 15:15 . 2012-08-23 14:13    243200    ----a-w-    c:\windows\system32\rdpudd.dll
2014-10-24 15:15 . 2012-08-23 11:12    192000    ----a-w-    c:\windows\SysWow64\rdpendp_winip.dll
2014-10-24 15:15 . 2012-08-23 10:51    228864    ----a-w-    c:\windows\system32\rdpendp_winip.dll
2014-10-22 20:17 . 2014-10-22 20:18    --------    d-----w-    c:\users\Bill Craig
2014-10-22 13:39 . 2014-10-22 13:39    --------    d-----w-    c:\program files\Carbonite
2014-10-22 13:39 . 2014-10-22 13:39    --------    d-----w-    c:\programdata\Carbonite
2014-10-22 13:39 . 2014-10-22 13:39    --------    d-----w-    c:\program files (x86)\Carbonite
2014-10-17 12:53 . 2014-10-17 12:55    --------    d-----w-    c:\users\ASAP Consulting\AppData\Local\Adobe
2014-10-15 13:19 . 2014-10-10 02:05    276480    ----a-w-    c:\windows\system32\generaltel.dll
2014-10-08 01:23 . 2014-10-08 01:23    --------    d-----w-    c:\users\ASAP Consulting\AppData\Local\Intel_Corporation
2014-10-04 20:29 . 2014-10-04 20:29    --------    d-----w-    c:\program files\iPod
2014-10-04 20:28 . 2014-10-04 20:29    --------    d-----w-    c:\program files\iTunes
2014-10-04 20:28 . 2014-10-04 20:29    --------    d-----w-    c:\program files (x86)\iTunes
2014-10-01 12:46 . 2014-09-25 02:08    371712    ----a-w-    c:\windows\system32\qdvd.dll
2014-10-01 12:46 . 2014-09-25 01:40    519680    ----a-w-    c:\windows\SysWow64\qdvd.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-17 12:55 . 2013-10-26 07:41    71344    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-17 12:55 . 2013-10-26 07:41    701104    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-10-16 12:11 . 2013-12-13 13:54    49752    ----a-w-    c:\windows\system32\drivers\AntiLog64.sys
2014-10-15 17:14 . 2013-12-14 23:16    103265616    ----a-w-    c:\windows\system32\MRT.exe
2014-09-23 13:00 . 2013-12-13 14:38    590536    ----a-w-    c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-09-12 14:51 . 2014-09-12 14:51    829264    ----a-w-    c:\windows\system32\msvcr100.dll
2014-09-12 14:51 . 2014-09-12 14:51    608080    ----a-w-    c:\windows\system32\msvcp100.dll
2014-09-12 14:03 . 2014-09-12 14:03    773968    ----a-w-    c:\windows\SysWow64\msvcr100.dll
2014-09-12 14:03 . 2014-09-12 14:03    421200    ----a-w-    c:\windows\SysWow64\msvcp100.dll
2014-09-09 22:11 . 2014-09-24 06:09    2048    ----a-w-    c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 06:09    2048    ----a-w-    c:\windows\SysWow64\tzres.dll
2014-09-05 12:52 . 2012-07-17 19:37    23256    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-23 02:07 . 2014-08-28 11:56    404480    ----a-w-    c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-08-28 11:56    311808    ----a-w-    c:\windows\SysWow64\gdi32.dll
2014-08-15 00:12 . 2014-08-15 00:12    85808    ----a-w-    c:\windows\system32\NicInstD.dll
2014-08-15 00:12 . 2014-08-15 00:12    73512    ----a-w-    c:\windows\system32\e1dmsg.dll
2014-08-15 00:12 . 2014-08-15 00:12    489752    ----a-w-    c:\windows\system32\drivers\e1d62x64.sys
2014-08-15 00:12 . 2014-08-15 00:12    125728    ----a-w-    c:\windows\system32\NicCo4.dll
2014-08-01 11:53 . 2014-09-12 12:36    1031168    ----a-w-    c:\windows\system32\TSWorkspace.dll
2014-08-01 11:35 . 2014-09-12 12:36    793600    ----a-w-    c:\windows\SysWow64\TSWorkspace.dll
2009-05-21 19:32 . 2014-02-24 13:15    45056    ----a-w-    c:\program files (x86)\Common Files\Period20.dll
2009-05-21 19:32 . 2014-02-24 13:15    24576    ----a-w-    c:\program files (x86)\Common Files\Artes32X.dll
2009-05-21 19:32 . 2014-02-24 13:15    24576    ----a-w-    c:\program files (x86)\Common Files\ACTripsLog.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-26 21:06    222920    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-26 21:06    222920    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-26 21:06    222920    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 20:27    1020624    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 20:27    1020624    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 20:27    1020624    ----a-r-    c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2014-08-08 43816]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2014-08-15 43816]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2014-10-17 111320]
"DellSystemDetect"="c:\users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe" [2014-07-25 263232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-12-16 462974]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2013-09-30 3761464]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2011-04-21 139264]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2011-05-19 2629632]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2012-04-05 371864]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2014-06-27 1056976]
.
c:\users\ASAP Consulting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Send to OneNote.lnk - c:\program files\Microsoft Office 15\root\office15\ONENOTEM.EXE /tsr [2014-6-17 195240]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe /startdesktopidv /startup [2014-9-22 2548016]
Intuit Data Protect.lnk - c:\program files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2013-11-27 6274360]
QuickBooks Update Agent.lnk - c:\program files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2014-2-4 1157448]
QuickBooks_Standard_21.lnk - c:\program files (x86)\Intuit\QuickBooks 2011\QBW32.EXE -silent [2014-2-4 1179464]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\Citrix\ICACLI~1\RSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 GemCCID;GemCCID;c:\windows\system32\DRIVERS\GemCCID.sys;c:\windows\SYSNATIVE\DRIVERS\GemCCID.sys [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
R3 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
R3 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
S0 cmgfve;cmgfve;c:\windows\System32\Drivers\cmgfve.sys;c:\windows\SYSNATIVE\Drivers\cmgfve.sys [x]
S0 CmgHiber;CmgHiber;c:\windows\system32\DRIVERS\CmgHiber.sys;c:\windows\SYSNATIVE\DRIVERS\CmgHiber.sys [x]
S0 CmgPCS;Credant PCS;c:\windows\system32\DRIVERS\CmgPCS.sys;c:\windows\SYSNATIVE\DRIVERS\CmgPCS.sys [x]
S0 CmgShieldFFE;CmgShieldFFE;c:\windows\system32\DRIVERS\CmgFFE.sys;c:\windows\SYSNATIVE\DRIVERS\CmgFFE.sys [x]
S0 CredFltL;CredFltL;c:\windows\system32\DRIVERS\CredFltL.sys;c:\windows\SYSNATIVE\DRIVERS\CredFltL.sys [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\SYMEFA64.SYS [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [x]
S1 ccSet_N360;N360 Settings Manager;c:\windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\ccSetx64.sys [x]
S1 CMGShieldReg;CMGShieldReg;c:\windows\system32\DRIVERS\CmgShREG.sys;c:\windows\SYSNATIVE\DRIVERS\CmgShREG.sys [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys;c:\program files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\N360x64\1506000.020\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\N360x64\1506000.020\SYMNETS.SYS [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 ClickToRunSvc;Microsoft Office ClickToRun Service;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe;c:\windows\SYSNATIVE\CmgShieldSvc.exe [x]
S2 Dell.PowerManager.Service;Dell.PowerManager.Service;c:\windows\system32\dllhost.exe;c:\windows\SYSNATIVE\dllhost.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 DellEntitlement;Dell Entitlement Service;c:\program files\Dell\Dell Data Protection\EntitlementService.exe;c:\program files\Dell\Dell Data Protection\EntitlementService.exe [x]
S2 DellMgmtAgent;Dell Management Agent Service;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [x]
S2 DellMgmtLoader;Dell Security Framework Loader;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [x]
S2 DellMgmtServer;DELL Security Framework Local Server;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [x]
S2 EMS;EMS;c:\windows\system32\EMSService.exe;c:\windows\SYSNATIVE\EMSService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe;c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [x]
S2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe;c:\program files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [x]
S2 QBVSS;QBIDPService;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe;c:\program files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 e1dexpress;Intel® PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 ibtusb;Intel® Wireless Bluetooth® 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
S3 ST_Accel;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S4 DBUtil_2_3;DBUtil_2_3;c:\windows\TEMP\DBUtil_2_3.Sys;c:\windows\TEMP\DBUtil_2_3.Sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-10-17 13:11    1089352    ----a-w-    c:\program files (x86)\Google\Chrome\Application\38.0.2125.104\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-26 12:55]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21 11:58]
.
2014-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21 11:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-02-26 21:06    261832    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-02-26 21:06    261832    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-02-26 21:06    261832    ----a-w-    c:\users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-09-25 10:10    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-09-25 10:10    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-09-25 10:10    2334416    ----a-w-    c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\grooveex.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2014-06-27 20:15    1293520    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2014-06-27 20:15    1293520    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2014-06-27 20:15    1293520    ----a-r-    c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CmgEncOverlay]
@="{7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4}"
[HKEY_CLASSES_ROOT\CLSID\{7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4}]
2013-11-01 04:15    5177216    ----a-w-    c:\program files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\CmgGhostOverlay]
@="{74CD2AE0-8208-424C-8A4B-6670FE358620}"
[HKEY_CLASSES_ROOT\CLSID\{74CD2AE0-8208-424C-8A4B-6670FE358620}]
2013-11-01 04:15    5177216    ----a-w-    c:\program files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2013-07-08 708952]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-06-28 7191768]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
"WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-04-18 114944]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2013-03-23 1291848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-08-05 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-08-05 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-08-05 444400]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-05-29 36352]
"BLEServicesCtrl"="c:\program files (x86)\Intel\Bluetooth\BleServicesCtrl.exe" [2012-09-17 184112]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2013-05-21 7830328]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"CSFTrayApp"="c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" [2013-11-01 230752]
"LocalSecurityAgent"="c:\program files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe" [2013-11-01 32128]
"EmsService"="EmsServiceHelper.exe" [2013-11-01 3229568]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-01-18 4876528]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.roboform.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComFillForms.html
IE: Save Forms - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:/Program Files (x86)/Siber Systems/AI RoboForm/RoboFormComShowToolbar.html
Trusted Zone: dell.com
Trusted Zone: dla.mil
Trusted Zone: dla.mil\fortbelvoir.citrix.ccl1.hq
Trusted Zone: dla.mil\gslb
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.roboform.com/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-ISUSPM - c:\programdata\FLEXnet\Connect\11\ISUSPM.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Security Suite\Engine\21.6.0.32;c:\program files (x86)\Norton Security Suite\Engine64\21.6.0.32"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-28  16:58:07
ComboFix-quarantined-files.txt  2014-10-28 22:58
.
Pre-Run: 296,550,129,664 bytes free
Post-Run: 298,387,795,968 bytes free
.
- - End Of File - - 9C3B19A24FA8AF9AD0D9F59EBE8AE3C4
5C616939100B85E558DA92B899A0FC36
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 28 October 2014 - 08:02 PM

Hi,
how is the pc running now?


Let's do a final check up:

Step 1


Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed select Uninstall application on close if you so wish, but make sure you copy the logfile first!
  • Now click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif


Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 alfadreamer1

alfadreamer1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 29 October 2014 - 01:47 AM

Hi Deeppryka

My computer is running great, I do not see any instances of the dllhost.exe*32 process running any longer,  Please let me know what you think of the latest scans and frst files.

 

Thank you,

 

log text file from ESET

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8ebf6829c1afa94cafb16796f844fa7f
# engine=20825
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-10-29 05:30:16
# local_time=2014-10-28 11:30:16 (-0700, Mountain Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Norton 360'
# compatibility_mode=3598 16777213 87 100 0 165136712 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 30855873 166104066 0 0
# scanned=203908
# found=4
# cleaned=0
# scan_time=10113
sh=0B2F0A98C97C17BA3354E9B67B67166FCB97B7AB ft=1 fh=ddb00d73ca0f285e vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\Debut\debut.exe"
sh=8815EFADE431A3F13799B5014B4C65308001F3CE ft=1 fh=4f0d08c0f67cef83 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Program Files (x86)\NCH Software\Debut\debutsetup_v1.88.exe"
sh=8815EFADE431A3F13799B5014B4C65308001F3CE ft=1 fh=4f0d08c0f67cef83 vn="a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application" ac=I fn="C:\Users\ASAP Consulting\Downloads\debutsetup.exe"
sh=BD3D451BFB56B02EDD3D2D1FEA10E29EC94F1A8C ft=1 fh=3d6c1e353acd28fa vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Users\ASAP Consulting\Downloads\InternationalPrimoPDF.exe"
 

 

FRST text file

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-10-2014 01
Ran by ASAP Consulting (administrator) on ASAPCONSULTING on 29-10-2014 00:29:44
Running from C:\Users\ASAP Consulting\Desktop
Loaded Profile: ASAP Consulting (Available profiles: ASAP Consulting & Bill Craig)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Dell Inc.) C:\Windows\System32\CmgShieldSvc.exe
(Dell Inc.) C:\Windows\System32\EmsService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Authentec Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Carbonite, Inc. (www.carbonite.com)) C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Dell Inc.) C:\Windows\System32\EmsServiceHelper.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Carbonite, Inc.) C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Citrix Systems, Inc.) C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [114944 2013-04-18] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1291848 2013-03-22] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-05-29] (Intel Corporation)
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-17] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [230752 2013-10-31] ()
HKLM\...\Run: [LocalSecurityAgent] => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe [32128 2013-10-31] (Dell Inc.)
HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3229568 2013-10-31] (Dell Inc.)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel® Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [462974 2011-12-16] (Creative Technology Ltd)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3761464 2013-09-30] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2011-04-20] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2629632 2011-05-19] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ConnectionCenter] => C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [371864 2012-04-05] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (Authentec Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [111320 2014-10-17] (Siber Systems)
HKU\S-1-5-21-71547050-2547732492-773883006-1000\...\Run: [DellSystemDetect] => C:\Users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe [263232 2014-07-25] (Dell)
AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => C:\Program Files (x86)\Citrix\ICA Client\RSHook.dll [257176 2012-04-05] (Citrix Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
Startup: C:\Users\ASAP Consulting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers: [CmgEncOverlay] -> {7B0F6726-38DD-49DD-8A5E-02EFED6EEDA4} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll (Dell Inc.)
ShellIconOverlayIdentifiers: [CmgGhostOverlay] -> {74CD2AE0-8208-424C-8A4B-6670FE358620} => C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgShellExt.dll (Dell Inc.)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers-x32: [Carbonite.Green] -> {95A27763-F62A-4114-9072-E81D87DE3B68} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Partial] -> {E300CD91-100F-4E67-9AF3-1384A6124015} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)
ShellIconOverlayIdentifiers-x32: [Carbonite.Yellow] -> {5E529433-B50E-4bef-A63B-16A6B71B071A} => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll (Carbonite, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.roboform.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - DefaultScope {940C6834-2B36-447A-B32C-2DA2A40904FF} URL =
SearchScopes: HKCU - {940C6834-2B36-447A-B32C-2DA2A40904FF} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CtxIEInterceptorBHO Class -> {2C4631FF-5CC8-4EBC-A0DF-34C92291759E} -> C:\Program Files (x86)\Citrix\ICA Client\IEInterceptor.dll (Citrix Systems, Inc.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll (Siber Systems Inc.)
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default
FF Homepage: hxxp://start.roboform.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican -> C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.1 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\2020Player_IKEA@2020Technologies.com [2014-08-22]
FF Extension: XFINITY Constant Guard Protection Suite - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\idvaultaddon@whitesky [2014-10-22]
FF Extension: No Name - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\temp [2014-10-17]
FF Extension: DownloadHelper - C:\Users\ASAP Consulting\AppData\Roaming\Mozilla\Firefox\Profiles\iktcghjy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-05]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2014-04-30]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-28]
FF HKCU\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox

Chrome:
=======
CHR Profile: C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-22]
CHR Extension: (Norton Identity Safe) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-27]
CHR Extension: (Norton Security Toolbar) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-08-22]
CHR Extension: (Google Wallet) - C:\Users\ASAP Consulting\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-22]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-04-30]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-27]
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-04-30]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)
R2 CMGShield; C:\Windows\system32\CmgShieldSvc.exe [6713216 2013-10-31] (Dell Inc.)
R2 Dell.PowerManager.Service; C:\Windows\system32\dllhost.exe [9728 2009-07-13] (Microsoft Corporation)
R2 Dell.PowerManager.Service; C:\Windows\SysWOW64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 DellEntitlement; C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe [324480 2013-12-14] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [247136 2013-10-31] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2013-10-31] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2013-10-31] (Dell, Inc.)
R2 EMS; C:\Windows\system32\EMSService.exe [1938304 2013-10-31] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-05-29] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
S3 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2947856 2013-07-30] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-07-01] (Intel Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-02-03] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2009-07-23] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2012-03-09] (Intuit Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [223816 2013-01-09] (Realtek Semiconductor)
S3 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [124616 2013-07-30] ()
S2 tcsd_win32.exe; C:\Program Files\Dell\Dell Data Protection\TSS\bin\tcsd_win32.exe [1636352 2012-12-10] (Security Innovation, Inc.) [File not signed]
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-10-16] (Zemana Ltd.)
R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [1587416 2014-10-16] (Symantec Corporation)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1385272 2013-08-08] (Motorola Solutions, Inc.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R0 cmgfve; C:\Windows\System32\Drivers\cmgfve.sys [197920 2013-10-31] (Dell Inc.)
R0 CmgHiber; C:\Windows\System32\DRIVERS\CmgHiber.sys [131360 2013-10-31] (Dell Inc.)
R0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [157984 2013-10-31] (Dell Inc.)
R0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [388384 2013-10-31] (Dell Inc.)
R1 CMGShieldReg; C:\Windows\System32\DRIVERS\CmgShREG.sys [76064 2013-10-31] (Dell Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [34048 2013-10-31] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-08-14] (Intel Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-10-26] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-10-26] (Symantec Corporation)
S3 GemCCID; C:\Windows\System32\DRIVERS\GemCCID.sys [130688 2014-03-14] (Gemalto)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28656 2013-05-20] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [114632 2013-08-28] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys [633560 2014-10-24] (Symantec Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2162648 2013-08-01] (Realtek Semiconductor Corp.)
S3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [34824 2013-07-30] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-12-19] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.001\ENG64.SYS [129752 2014-10-26] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.001\EX64.SYS [2137304 2014-10-26] (Symantec Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\NETwsw02.sys [3429344 2014-02-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [185760 2013-05-07] (O2Micro )
S3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [202248 2013-07-30] ()
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R3 ST_Accel; C:\Windows\System32\DRIVERS\ST_Accel.sys [89312 2013-03-27] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-10-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2013-07-30] (The OpenVPN Project)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [206744 2013-06-20] (Windows ® Win 7 DDK provider)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
R4 DBUtil_2_3; \??\C:\Windows\TEMP\DBUtil_2_3.Sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 20:37 - 2014-10-28 20:37 - 02347384 _____ (ESET) C:\Users\ASAP Consulting\Downloads\esetsmartinstaller_enu.exe
2014-10-28 20:37 - 2014-10-28 20:37 - 02347384 _____ (ESET) C:\Users\ASAP Consulting\Desktop\esetsmartinstaller_enu.exe
2014-10-28 20:37 - 2014-10-28 20:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-28 16:58 - 2014-10-28 16:58 - 00038191 _____ () C:\ComboFix.txt
2014-10-28 16:24 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-28 16:24 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-28 16:24 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-28 16:24 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-28 16:24 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-28 16:24 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-28 16:24 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-28 16:24 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-28 16:23 - 2014-10-28 16:58 - 00000000 ____D () C:\Qoobox
2014-10-28 16:23 - 2014-10-28 16:54 - 00000000 ____D () C:\Windows\erdnt
2014-10-28 14:41 - 2014-10-28 14:41 - 05591695 ____R (Swearware) C:\Users\ASAP Consulting\Desktop\ComboFix.exe
2014-10-28 14:41 - 2014-10-28 14:41 - 05591695 _____ (Swearware) C:\Users\ASAP Consulting\Downloads\ComboFix.exe
2014-10-28 13:41 - 2014-10-28 13:43 - 00034328 _____ () C:\Users\ASAP Consulting\Desktop\Addition.txt
2014-10-28 13:38 - 2014-10-29 00:30 - 00038090 _____ () C:\Users\ASAP Consulting\Desktop\FRST.txt
2014-10-28 13:38 - 2014-10-29 00:29 - 00000000 ____D () C:\FRST
2014-10-28 13:38 - 2014-10-28 13:38 - 02113024 _____ (Farbar) C:\Users\ASAP Consulting\Desktop\frst64.exe
2014-10-28 13:35 - 2014-10-28 13:35 - 02113024 _____ (Farbar) C:\Users\ASAP Consulting\Downloads\FRST64.exe
2014-10-28 09:11 - 2014-10-28 09:11 - 00041291 _____ () C:\Users\ASAP Consulting\Desktop\dds.txt
2014-10-28 09:11 - 2014-10-28 09:11 - 00020607 _____ () C:\Users\ASAP Consulting\Desktop\attach.txt
2014-10-28 09:06 - 2014-10-28 09:05 - 00688992 ____R (Swearware) C:\Users\ASAP Consulting\Desktop\dds.com
2014-10-28 09:05 - 2014-10-28 09:05 - 00688992 _____ (Swearware) C:\Users\ASAP Consulting\Downloads\dds.com
2014-10-28 06:48 - 2014-10-28 06:49 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\ASAP Consulting\Downloads\cbSetup.exe
2014-10-27 14:03 - 2014-10-27 14:04 - 120400632 _____ (Microsoft Corporation) C:\Users\ASAP Consulting\Downloads\msert.exe
2014-10-27 13:42 - 2014-10-27 13:42 - 00007605 _____ () C:\Users\ASAP Consulting\AppData\Local\Resmon.ResmonCfg
2014-10-27 09:49 - 2014-10-27 11:29 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\NPE
2014-10-27 09:16 - 2014-10-27 09:58 - 00000000 ____D () C:\NPE
2014-10-27 09:13 - 2014-10-27 09:29 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\NPE
2014-10-27 09:13 - 2014-10-27 09:13 - 03060320 ____N (Symantec Corporation) C:\Users\Bill Craig\Downloads\NPE.exe
2014-10-27 09:07 - 2014-10-27 09:07 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-10-27 07:34 - 2014-10-27 09:02 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-27 07:34 - 2014-10-27 09:01 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk
2014-10-27 07:34 - 2014-10-27 07:34 - 00177752 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2014-10-27 07:34 - 2014-10-27 07:34 - 00008222 _____ () C:\Windows\system32\Drivers\SYMEVENT64x86.CAT
2014-10-27 07:34 - 2014-10-27 07:34 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-10-27 07:32 - 2014-10-27 09:02 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-27 07:32 - 2014-10-27 09:01 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-27 07:32 - 2014-10-27 07:32 - 00000000 ____D () C:\Program Files (x86)\Norton Security Suite
2014-10-26 10:00 - 2014-10-26 10:00 - 01021632 _____ (Symantec Corporation) C:\Users\ASAP Consulting\Desktop\Norton_Download_Manager.exe
2014-10-26 09:58 - 2014-10-26 09:58 - 01021632 _____ (Symantec Corporation) C:\Users\ASAP Consulting\Downloads\Norton_Download_Manager.exe
2014-10-24 09:41 - 2014-09-04 20:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-24 09:41 - 2014-09-04 19:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-24 09:41 - 2014-08-28 20:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-24 09:41 - 2014-05-08 03:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-10-24 09:16 - 2013-10-01 20:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-10-24 09:16 - 2013-10-01 20:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-10-24 09:16 - 2013-10-01 20:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-10-24 09:16 - 2013-10-01 19:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-10-24 09:16 - 2013-10-01 19:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-10-24 09:16 - 2013-10-01 19:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-10-24 09:16 - 2013-10-01 19:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-10-24 09:16 - 2013-10-01 18:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-10-24 09:16 - 2013-10-01 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-10-24 09:16 - 2013-10-01 18:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-10-24 09:16 - 2013-10-01 18:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-10-24 09:16 - 2013-10-01 18:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-10-24 09:16 - 2013-10-01 17:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-10-24 09:16 - 2013-10-01 17:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-24 09:16 - 2013-10-01 17:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-10-24 09:16 - 2013-10-01 16:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-24 09:15 - 2012-08-23 08:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-10-24 09:15 - 2012-08-23 08:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-10-24 09:15 - 2012-08-23 08:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2014-10-24 09:15 - 2012-08-23 05:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-10-24 09:15 - 2012-08-23 04:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-10-24 08:05 - 2014-10-24 08:05 - 00010342 _____ () C:\Users\ASAP Consulting\Downloads\Checking1.qfx
2014-10-22 15:21 - 2014-10-22 15:22 - 01358968 _____ () C:\Windows\Minidump\102214-26364-01.dmp
2014-10-22 14:31 - 2014-10-22 14:31 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Nitro
2014-10-22 14:31 - 2014-10-22 14:31 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\FileOpen
2014-10-22 14:23 - 2014-10-22 14:23 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Macromedia
2014-10-22 14:22 - 2014-10-22 14:24 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Google
2014-10-22 14:22 - 2014-10-22 14:22 - 00000000 ____D () C:\Users\Bill Craig\Documents\My RoboForm Data
2014-10-22 14:19 - 2014-10-22 14:19 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Intel Corporation
2014-10-22 14:18 - 2014-10-28 13:28 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ID Vault
2014-10-22 14:18 - 2014-10-26 10:35 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\ID Vault
2014-10-22 14:18 - 2014-10-22 14:22 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Google
2014-10-22 14:18 - 2014-10-22 14:18 - 00115888 _____ () C:\Users\Bill Craig\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-22 14:18 - 2014-10-22 14:18 - 00001411 _____ () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ICAClient
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Creative
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\ControlCenter4
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Apple Computer
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Adobe
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Zemana
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\White_Sky,_Inc
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Intuit
2014-10-22 14:18 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Citrix
2014-10-22 14:17 - 2014-10-22 14:18 - 00000000 ____D () C:\Users\Bill Craig
2014-10-22 14:17 - 2014-10-22 14:17 - 00000020 ___SH () C:\Users\Bill Craig\ntuser.ini
2014-10-22 14:17 - 2014-10-22 14:17 - 00000000 ____D () C:\Users\Bill Craig\AppData\Roaming\Intel
2014-10-22 14:17 - 2014-10-22 14:17 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\VirtualStore
2014-10-22 14:17 - 2013-12-14 18:57 - 00000000 ____D () C:\Users\Bill Craig\AppData\Local\Microsoft Help
2014-10-22 14:17 - 2013-12-13 08:43 - 00002098 _____ () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2014-10-22 14:17 - 2009-07-13 22:54 - 00000000 ___RD () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-22 14:17 - 2009-07-13 22:49 - 00000000 ___RD () C:\Users\Bill Craig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-10-22 07:39 - 2014-10-22 07:39 - 00004176 _____ () C:\Windows\System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4}
2014-10-22 07:39 - 2014-10-22 07:39 - 00002130 _____ () C:\Users\Public\Desktop\Carbonite InfoCenter.lnk
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\ProgramData\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\Program Files\Carbonite
2014-10-22 07:39 - 2014-10-22 07:39 - 00000000 ____D () C:\Program Files (x86)\Carbonite
2014-10-22 06:44 - 2014-10-22 06:56 - 374965967 _____ () C:\Users\ASAP Consulting\Downloads\openSAP_a4h1_Week_4_All_Videos_Slides.zip
2014-10-17 06:53 - 2014-10-17 06:55 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\Adobe
2014-10-15 07:20 - 2014-09-28 18:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 07:20 - 2014-08-18 21:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 07:20 - 2014-08-18 21:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 07:20 - 2014-08-18 21:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 07:20 - 2014-08-18 21:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 07:20 - 2014-08-18 21:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 07:20 - 2014-08-18 21:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 07:20 - 2014-08-18 21:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 07:20 - 2014-08-18 21:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 07:20 - 2014-08-18 20:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 07:20 - 2014-08-18 20:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 07:20 - 2014-08-18 20:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 07:20 - 2014-07-06 20:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 07:20 - 2014-07-06 20:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 07:20 - 2014-07-06 20:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 07:20 - 2014-07-06 20:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 07:20 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 07:20 - 2014-07-06 20:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 07:20 - 2014-07-06 20:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 07:20 - 2014-07-06 20:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 07:20 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 07:20 - 2014-07-06 19:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 07:20 - 2014-07-06 19:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 07:20 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 07:20 - 2014-07-06 19:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 07:20 - 2014-07-06 19:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 07:20 - 2014-07-06 19:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 07:20 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 07:20 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 07:20 - 2014-06-27 18:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 07:20 - 2014-06-27 18:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 07:20 - 2014-06-27 18:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 07:20 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 07:19 - 2014-10-09 20:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 07:19 - 2014-10-09 20:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 07:19 - 2014-10-09 20:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 07:19 - 2014-09-19 23:18 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 07:19 - 2014-09-19 23:17 - 02236928 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 07:19 - 2014-09-19 23:17 - 01407488 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 15399424 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 02655232 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 07:19 - 2014-09-19 23:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 07:19 - 2014-09-19 23:15 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 07:19 - 2014-09-19 23:15 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 07:19 - 2014-09-19 23:15 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 13757952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 02861568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 02055168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 01762816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 01180672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 07:19 - 2014-09-19 21:57 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 07:19 - 2014-09-19 21:56 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 07:19 - 2014-09-19 21:56 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 07:19 - 2014-09-19 21:56 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 07:19 - 2014-09-19 21:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 07:19 - 2014-09-19 21:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 07:19 - 2014-09-19 20:43 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-15 07:19 - 2014-09-19 20:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-15 07:19 - 2014-09-17 20:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 07:19 - 2014-09-17 19:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 07:19 - 2014-09-12 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 07:19 - 2014-09-12 19:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 07:19 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 07:19 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 07:19 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 07:19 - 2014-07-16 20:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 07:19 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 07:19 - 2014-07-16 19:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 07:19 - 2014-07-16 19:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 07:19 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 07:19 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-12 13:48 - 2014-10-12 14:44 - 567936313 _____ () C:\Users\ASAP Consulting\Downloads\openSAP_a4h1_Week_3_All_Videos_Slides.zip
2014-10-07 19:23 - 2014-10-07 19:23 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\Intel_Corporation
2014-10-04 14:31 - 2014-10-04 14:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-10-04 14:29 - 2014-10-04 14:29 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-04 14:29 - 2014-10-04 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-04 14:29 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files\iPod
2014-10-04 14:28 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files\iTunes
2014-10-04 14:28 - 2014-10-04 14:29 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-03 11:54 - 2014-10-03 11:54 - 01235416 _____ () C:\Windows\Minidump\100314-21824-01.dmp
2014-10-01 06:46 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-01 06:46 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-09-30 12:46 - 2014-09-30 12:46 - 00000000 ____H () C:\Users\ASAP Consulting\Documents\Default.rdp
2014-09-30 12:24 - 2014-09-30 12:25 - 00000113 _____ () C:\Users\ASAP Consulting\Downloads\credentials.csv

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-29 00:16 - 2014-08-21 05:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 23:46 - 2013-10-26 01:41 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-28 20:57 - 2014-06-25 05:38 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-10-28 20:57 - 2013-12-13 07:54 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite
2014-10-28 20:42 - 2014-02-17 15:26 - 00005038 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for ASAPConsulting-ASAP Consulting ASAPConsulting
2014-10-28 20:38 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-28 20:38 - 2009-07-13 22:45 - 00031312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-28 20:36 - 2013-12-13 07:54 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\ID Vault
2014-10-28 20:35 - 2009-07-13 23:13 - 00783606 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-28 20:34 - 2013-10-26 03:33 - 01902972 _____ () C:\Windows\WindowsUpdate.log
2014-10-28 20:31 - 2014-08-21 05:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 20:31 - 2013-12-26 14:43 - 00131072 ___SH () C:\CredSED.dat
2014-10-28 20:31 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Registration
2014-10-28 20:30 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-28 20:30 - 2009-07-13 22:51 - 00406391 _____ () C:\Windows\setupact.log
2014-10-28 17:11 - 2010-11-20 21:47 - 01486662 _____ () C:\Windows\PFRO.log
2014-10-28 16:58 - 2014-04-22 13:46 - 00000000 ____D () C:\Users\dub_cm_auto
2014-10-28 16:58 - 2009-07-13 21:20 - 00000000 __RHD () C:\Users\Default
2014-10-28 16:52 - 2009-07-13 20:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-28 16:51 - 2013-12-13 07:34 - 00000000 ____D () C:\Users\ASAP Consulting
2014-10-28 14:40 - 2013-12-13 08:45 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\Outlook Files
2014-10-28 11:47 - 2014-01-03 14:23 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Nitro PDF
2014-10-28 10:52 - 2013-12-14 16:37 - 00000000 ____D () C:\ProgramData\CREDANT
2014-10-27 09:13 - 2013-12-13 08:03 - 00000000 ____D () C:\ProgramData\Norton
2014-10-27 08:57 - 2014-02-28 11:32 - 00000000 ____D () C:\Program Files (x86)\Browny02
2014-10-27 08:18 - 2013-12-13 08:03 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2014-10-27 08:16 - 2013-12-13 08:03 - 00001228 _____ () C:\Users\ASAP Consulting\Desktop\Norton Installation Files.lnk
2014-10-26 13:21 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-10-26 09:59 - 2013-12-13 08:00 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\ID Vault
2014-10-25 21:36 - 2013-12-26 17:20 - 00031913 _____ () C:\Windows\system32\Drivers\cmghbbtl.dat
2014-10-25 21:33 - 2013-12-26 17:20 - 00018955 _____ () C:\Windows\system32\Drivers\cmghbpm.dat
2014-10-25 18:21 - 2013-12-13 11:43 - 31791617 _____ () C:\Users\ASAP Consulting\quicken file.QDF
2014-10-25 18:20 - 2013-12-13 11:43 - 04951392 _____ () C:\Users\ASAP Consulting\quicken fileOFXLOG.DAT
2014-10-25 09:31 - 2013-12-14 16:33 - 00000390 __RSH () C:\ProgramData\ntuser.pol
2014-10-24 09:20 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-24 09:17 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-24 08:09 - 2013-12-18 06:32 - 31793152 _____ () C:\Users\ASAP Consulting\Desktop\quicken file.QDF-backup
2014-10-23 17:11 - 2014-08-21 05:58 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-23 17:11 - 2014-08-21 05:58 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-22 15:21 - 2014-04-14 07:18 - 907364908 _____ () C:\Windows\MEMORY.DMP
2014-10-22 15:21 - 2014-04-14 07:18 - 00000000 ____D () C:\Windows\Minidump
2014-10-22 12:06 - 2014-04-21 07:26 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-22 10:11 - 2009-07-13 23:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-21 09:06 - 2014-06-10 05:39 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-20 13:41 - 2013-12-13 08:37 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-17 10:23 - 2014-06-17 18:12 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Local\CrashDumps
2014-10-17 07:16 - 2014-08-21 05:59 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-17 06:57 - 2014-04-30 12:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2014-10-17 06:57 - 2013-12-16 14:42 - 00004180 _____ () C:\Windows\System32\Tasks\Open URL by RoboForm
2014-10-17 06:57 - 2013-12-16 14:42 - 00003524 _____ () C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon
2014-10-17 06:55 - 2013-10-26 01:41 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-17 06:55 - 2013-10-26 01:41 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-17 06:55 - 2013-10-26 01:41 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-16 06:11 - 2013-12-13 07:54 - 00049752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\AntiLog64.sys
2014-10-16 06:11 - 2013-12-13 07:54 - 00002203 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk
2014-10-16 06:11 - 2013-12-13 07:54 - 00002191 _____ () C:\Users\Public\Desktop\Constant Guard.lnk
2014-10-16 06:11 - 2013-12-13 07:54 - 00000000 ____D () C:\Windows\SysWOW64\ZALSDK_uninst
2014-10-15 11:45 - 2009-07-13 22:45 - 00447648 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-15 11:40 - 2014-04-30 08:12 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-15 11:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-15 11:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-15 11:22 - 2013-12-14 17:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 11:14 - 2013-12-14 17:16 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-14 14:47 - 2013-12-14 16:16 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\ALV Template
2014-10-14 06:51 - 2013-12-19 08:59 - 00000000 ____D () C:\Users\ASAP Consulting\BACKUP
2014-10-09 08:52 - 2013-10-26 01:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-09 08:51 - 2013-12-13 07:40 - 00000000 ____D () C:\ProgramData\softthinks
2014-10-09 08:06 - 2010-11-20 08:42 - 00000000 ____D () C:\Temp1234
2014-10-09 06:35 - 2014-06-10 05:54 - 00000000 ____D () C:\Windows\System32\Tasks\Dell
2014-10-08 09:16 - 2014-02-27 12:37 - 00000000 ____D () C:\Program Files (x86)\Quicken
2014-10-04 14:41 - 2013-12-13 13:01 - 00000000 ____D () C:\Users\ASAP Consulting\AppData\Roaming\Apple Computer
2014-09-30 08:35 - 2013-12-14 16:16 - 00000000 ____D () C:\Users\ASAP Consulting\Documents\ASAP Consulting
2014-09-29 12:20 - 2014-02-26 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

Files to move or delete:
====================
C:\Users\ASAP Consulting\quicken fileOFXLOG.DAT
C:\Users\ASAP Consulting\quicken fileOFXOLD.DAT


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-10-26 13:14

==================== End Of Log ============================

 

Addition text file

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-10-2014 01
Ran by ASAP Consulting at 2014-10-29 00:30:39
Running from C:\Users\ASAP Consulting\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Security Suite (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Security Suite (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.189 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AntiLogger SDK version 1.7.6.367 (HKLM-x32\...\{4D46DE30-49FE-4043-99F7-D7E8C06175E0}_is1) (Version: 1.7.6.367 - Zemana Ltd.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARTES U.S. Version 6.10.0.8 (HKLM-x32\...\ARTES U.S.) (Version: ARTES U.S. Version 9.10.0.10 - )
AuthenTec Fingerprint Driver (Version: 1.6.2.0350 - AuthenTec) Hidden
AuthenTec WinBio FingerPrint Software 64-bit (Version: 3.4.2.1016 - AuthenTec, Inc.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-J835DW (HKLM-x32\...\{A1B36B88-AF90-43A3-8906-6DBEE89B4FBD}) (Version: 1.0.19.0 - Brother Industries, Ltd.)
Carbonite (HKLM-x32\...\Carbonite Backup) (Version: 5.5.5 build 4151  (Jun-27-2014) - Carbonite)
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 13.1.200.22 - Citrix Systems, Inc.)
CloudShare RDP Extension for IE (HKLM-x32\...\{4616558A-FE4D-4B8C-805A-5D2088062D68}) (Version: 1.1.0 - CloudShare Ltd.)
CmgMasterPrerequisites (x32 Version: 1.2.0.371 - Credant Technologies Inc.) Hidden
Constant Guard Protection Suite (HKLM-x32\...\ID Vault) (Version: 1.14.922.1 - Comcast)
ConvertHelper 2.2 (HKLM-x32\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1) (Version:  - DownloadHelper)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Dell Client System Update (HKLM-x32\...\{04566294-A6B6-4462-9721-031073EB3694}) (Version: 1.3.0 - Dell Inc.)
Dell Data Protection | Client Security Framework (Version: 8.2.0.1281 - Dell) Hidden
Dell Data Protection | Encryption (Version: 8.2.0.5761 - Dell Inc) Hidden
Dell Data Protection | Security Tools (x32 Version: 1.2.0.371 - Dell) Hidden
Dell Data Protection Installer (x32 Version: 1.2.0.446 - Dell) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Power Manager (HKLM\...\{E45D7941-F3F0-4E8E-AD55-DCE2FE0AE6D8}) (Version: 1.1.0 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 2.3.15835 - Invincea, Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.9.0.5 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.134 - ALPS ELECTRIC CO., LTD.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.54 - Creative Technology Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.104 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.10.1652 - Intel Corporation)
Intel® Network Connections 18.1.59.00 (HKLM\...\PROSetDX) (Version: 18.1.59.00 - Intel)
Intel® Network Connections 18.1.59.00 (Version: 18.1.59.00 - Intel) Hidden
Intel® PRO/Wireless Driver (Version: 17.00.0000.1347 - Intel Corporation) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3257 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1335.3) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0366 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.6.2.1000 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.2.1000 - Intel Corporation) Hidden
Intel® Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Intel® WiDi (HKLM\...\{F949AE30-83D1-41B2-92D2-F44478DD058A}) (Version: 4.2.24.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{724eb565-20e3-4d9a-ad54-d36d1da130e5}) (Version: 17.0.0 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 17.0.0.0332 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Project Professional 2013 - en-us (HKLM\...\ProjectProRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visio Professional 2013 - en-us (HKLM\...\VisioProRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)
Microsoft Visio Standard 2010 (HKLM\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
My Dell (HKLM\...\PC-Doctor for Windows) (Version: 3.5.6426.22 - PC-Doctor, Inc.)
Nitro Reader 3 (HKLM\...\{4436B9BD-CA66-4D69-9091-2D2EB62F09AD}) (Version: 3.5.2.10 - Nitro)
Norton Security Suite (HKLM-x32\...\N360) (Version: 21.6.0.32 - Symantec Corporation)
O2Micro OZ776 SCR Driver (x32 Version: 1.1.4.223 - O2Micro) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 13.1.200.22 - Citrix Systems, Inc.) Hidden
PaperPort Image Printer 64-bit (HKLM\...\{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickBooks (x32 Version: 21.0.4014.904 - Intuit Inc.) Hidden
QuickBooks Pro 2011 (HKLM-x32\...\{11E0AC7D-6822-4F67-865F-EE1C13D28C38}) (Version: 21.0.4014.904 - Intuit Inc.)
Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
Quicken 2014 (HKLM-x32\...\{0877F595-254F-45F4-991D-3F72E86B17CE}) (Version: 23.1.7.6 - Intuit)
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5978 - Realtek Semiconductor Corp.)
RoboForm 7-9-10-1 (All Users) (HKLM-x32\...\AI RoboForm) (Version: 7-9-10-1 - Siber Systems)
Security Innovation TSS (Version: 2.1.42 - Security Innovation) Hidden
Self-service Plug-in (x32 Version: 3.2.0.24226 - Citrix Systems, Inc.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0057-0000-1000-0000000FF1CE}_Office14.VISIOR_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SPBA (WBF) 5.9 (Version: 5.9.7.7232 - Authentec Inc.) Hidden
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0041 - ST Microelectronics)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-71547050-2547732492-773883006-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\ASAP Consulting\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

26-10-2014 15:53:35 Windows Update
27-10-2014 15:23:37 Norton_Power_Eraser_20141027092334395
27-10-2014 17:16:07 Norton_Power_Eraser_20141027111541934
28-10-2014 12:55:13 Windows Backup

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2014-10-28 16:52 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A454D4F-B417-4C2A-A9E6-6F5D070F97DD} - System32\Tasks\Norton Security Suite\Norton Error Processor => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {14594FBF-0913-45D8-90D3-B34A7BF70B34} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\My Dell\uaclauncher.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {1AAAC2FE-43DD-43A0-947A-57FAEA781A0D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-17] (Adobe Systems Incorporated)
Task: {3805E1F5-BE8B-4CF6-AD27-EBBF441C6351} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {3D746F90-78A7-48C3-9C9C-77B9F44F0FCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)
Task: {48904CBE-CA92-4774-A0D9-312B7033D4DC} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {6B9F91C5-27DA-4F46-8B18-AB840EC6AC3E} - System32\Tasks\Dell\Client System Update => C:\Program Files (x86)\Dell\ClientSystemUpdate\DellClientSystemUpdate.exe [2012-10-11] (Dell Inc.)
Task: {6E361D90-B346-4A76-88A7-BC6E059CDC87} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {777D07E6-174A-4D17-A893-7AF89C3DDB6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {7EF26DB4-E9E2-494A-9B97-70E5FAEF81E9} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-08-25] (Apple Inc.)
Task: {919C6D3B-5A58-48FA-8DC6-7B5162FDE0F5} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMKJHMGMMMJJJJMJNMCNJJNMHMLMCNLMMJLJNMCNHMGMMMLMCNNJOMKMNJJMOMJJOJLJKJMMNJJNJICMIMCNGMCNOMPMFMOMPMCNPMCNGMNMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMMJBJKJLIMJFMMMPMLMJNHICMMJBJKJLIMJJNBJCMOLMKOLPKPNMLAJBJMIKIDJLIGJBJIJJNKJCMJNNICMJNDJCMKJBJJNMJCMPMFMGMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
Task: {A53607BD-BE38-4F34-8AFC-6519E90BD840} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-09-25] (Microsoft Corporation)
Task: {B41E0715-2096-4807-AF17-9972B36F7549} - System32\Tasks\Norton Security Suite\Norton Error Analyzer => C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {B5CFEBF6-39C1-4603-B940-ABC6E1980487} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2014-10-17] (Siber Systems)
Task: {BE36CB87-0BD0-44F3-82A8-67470D12C2FB} - System32\Tasks\Microsoft Office 15 Sync Maintenance for ASAPConsulting-ASAP Consulting ASAPConsulting => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-16] (Microsoft Corporation)
Task: {C84DFB7B-042D-4C22-8776-5B6FE4C218F7} - System32\Tasks\{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} => C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe
Task: {CFBD5273-71BA-486C-B394-2947661854F7} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {DE7C0F05-1FE6-4341-A008-02AFF6948B09} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: {ECA76F24-0223-42E1-9742-A2C0316A4CBB} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {F7ECE9D5-9868-418A-9EB8-8112CDAC3039} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\My Dell\sessionchecker.exe [2014-01-10] (PC-Doctor, Inc.)
Task: {FEE21177-FF13-4014-B376-1CC879B8B924} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-08-21] (Google Inc.)
Task: {FF49DB9D-98A6-4EDA-8EEA-43DCB7A54F9B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-08-26] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-10-31 22:52 - 2013-10-31 22:52 - 00051040 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DellMgmtNP.dll
2014-02-26 14:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-08-22 16:44 - 2014-09-09 08:59 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00230752 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2013-10-31 22:52 - 2013-10-31 22:52 - 00352096 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00025440 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00081760 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 02162016 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-02-28 11:32 - 2005-04-21 22:36 - 00143360 ____R () C:\Windows\system32\BrSNMP64.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00061280 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00066912 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00034656 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00130400 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 00635232 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00862048 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00700768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2013-10-31 22:52 - 2013-10-31 22:52 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2013-10-31 22:51 - 2013-10-31 22:51 - 01483104 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-09-22 14:30 - 2014-09-22 14:30 - 00548488 _____ () C:\Program Files (x86)\Constant Guard Protection Suite\sqlite3.DLL
2014-02-04 00:42 - 2014-02-04 00:42 - 00269128 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_regex-vc90-mt-p-1_33.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00021320 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBCompressor.dll
2005-07-20 00:18 - 2005-07-20 00:18 - 00059904 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\zlib1.dll
2014-02-04 00:42 - 2014-02-04 00:42 - 00348488 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\BackupLib.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00126792 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\QBMAPILibrary.dll
2014-02-04 00:42 - 2014-02-04 00:42 - 00176968 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\boost_serialization-vc90-mt-p-1_33.dll
2014-02-04 00:43 - 2014-02-04 00:43 - 00042824 _____ () C:\Program Files (x86)\Intuit\QuickBooks 2011\mbpopup.dll
2014-06-17 06:38 - 2014-09-23 06:59 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-02-28 11:31 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-09-25 06:49 - 2014-09-25 06:49 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () C:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-10-26 01:49 - 2013-07-01 20:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3204
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3256
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3357
AlternateDataStreams: C:\Users\ASAP Consulting\Documents\launch.ica:icasource

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CMGShield => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-71547050-2547732492-773883006-500 - Administrator - Disabled)
ASAP Consulting (S-1-5-21-71547050-2547732492-773883006-1000 - Administrator - Enabled) => C:\Users\ASAP Consulting
Bill Craig (S-1-5-21-71547050-2547732492-773883006-1003 - Administrator - Enabled) => C:\Users\Bill Craig
Guest (S-1-5-21-71547050-2547732492-773883006-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-71547050-2547732492-773883006-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (10/29/2014 00:26:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/29/2014 00:23:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:37:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:37:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:37:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (10/28/2014 08:31:40 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 08:31:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle

Error: (10/28/2014 08:31:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: An unexpected error has occured in "QuickBooks":
Returning NULL QBWinInstance Handle


System errors:
=============
Error: (10/28/2014 08:31:29 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 08:31:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 08:31:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 08:31:12 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 08:30:41 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 05:12:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 05:12:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 05:12:40 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 05:12:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0

Error: (10/28/2014 05:11:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Security Innovation TCS service depends on the TPM Base Services service which failed to start because of the following error:
%%0


Microsoft Office Sessions:
=========================
Error: (10/29/2014 00:26:19 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (10/29/2014 00:23:37 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\program files (x86)\ESET\eset online scanner\ESETSmartInstaller.exe

Error: (10/28/2014 08:37:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ASAP Consulting\Desktop\esetsmartinstaller_enu.exe

Error: (10/28/2014 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ASAP Consulting\Desktop\esetsmartinstaller_enu.exe

Error: (10/28/2014 08:37:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ASAP Consulting\Desktop\esetsmartinstaller_enu.exe

Error: (10/28/2014 08:37:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ASAP Consulting\Desktop\esetsmartinstaller_enu.exe

Error: (10/28/2014 08:37:12 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\ASAP Consulting\Downloads\esetsmartinstaller_enu.exe

Error: (10/28/2014 08:31:40 PM) (Source: IDVault) (EventID: 0) (User: )
Description: Interaction with the desktop is required. Enable desktop interaction flag in Properties->Log On.

Error: (10/28/2014 08:31:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle

Error: (10/28/2014 08:31:17 PM) (Source: QuickBooks) (EventID: 4) (User: )
Description: QuickBooksReturning NULL QBWinInstance Handle


CodeIntegrity Errors:
===================================
  Date: 2014-10-28 16:51:07.601
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-10-28 16:51:07.550
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™ i3-4010U CPU @ 1.70GHz
Percentage of memory in use: 63%
Total physical RAM: 4001.58 MB
Available physical RAM: 1465.52 MB
Total Pagefile: 8001.34 MB
Available Pagefile: 4722.71 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:453.96 GB) (Free:276.15 GB) NTFS

==================== MBR & Partition Table ==================

==================== End Of Log ============================



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 29 October 2014 - 06:15 AM

One more check:

Step 1

Please download TDSStdsskiller.pngiller and save it to your Desktop.
  • Start tdsskiller.exe with administrator privileges.
  • Accept the EULA and the KSN Statement.
  • Click on Change parameters.
  • Make sure that all available options (except "Loaded modules") are checked and click OK.
  • Click on Start scan.
  • If any threats are found don't delete them but choose the Skip option for all of them.
  • Click on Report to open the log file. (It is also saved at C:\TDSSKiller.<version_date_time>_log.txt).
    Copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 alfadreamer1

alfadreamer1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 29 October 2014 - 08:21 AM

Deeprybka,

Thanks again for your help.  I have run TDSSKiller and the log is pasted below.

 

07:15:28.0479 0x1ae8  TDSS rootkit removing tool 3.0.0.41 Oct 28 2014 17:58:34
07:15:34.0328 0x1ae8  ============================================================
07:15:34.0328 0x1ae8  Current date / time: 2014/10/29 07:15:34.0328
07:15:34.0328 0x1ae8  SystemInfo:
07:15:34.0328 0x1ae8  
07:15:34.0328 0x1ae8  OS Version: 6.1.7601 ServicePack: 1.0
07:15:34.0328 0x1ae8  Product type: Workstation
07:15:34.0329 0x1ae8  ComputerName: ASAPCONSULTING
07:15:34.0329 0x1ae8  UserName: ASAP Consulting
07:15:34.0329 0x1ae8  Windows directory: C:\Windows
07:15:34.0329 0x1ae8  System windows directory: C:\Windows
07:15:34.0329 0x1ae8  Running under WOW64
07:15:34.0329 0x1ae8  Processor architecture: Intel x64
07:15:34.0329 0x1ae8  Number of processors: 4
07:15:34.0329 0x1ae8  Page size: 0x1000
07:15:34.0329 0x1ae8  Boot type: Normal boot
07:15:34.0329 0x1ae8  ============================================================
07:15:35.0450 0x1ae8  KLMD registered as C:\Windows\system32\drivers\35531166.sys
07:15:35.0742 0x1ae8  System UUID: {04F2DC45-8C1D-991C-C1D0-C748B3E415E9}
07:15:36.0164 0x1ae8  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 ( 465.76 Gb ), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:15:36.0169 0x1ae8  ============================================================
07:15:36.0169 0x1ae8  \Device\Harddisk0\DR0:
07:15:36.0169 0x1ae8  MBR partitions:
07:15:36.0169 0x1ae8  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1785000
07:15:36.0169 0x1ae8  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1799000, BlocksNum 0x38BEC800
07:15:36.0169 0x1ae8  ============================================================
07:15:36.0171 0x1ae8  C: <-> \Device\Harddisk0\DR0\Partition2
07:15:36.0172 0x1ae8  ============================================================
07:15:36.0172 0x1ae8  Initialize success
07:15:36.0172 0x1ae8  ============================================================
07:16:06.0391 0x0a80  ============================================================
07:16:06.0391 0x0a80  Scan started
07:16:06.0391 0x0a80  Mode: Manual;
07:16:06.0391 0x0a80  ============================================================
07:16:06.0391 0x0a80  KSN ping started
07:16:09.0656 0x0a80  KSN ping finished: true
07:16:14.0695 0x0a80  ================ Scan system memory ========================
07:16:14.0695 0x0a80  System memory - ok
07:16:14.0695 0x0a80  ================ Scan services =============================
07:16:16.0006 0x0a80  [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:16:16.0006 0x0a80  1394ohci - ok
07:16:16.0068 0x0a80  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:16:16.0099 0x0a80  ACPI - ok
07:16:16.0131 0x0a80  [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
07:16:16.0131 0x0a80  AcpiPmi - ok
07:16:16.0271 0x0a80  [ C5679E5186B2FC95BC76A8A9870D5456, 70AC61850B811A0A902532F098AE1D5DF4622455E56C78B89D4ABDBE4A061A48 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:16:16.0287 0x0a80  AdobeARMservice - ok
07:16:18.0814 0x0a80  [ 2637233632CCD1837A1A57A43CAF00A4, 848026C6C9B38FD9F70BC7B2306BF4F5DD395726D4FDD6A18B29354921191DC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
07:16:18.0829 0x0a80  AdobeFlashPlayerUpdateSvc - ok
07:16:18.0876 0x0a80  [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
07:16:18.0892 0x0a80  adp94xx - ok
07:16:18.0970 0x0a80  [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci         C:\Windows\system32\drivers\adpahci.sys
07:16:18.0985 0x0a80  adpahci - ok
07:16:19.0001 0x0a80  [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
07:16:19.0017 0x0a80  adpu320 - ok
07:16:19.0048 0x0a80  [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
07:16:19.0048 0x0a80  AeLookupSvc - ok
07:16:19.0141 0x0a80  [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD             C:\Windows\system32\drivers\afd.sys
07:16:19.0157 0x0a80  AFD - ok
07:16:19.0188 0x0a80  [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440          C:\Windows\system32\drivers\agp440.sys
07:16:19.0204 0x0a80  agp440 - ok
07:16:19.0235 0x0a80  [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG             C:\Windows\System32\alg.exe
07:16:19.0235 0x0a80  ALG - ok
07:16:19.0282 0x0a80  [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:16:19.0282 0x0a80  aliide - ok
07:16:19.0329 0x0a80  [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide          C:\Windows\system32\drivers\amdide.sys
07:16:19.0329 0x0a80  amdide - ok
07:16:19.0407 0x0a80  [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8           C:\Windows\system32\drivers\amdk8.sys
07:16:19.0422 0x0a80  AmdK8 - ok
07:16:19.0438 0x0a80  [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:16:19.0438 0x0a80  AmdPPM - ok
07:16:19.0500 0x0a80  [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
07:16:19.0500 0x0a80  amdsata - ok
07:16:19.0594 0x0a80  [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:16:19.0609 0x0a80  amdsbs - ok
07:16:19.0625 0x0a80  [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata         C:\Windows\system32\drivers\amdxata.sys
07:16:19.0625 0x0a80  amdxata - ok
07:16:19.0672 0x0a80  [ E531B633B2C92F8E09122BA20E31CE86, 74E492BC12A8AC15AB0ABED3EFE9A6F09CCE53EF53C08104EC74CE523F8DC959 ] AntiLog32       C:\Windows\system32\drivers\AntiLog64.sys
07:16:19.0687 0x0a80  AntiLog32 - ok
07:16:19.0765 0x0a80  [ 8F67421782B5D818247AA559718D664B, 1394FC821EDF9AB9A9738678A156B0C31E0B383BE2043EF677B7B1F0C99CC167 ] ApfiltrService  C:\Windows\system32\DRIVERS\Apfiltr.sys
07:16:19.0797 0x0a80  ApfiltrService - ok
07:16:19.0859 0x0a80  [ 80B9412C4DE09147581FC935FB4C97AB, 0C9661F7B5EF7F9D61981790B7AB64E3375BD117962166619D0CC546A2D014D3 ] AppID           C:\Windows\system32\drivers\appid.sys
07:16:19.0859 0x0a80  AppID - ok
07:16:19.0875 0x0a80  [ F71CA01C24FC3798A717B5A6F682F9AD, 8CF1C209E7BBBAD02D6D087293C0B681CDA3170AF119CA2916C2708D8801E749 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:16:19.0875 0x0a80  AppIDSvc - ok
07:16:19.0906 0x0a80  [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo         C:\Windows\System32\appinfo.dll
07:16:19.0921 0x0a80  Appinfo - ok
07:16:20.0015 0x0a80  [ 608D6A90E989C6522F170E5526A64BF4, 36EDD07DF6BD2D20121F63CF720C289FCCF7C53574D37F99C2F9ED68298D655B ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
07:16:20.0015 0x0a80  Apple Mobile Device - ok
07:16:20.0109 0x0a80  [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt         C:\Windows\System32\appmgmts.dll
07:16:20.0109 0x0a80  AppMgmt - ok
07:16:20.0155 0x0a80  [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc             C:\Windows\system32\drivers\arc.sys
07:16:20.0171 0x0a80  arc - ok
07:16:20.0202 0x0a80  [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:16:20.0218 0x0a80  arcsas - ok
07:16:20.0795 0x0a80  [ 9A262EDD17F8473B91B333D6B031A901, 05DFBD3A7D83FDE1D062EA719ACA9EC48CB7FD42D17DDD88B82E5D25469ADD23 ] aspnet_state    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
07:16:21.0029 0x0a80  aspnet_state - ok
07:16:21.0060 0x0a80  [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:16:21.0076 0x0a80  AsyncMac - ok
07:16:21.0138 0x0a80  [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi           C:\Windows\system32\drivers\atapi.sys
07:16:21.0154 0x0a80  atapi - ok
07:16:21.0185 0x0a80  [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:16:21.0216 0x0a80  AudioEndpointBuilder - ok
07:16:21.0232 0x0a80  [ 2C1B6A64294F2182DC4999F923873974, 6D611636D849631BB1F852DC03A98BBFEC4D797A2707CA63427E187F0725A796 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:16:21.0247 0x0a80  AudioSrv - ok
07:16:21.0403 0x0a80  [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:16:21.0419 0x0a80  AxInstSV - ok
07:16:21.0544 0x0a80  [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv         C:\Windows\system32\drivers\bxvbda.sys
07:16:21.0544 0x0a80  b06bdrv - ok
07:16:21.0622 0x0a80  [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:16:21.0622 0x0a80  b57nd60a - ok
07:16:21.0637 0x0a80  [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:16:21.0637 0x0a80  BDESVC - ok
07:16:21.0653 0x0a80  [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:16:21.0669 0x0a80  Beep - ok
07:16:21.0762 0x0a80  [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE             C:\Windows\System32\bfe.dll
07:16:21.0793 0x0a80  BFE - ok
07:16:22.0121 0x0a80  [ D90F5136CB6512B2B9A855C94F79B0B5, 7E2FFDF2B1147E25EA2530DB55667352116EE676D0B6F76ED4C6FEAFC88AB5D4 ] BHDrvx64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys
07:16:22.0199 0x0a80  BHDrvx64 - ok
07:16:22.0324 0x0a80  [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS            C:\Windows\system32\qmgr.dll
07:16:22.0495 0x0a80  BITS - ok
07:16:22.0511 0x0a80  [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
07:16:22.0511 0x0a80  blbdrive - ok
07:16:22.0667 0x0a80  [ E7429ECD0C47CC065EEACF7E9D0E6341, 10D8231E14C908A0949108EB5F84E17BA10ABFC370D0C5F65945B23879AB12BF ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
07:16:22.0714 0x0a80  Bluetooth Device Monitor - ok
07:16:22.0776 0x0a80  [ 0F432B34D80351EFC5E35F14D9798CFD, 591D913E069C1C69212A7742D7182E24E669FE7B50680D8D337F32CF9F72B163 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
07:16:22.0823 0x0a80  Bluetooth Media Service - ok
07:16:22.0963 0x0a80  [ 96924B1D3060B0C0FFD77D01CB234D9F, 2A02EEC4092646A0BD26B8E8BA8B75F82EB6F46003C56C9A838E412006457DD2 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
07:16:22.0995 0x0a80  Bluetooth OBEX Service - ok
07:16:23.0073 0x0a80  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD, 17BFFC5DF609CE3B2F0CAB4BD6C118608C66A3AD86116A47E90B2BB7D8954122 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
07:16:23.0088 0x0a80  Bonjour Service - ok
07:16:23.0104 0x0a80  [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:16:23.0119 0x0a80  bowser - ok
07:16:23.0151 0x0a80  [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:16:23.0151 0x0a80  BrFiltLo - ok
07:16:23.0151 0x0a80  [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:16:23.0151 0x0a80  BrFiltUp - ok
07:16:23.0244 0x0a80  [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
07:16:23.0244 0x0a80  BridgeMP - ok
07:16:23.0260 0x0a80  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser         C:\Windows\System32\browser.dll
07:16:23.0275 0x0a80  Browser - ok
07:16:23.0291 0x0a80  [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
07:16:23.0291 0x0a80  Brserid - ok
07:16:23.0338 0x0a80  [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:16:23.0353 0x0a80  BrSerWdm - ok
07:16:23.0369 0x0a80  [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:16:23.0369 0x0a80  BrUsbMdm - ok
07:16:23.0400 0x0a80  [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:16:23.0416 0x0a80  BrUsbSer - ok
07:16:23.0525 0x0a80  [ EA7E57F87D6FEE5FD6C5F813C04E8CD2, 1EB84F4DEE3034FAFBEA2A3F84EECE036E803872DA94D54E958E9F2F09519E88 ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
07:16:23.0541 0x0a80  BrYNSvc - ok
07:16:23.0556 0x0a80  [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum         C:\Windows\system32\DRIVERS\BthEnum.sys
07:16:23.0556 0x0a80  BthEnum - ok
07:16:23.0572 0x0a80  [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:16:23.0572 0x0a80  BTHMODEM - ok
07:16:23.0587 0x0a80  [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
07:16:23.0587 0x0a80  BthPan - ok
07:16:23.0681 0x0a80  [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT         C:\Windows\system32\Drivers\BTHport.sys
07:16:23.0697 0x0a80  BTHPORT - ok
07:16:23.0806 0x0a80  [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv         C:\Windows\system32\bthserv.dll
07:16:23.0821 0x0a80  bthserv - ok
07:16:23.0821 0x0a80  [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
07:16:23.0821 0x0a80  BTHUSB - ok
07:16:23.0853 0x0a80  [ 5B8D71504FA8BFA308F6E1169B89D322, 1DC0CF47C5F655EA0F0992020C17A86D05637F55ACBB17380283EBB883A4D14D ] btmaux          C:\Windows\system32\DRIVERS\btmaux.sys
07:16:23.0853 0x0a80  btmaux - ok
07:16:23.0962 0x0a80  [ D66F3A4F11E42142722DCF9DC5A451D6, 6576421E24ABB4F0A7B5EFB5CF6F9C6F510AFDD0087415D57A5ABBB0866B3E39 ] btmhsf          C:\Windows\system32\DRIVERS\btmhsf.sys
07:16:24.0024 0x0a80  btmhsf - ok
07:16:24.0851 0x0a80  [ 517C6E87783377105111CCE1EECF59B6, 7A92959F4B946A4D5942D48969E54BE09319FF1143B5716699A9E4FBC3CB76A7 ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
07:16:25.0147 0x0a80  CarboniteService - ok
07:16:25.0147 0x0a80  catchme - ok
07:16:25.0272 0x0a80  [ 0510396A957E9FD7205BA62D3CAE4528, C80C39EB3A87C5111132E96E966CF74ACABA36DE7714B545A707027D35995792 ] ccSet_N360      C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys
07:16:25.0272 0x0a80  ccSet_N360 - ok
07:16:25.0272 0x0a80  [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:16:25.0288 0x0a80  cdfs - ok
07:16:25.0350 0x0a80  [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
07:16:25.0350 0x0a80  cdrom - ok
07:16:25.0366 0x0a80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc     C:\Windows\System32\certprop.dll
07:16:25.0366 0x0a80  CertPropSvc - ok
07:16:25.0381 0x0a80  [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass        C:\Windows\system32\drivers\circlass.sys
07:16:25.0381 0x0a80  circlass - ok
07:16:25.0444 0x0a80  [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS            C:\Windows\system32\CLFS.sys
07:16:25.0459 0x0a80  CLFS - ok
07:16:26.0052 0x0a80  [ 871EEE78F98D6E31C80FD39433A8FE2F, 67602F597FADA1E7102BC373287A4A78339E057D37FCEAD0B2502F70450EC7CE ] ClickToRunSvc   C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
07:16:26.0193 0x0a80  ClickToRunSvc - ok
07:16:26.0489 0x0a80  [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:16:26.0489 0x0a80  clr_optimization_v2.0.50727_32 - ok
07:16:26.0754 0x0a80  [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:16:26.0817 0x0a80  clr_optimization_v2.0.50727_64 - ok
07:16:27.0846 0x0a80  [ E87213F37A13E2B54391E40934F071D0, 7EB221127EFB5BF158FB03D18EFDA2C55FB6CE3D1A1FE69C01D70DBED02C87E5 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:16:28.0657 0x0a80  clr_optimization_v4.0.30319_32 - ok
07:16:28.0704 0x0a80  [ 4AEDAB50F83580D0B4D6CF78191F92AA, D113C47013B018B45161911B96E93AF96A2F3B34FA47061BF6E7A71FBA03194A ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:16:29.0079 0x0a80  clr_optimization_v4.0.30319_64 - ok
07:16:29.0141 0x0a80  [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
07:16:29.0141 0x0a80  CmBatt - ok
07:16:29.0157 0x0a80  [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:16:29.0157 0x0a80  cmdide - ok
07:16:29.0219 0x0a80  [ CC9D2E4577A0385591E177C858C5613A, 953041280C4112FB4B8147405DAE5A113AD729B73AFD4714BF6A14CC519AC682 ] cmgfve          C:\Windows\system32\Drivers\cmgfve.sys
07:16:29.0235 0x0a80  cmgfve - ok
07:16:29.0250 0x0a80  [ E61512876474B3141D28999C8CA8FAAE, 0860E3B517CBD4FD5B8D3CC0A08A628B411DFC09FF5EDC723211D427F6FD602B ] CmgHiber        C:\Windows\system32\DRIVERS\CmgHiber.sys
07:16:29.0266 0x0a80  CmgHiber - ok
07:16:29.0297 0x0a80  [ 6D2D21B68B028136BF35DEBB6CD1451D, CE7A644C572E08363D74343D1571F0722E7F6BDA0289B036538BBE3BCEBD089B ] CmgPCS          C:\Windows\system32\DRIVERS\CmgPCS.sys
07:16:29.0297 0x0a80  CmgPCS - ok
07:16:29.0983 0x0a80  [ F1BEBC9475D00AFDD726F417A3BF4823, A1D6E7B4A1669D4DC6FDBD3BFBA9B3F83302D6A7651273523F29FAA7E47B122D ] CMGShield       C:\Windows\system32\CmgShieldSvc.exe
07:16:30.0202 0x0a80  CMGShield - ok
07:16:30.0280 0x0a80  [ DD1D757E5AEF11F00A0348910ABD5676, 97A7C17B92A9EDD3CB52FC4C0633B72A50D9295251A408FB3322D614F45B1817 ] CmgShieldFFE    C:\Windows\system32\DRIVERS\CmgFFE.sys
07:16:30.0311 0x0a80  CmgShieldFFE - ok
07:16:30.0358 0x0a80  [ A6511CD2E7519E437634DC4A64F6B43A, F80AF04E3AF41499739C46F2415934BE27AB9DAB9D1CB37DDB95FDB005D2E2C8 ] CMGShieldReg    C:\Windows\system32\DRIVERS\CmgShREG.sys
07:16:30.0373 0x0a80  CMGShieldReg - ok
07:16:30.0467 0x0a80  [ EBF28856F69CF094A902F884CF989706, AD6C9F0BC20AA49EEE5478DA0F856F0EA2B414B63208C5FFB03C9D7F5B59765F ] CNG             C:\Windows\system32\Drivers\cng.sys
07:16:30.0498 0x0a80  CNG - ok
07:16:30.0529 0x0a80  [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
07:16:30.0545 0x0a80  Compbatt - ok
07:16:30.0592 0x0a80  [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
07:16:30.0592 0x0a80  CompositeBus - ok
07:16:30.0607 0x0a80  COMSysApp - ok
07:16:32.0573 0x0a80  [ 92FDA1F76A70305173C8586F748315B1, 9078DEB87C0FA1D0418F3A1633F8FB0BF69D89444ABCD3B4F54A96A67793942A ] cphs            C:\Windows\SysWow64\IntelCpHeciSvc.exe
07:16:32.0589 0x0a80  cphs - ok
07:16:32.0620 0x0a80  [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
07:16:32.0620 0x0a80  crcdisk - ok
07:16:32.0698 0x0a80  [ EA7750DDCFC6733B6F915FA3268889F4, C525DFBB5E4E9BD3818AA3B2520BBA468A673F00C7AEFE165D164C43219D2C78 ] CredFltL        C:\Windows\system32\DRIVERS\CredFltL.sys
07:16:32.0698 0x0a80  CredFltL - ok
07:16:32.0729 0x0a80  [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:16:32.0745 0x0a80  CryptSvc - ok
07:16:32.0807 0x0a80  [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC             C:\Windows\system32\drivers\csc.sys
07:16:32.0823 0x0a80  CSC - ok
07:16:32.0854 0x0a80  [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService      C:\Windows\System32\cscsvc.dll
07:16:32.0869 0x0a80  CscService - ok
07:16:32.0901 0x0a80  [ 58CB536DA016641C9D24D183197F6DBF, 59B2EB716CCD45928517FF6254D95609BE5C3E40E08FC9EFEF88104DF91363C9 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
07:16:32.0901 0x0a80  CtClsFlt - ok
07:16:32.0947 0x0a80  [ F02D7FD231AF76C69A8F09C619DEE384, 8A491BB0BFBD99804262A23E2687C58323A4042748CF201A32E35079FEDAF218 ] ctxusbm         C:\Windows\system32\DRIVERS\ctxusbm.sys
07:16:32.0963 0x0a80  ctxusbm - ok
07:16:33.0025 0x0a80  DBUtil_2_3 - ok
07:16:33.0150 0x0a80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:16:33.0166 0x0a80  DcomLaunch - ok
07:16:33.0213 0x0a80  [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc       C:\Windows\System32\defragsvc.dll
07:16:33.0228 0x0a80  defragsvc - ok
07:16:33.0228 0x0a80  Dell.PowerManager.Service - ok
07:16:33.0462 0x0a80  [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
07:16:33.0478 0x0a80  DellDigitalDelivery - ok
07:16:33.0556 0x0a80  [ 7C7BD9AB826FE01746F36F25FFA9CC21, EE55E43FDAA1023E6C5D32B8F2AAFF20FB7698C438A873F0E1514AD97D220354 ] DellEntitlement C:\Program Files\Dell\Dell Data Protection\EntitlementService.exe
07:16:33.0571 0x0a80  DellEntitlement - ok
07:16:33.0759 0x0a80  [ 99833271B850DA8875CBCC299443A482, E5470740C4544DD7A81BF22A9A36C1525C9FAB26E46D8547EC921BDEE36F1673 ] DellMgmtAgent   C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
07:16:33.0774 0x0a80  DellMgmtAgent - ok
07:16:33.0805 0x0a80  [ 9B36323D073F3A22E0290D97E25853BF, 5A86C8706D542DAA92C8728CCDC0C67DC24D94F46DED86D10D323356FAB0E1EF ] DellMgmtLoader  C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
07:16:33.0805 0x0a80  DellMgmtLoader - ok
07:16:33.0821 0x0a80  [ C56AB49FA5780198C6A2BB0E7CF24753, 0F2242C4C093D55295E5E2AAA320C726DF6B21F4EB7FE734A6C0DA27FF09416C ] DellMgmtServer  C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
07:16:33.0821 0x0a80  DellMgmtServer - ok
07:16:33.0852 0x0a80  [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:16:33.0852 0x0a80  DfsC - ok
07:16:33.0915 0x0a80  [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:16:33.0915 0x0a80  Dhcp - ok
07:16:33.0946 0x0a80  [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache        C:\Windows\system32\drivers\discache.sys
07:16:33.0961 0x0a80  discache - ok
07:16:34.0009 0x0a80  [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk            C:\Windows\system32\drivers\disk.sys
07:16:34.0009 0x0a80  Disk - ok
07:16:34.0040 0x0a80  [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc           C:\Windows\system32\drivers\dmvsc.sys
07:16:34.0056 0x0a80  dmvsc - ok
07:16:34.0103 0x0a80  [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:16:34.0118 0x0a80  Dnscache - ok
07:16:34.0181 0x0a80  [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc         C:\Windows\System32\dot3svc.dll
07:16:34.0196 0x0a80  dot3svc - ok
07:16:34.0228 0x0a80  [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS             C:\Windows\system32\dps.dll
07:16:34.0243 0x0a80  DPS - ok
07:16:34.0259 0x0a80  [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
07:16:34.0274 0x0a80  drmkaud - ok
07:16:34.0384 0x0a80  [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
07:16:34.0399 0x0a80  DXGKrnl - ok
07:16:34.0446 0x0a80  [ 1F752AB59020CB09843462AD834E6BD9, 57951BB33A87B93BFD81B43E756A2E948320EA67FBBB307ABE5A84D3D5BDB186 ] e1dexpress      C:\Windows\system32\DRIVERS\e1d62x64.sys
07:16:34.0446 0x0a80  e1dexpress - ok
07:16:34.0477 0x0a80  [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost         C:\Windows\System32\eapsvc.dll
07:16:34.0493 0x0a80  EapHost - ok
07:16:34.0774 0x0a80  [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv           C:\Windows\system32\drivers\evbda.sys
07:16:34.0914 0x0a80  ebdrv - ok
07:16:35.0054 0x0a80  [ 03E1B8BA59327D186C7C533A6998FEF9, 224937A697B55BD9CCD790771DBE9D135021AD1DC3E6D6AC7C431C56F0FFBBB5 ] eeCtrl          C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
07:16:35.0086 0x0a80  eeCtrl - ok
07:16:35.0117 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] EFS             C:\Windows\System32\lsass.exe
07:16:35.0117 0x0a80  EFS - ok
07:16:35.0257 0x0a80  [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
07:16:35.0288 0x0a80  ehRecvr - ok
07:16:35.0335 0x0a80  [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched         C:\Windows\ehome\ehsched.exe
07:16:35.0335 0x0a80  ehSched - ok
07:16:35.0476 0x0a80  [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
07:16:35.0507 0x0a80  elxstor - ok
07:16:35.0788 0x0a80  [ 7360E6E0046F9549EED0EB2783BBBFA3, 3883D75DCF29BFC1CED685C686A853E7F2387D5A5CFDB1C43B86818D599D7841 ] EMS             C:\Windows\system32\EMSService.exe
07:16:35.0897 0x0a80  EMS - ok
07:16:35.0944 0x0a80  [ 142EA7DF1851C563571F2DCFC7AFBB40, 14DE008B68D127F246A64290DFCBD7ECDE8FF7932B3BAE660EB131860E826EAD ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
07:16:35.0944 0x0a80  EraserUtilRebootDrv - ok
07:16:35.0944 0x0a80  [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:16:35.0944 0x0a80  ErrDev - ok
07:16:36.0053 0x0a80  [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem     C:\Windows\system32\es.dll
07:16:36.0100 0x0a80  EventSystem - ok
07:16:36.0287 0x0a80  [ 7876CB89775B67347797E04775B2FAF9, F62D2778F7399B04E3A0DDE2E87428AB92D9FA63FBDF943709BC38A94F0015E6 ] EvtEng          C:\Program Files\Intel\WiFi\bin\EvtEng.exe
07:16:36.0318 0x0a80  EvtEng - ok
07:16:36.0334 0x0a80  [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat           C:\Windows\system32\drivers\exfat.sys
07:16:36.0349 0x0a80  exfat - ok
07:16:36.0365 0x0a80  [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
07:16:36.0365 0x0a80  fastfat - ok
07:16:36.0490 0x0a80  [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax             C:\Windows\system32\fxssvc.exe
07:16:36.0505 0x0a80  Fax - ok
07:16:36.0552 0x0a80  [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc             C:\Windows\system32\drivers\fdc.sys
07:16:36.0552 0x0a80  fdc - ok
07:16:36.0583 0x0a80  [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost         C:\Windows\system32\fdPHost.dll
07:16:36.0599 0x0a80  fdPHost - ok
07:16:36.0614 0x0a80  [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:16:36.0614 0x0a80  FDResPub - ok
07:16:36.0646 0x0a80  [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:16:36.0661 0x0a80  FileInfo - ok
07:16:36.0692 0x0a80  [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
07:16:36.0692 0x0a80  Filetrace - ok
07:16:36.0755 0x0a80  [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:16:36.0755 0x0a80  flpydisk - ok
07:16:36.0817 0x0a80  [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:16:36.0833 0x0a80  FltMgr - ok
07:16:37.0098 0x0a80  [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache       C:\Windows\system32\FntCache.dll
07:16:37.0207 0x0a80  FontCache - ok
07:16:37.0270 0x0a80  [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:16:37.0285 0x0a80  FontCache3.0.0.0 - ok
07:16:37.0285 0x0a80  [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
07:16:37.0301 0x0a80  FsDepends - ok
07:16:37.0363 0x0a80  [ B16B626996C74B564005BA855C5DEE90, B432C669EB610C262B18F3F8308EEE1B910DE7F7BC2A8EB5483419DC52A07AE1 ] fssfltr         C:\Windows\system32\DRIVERS\fssfltr.sys
07:16:37.0379 0x0a80  fssfltr - ok
07:16:37.0706 0x0a80  [ 812E1BA5C52A78F13EA6AA10DF708B1D, CF1C4D8E072CF0D66C977DFA4C852E5CE757843BEAF5D29454D26A9AC5766E61 ] fsssvc          C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
07:16:37.0831 0x0a80  fsssvc - ok
07:16:37.0847 0x0a80  [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:16:37.0847 0x0a80  Fs_Rec - ok
07:16:37.0909 0x0a80  [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:16:37.0925 0x0a80  fvevol - ok
07:16:38.0018 0x0a80  [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:16:38.0018 0x0a80  gagp30kx - ok
07:16:38.0050 0x0a80  [ 8E98D21EE06192492A5671A6144D092F, B8F656B34D361EA5AFB47F3A67AB2221580DADA59C8CD0CB83181E4AD8B562B4 ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
07:16:38.0050 0x0a80  GEARAspiWDM - ok
07:16:38.0096 0x0a80  [ C97344009FFAA1078190A94AEAD938BC, E70F9F76E5E9EC74C41478F77E56A8940ACEDA564F9AA0647EF93ECC3BC6CD1E ] GemCCID         C:\Windows\system32\DRIVERS\GemCCID.sys
07:16:38.0112 0x0a80  GemCCID - ok
07:16:38.0252 0x0a80  [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc           C:\Windows\System32\gpsvc.dll
07:16:38.0284 0x0a80  gpsvc - ok
07:16:38.0440 0x0a80  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:16:38.0440 0x0a80  gupdate - ok
07:16:38.0455 0x0a80  [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
07:16:38.0455 0x0a80  gupdatem - ok
07:16:38.0564 0x0a80  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
07:16:38.0611 0x0a80  gusvc - ok
07:16:38.0658 0x0a80  [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:16:38.0658 0x0a80  hcw85cir - ok
07:16:38.0674 0x0a80  [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:16:38.0674 0x0a80  HDAudBus - ok
07:16:38.0720 0x0a80  [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt         C:\Windows\system32\drivers\HidBatt.sys
07:16:38.0720 0x0a80  HidBatt - ok
07:16:38.0736 0x0a80  [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:16:38.0736 0x0a80  HidBth - ok
07:16:38.0752 0x0a80  [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr           C:\Windows\system32\drivers\hidir.sys
07:16:38.0752 0x0a80  HidIr - ok
07:16:38.0798 0x0a80  [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv         C:\Windows\System32\hidserv.dll
07:16:38.0798 0x0a80  hidserv - ok
07:16:38.0861 0x0a80  [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:16:38.0861 0x0a80  HidUsb - ok
07:16:38.0892 0x0a80  [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:16:38.0892 0x0a80  hkmsvc - ok
07:16:38.0939 0x0a80  [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:16:38.0954 0x0a80  HomeGroupListener - ok
07:16:38.0986 0x0a80  [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:16:39.0001 0x0a80  HomeGroupProvider - ok
07:16:39.0048 0x0a80  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:16:39.0064 0x0a80  HpSAMD - ok
07:16:39.0126 0x0a80  [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:16:39.0157 0x0a80  HTTP - ok
07:16:39.0204 0x0a80  [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:16:39.0204 0x0a80  hwpolicy - ok
07:16:39.0235 0x0a80  [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
07:16:39.0251 0x0a80  i8042prt - ok
07:16:39.0360 0x0a80  [ 7145F5E722BEC21E4F045009D6601647, 8043D1C9B56D8D11AE64976915670AD528F2F58B55C83C4CB10E9AC9502936DC ] iaStorA         C:\Windows\system32\drivers\iaStorA.sys
07:16:39.0376 0x0a80  iaStorA - ok
07:16:39.0500 0x0a80  [ E391A767447028A765D91B1438F1EA05, 26D46975CFEB0F5EC296D1BF57C1D94272E61906DB7AFF8708F68A8B01039A5A ] IAStorDataMgrSvc C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
07:16:39.0516 0x0a80  IAStorDataMgrSvc - ok
07:16:39.0547 0x0a80  [ AE48143F515F5F130900F885630FD4B3, 7945DA148689667F5F23DBB62A1D3162B3851C53B7CD511AE82B1ABF5182FAA0 ] iaStorF         C:\Windows\system32\drivers\iaStorF.sys
07:16:39.0547 0x0a80  iaStorF - ok
07:16:39.0656 0x0a80  [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
07:16:39.0672 0x0a80  iaStorV - ok
07:16:39.0719 0x0a80  [ 42AC8F419412AFEB326C411DB1753C2F, 949D99261207502D8CAB6715980D584018BE9EAFE15C0ACF7FDAD25121BD42B4 ] ibtusb          C:\Windows\system32\DRIVERS\ibtusb.sys
07:16:39.0719 0x0a80  ibtusb - ok
07:16:39.0859 0x0a80  [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:16:39.0890 0x0a80  idsvc - ok
07:16:40.0000 0x0a80  [ 77AC93E28B5F4DCE317EFA695E3F59E3, 57D510CEE1B777CFB52CECBAB43B0698A53B048B7E0C622473DEA9E03E2D9BEF ] IDSVia64        C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141028.001\IDSvia64.sys
07:16:40.0015 0x0a80  IDSVia64 - ok
07:16:40.0078 0x0a80  [ 053FA8AB3ACF75D5BFA08BB44B1DEB35, 8B602451B2C743B9FD4CB7C4D57BD019506FDDA782CCC447CD85E3AC5980341F ] IDVaultSvc      C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
07:16:40.0078 0x0a80  IDVaultSvc - ok
07:16:40.0265 0x0a80  [ A8603209615AFC99FB71C3A886A2ED4F, F99936C4E6459554BE3DCA317A9CA888F29ACFE8D5B37BC06192C57BF31BC3D9 ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:16:40.0421 0x0a80  igfx - ok
07:16:40.0468 0x0a80  [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
07:16:40.0483 0x0a80  iirsp - ok
07:16:40.0546 0x0a80  [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT          C:\Windows\System32\ikeext.dll
07:16:40.0561 0x0a80  IKEEXT - ok
07:16:40.0608 0x0a80  [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
07:16:40.0624 0x0a80  intaud_WaveExtensible - ok
07:16:40.0904 0x0a80  [ BD95CCAAE46277035098ED89BA26E660, 597CA284FC6FE44E65B5198958B010D31E5015B0609DAC9E00D59B02706CA48A ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
07:16:41.0060 0x0a80  IntcAzAudAddService - ok
07:16:41.0092 0x0a80  [ EEE7376243CD8A4B49B885EF122D25E5, A3B89E7B513C95558C4DA41D3C136D464381263BA43E00EC136FC776DAA0BA94 ] IntcDAud        C:\Windows\system32\DRIVERS\IntcDAud.sys
07:16:41.0107 0x0a80  IntcDAud - ok
07:16:41.0154 0x0a80  [ 0DB1E3F6189C628675F855C0EB510419, 989F539E82105019D2D81255369B96DC65826CD2A421DA09809155B26F69C555 ] Intel® Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
07:16:41.0170 0x0a80  Intel® Capability Licensing Service Interface - ok
07:16:41.0216 0x0a80  [ 492AAF2FF66F437F0E796574B116EFC3, 6BF21C61ED05705DD58203952A750D1AB4D4B62F3A2B640BBBD9B85D1ECC3E5C ] Intel® Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
07:16:41.0232 0x0a80  Intel® Capability Licensing Service TCP IP Interface - ok
07:16:41.0263 0x0a80  [ EA83415296F905D11651B9AF26FB7EBD, 0A37449E8EF0190A088720EE727EA46B7E8BE376801C4EBC8173A012B2A476FD ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
07:16:41.0263 0x0a80  Intel® PROSet Monitoring Service - ok
07:16:41.0279 0x0a80  [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide        C:\Windows\system32\drivers\intelide.sys
07:16:41.0279 0x0a80  intelide - ok
07:16:41.0310 0x0a80  [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:16:41.0310 0x0a80  intelppm - ok
07:16:41.0357 0x0a80  [ C4E9E2CB3B18739BBCF4C45FA106456B, 44986A5C135A89781275D945948B731D0C3F984F54E4E3BB14D6D0F96C49A38B ] InvProtectDrv   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
07:16:41.0357 0x0a80  InvProtectDrv - ok
07:16:41.0497 0x0a80  [ 98632FFC351BA6759CC1C03EF240A758, D7140B4FA0E1D9478C60A3EC123BC1622A0BBB2077FB3DD708881ADF763B0E98 ] InvProtectSvc   C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
07:16:41.0591 0x0a80  InvProtectSvc - ok
07:16:41.0606 0x0a80  [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
07:16:41.0606 0x0a80  IPBusEnum - ok
07:16:41.0622 0x0a80  [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:16:41.0622 0x0a80  IpFilterDriver - ok
07:16:41.0684 0x0a80  [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:16:41.0700 0x0a80  iphlpsvc - ok
07:16:41.0747 0x0a80  [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
07:16:41.0747 0x0a80  IPMIDRV - ok
07:16:41.0762 0x0a80  [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
07:16:41.0778 0x0a80  IPNAT - ok
07:16:41.0856 0x0a80  [ 635F7587F7576AA14871B850EB95BFB8, 75CB8F4D511964BB9104E93EF31D2DDF1227DACE1EDB9DE25AE9719835B6C34B ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
07:16:41.0872 0x0a80  iPod Service - ok
07:16:41.0887 0x0a80  [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:16:41.0903 0x0a80  IRENUM - ok
07:16:41.0903 0x0a80  [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:16:41.0903 0x0a80  isapnp - ok
07:16:41.0918 0x0a80  [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:16:41.0934 0x0a80  iScsiPrt - ok
07:16:41.0996 0x0a80  [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc          C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
07:16:41.0996 0x0a80  iumsvc - ok
07:16:42.0012 0x0a80  [ 78D369F8A81A341109FBA1DB64B4C512, E584F693255CCBF7006E7D35984149CF599BB0849A8F02EFDD6223DF0D606049 ] iusb3hcs        C:\Windows\system32\DRIVERS\iusb3hcs.sys
07:16:42.0012 0x0a80  iusb3hcs - ok
07:16:42.0043 0x0a80  [ 5B632ABA038CE2E2D5D2D1115C6B26D1, 605A8FFA704E4369CF9D17DF8630DC9E196B8920D47F1CC5151759E60B234C1F ] iusb3hub        C:\Windows\system32\DRIVERS\iusb3hub.sys
07:16:42.0059 0x0a80  iusb3hub - ok
07:16:42.0090 0x0a80  [ EA841584EF59528D11F20355770E427E, 515737761BB2A0A233F4AD141E28D93E3B9789320A15B7D5FB3DB5AC3CD8E249 ] iusb3xhc        C:\Windows\system32\DRIVERS\iusb3xhc.sys
07:16:42.0106 0x0a80  iusb3xhc - ok
07:16:42.0121 0x0a80  [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus          C:\Windows\system32\DRIVERS\iwdbus.sys
07:16:42.0121 0x0a80  iwdbus - ok
07:16:42.0184 0x0a80  [ F1E91B70B6312F97749F0DBECB56E783, 67135609D1B8436E0E470660FBB1D29D9C9D0E0A1DF91FA47021E20C0AEE0EEF ] jhi_service     C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
07:16:42.0199 0x0a80  jhi_service - ok
07:16:42.0215 0x0a80  [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:16:42.0230 0x0a80  kbdclass - ok
07:16:42.0246 0x0a80  [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:16:42.0246 0x0a80  kbdhid - ok
07:16:42.0246 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] KeyIso          C:\Windows\system32\lsass.exe
07:16:42.0246 0x0a80  KeyIso - ok
07:16:42.0277 0x0a80  [ 353009DEDF918B2A51414F330CF72DEC, BF157D6E329F26E02FA16271B751B421396040DBB1D7BF9B2E0A21BC569672E2 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:16:42.0277 0x0a80  KSecDD - ok
07:16:42.0293 0x0a80  [ 1C2D8E18AA8FD50CD04C15CC27F7F5AB, 4BA3B0F9F01BD47D66091D3AD86B69A523981D61DFB4D677F2CD39405B2DA989 ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
07:16:42.0293 0x0a80  KSecPkg - ok
07:16:42.0308 0x0a80  [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
07:16:42.0324 0x0a80  ksthunk - ok
07:16:42.0355 0x0a80  [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm           C:\Windows\system32\msdtckrm.dll
07:16:42.0371 0x0a80  KtmRm - ok
07:16:42.0386 0x0a80  [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer    C:\Windows\System32\srvsvc.dll
07:16:42.0402 0x0a80  LanmanServer - ok
07:16:42.0402 0x0a80  [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:16:42.0418 0x0a80  LanmanWorkstation - ok
07:16:42.0433 0x0a80  [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:16:42.0433 0x0a80  lltdio - ok
07:16:42.0449 0x0a80  [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
07:16:42.0449 0x0a80  lltdsvc - ok
07:16:42.0464 0x0a80  [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts         C:\Windows\System32\lmhsvc.dll
07:16:42.0464 0x0a80  lmhosts - ok
07:16:42.0511 0x0a80  [ FC0BC73DF7430192A753785179C816B5, 7A9A0C8466E89AC0A3ADCD91A3E9ADDA10E8BFD566A318C21573927530EEEA4C ] LMS             C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
07:16:42.0527 0x0a80  LMS - ok
07:16:42.0542 0x0a80  [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:16:42.0542 0x0a80  LSI_FC - ok
07:16:42.0558 0x0a80  [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
07:16:42.0574 0x0a80  LSI_SAS - ok
07:16:42.0574 0x0a80  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:16:42.0574 0x0a80  LSI_SAS2 - ok
07:16:42.0605 0x0a80  [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:16:42.0605 0x0a80  LSI_SCSI - ok
07:16:42.0620 0x0a80  [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv           C:\Windows\system32\drivers\luafv.sys
07:16:42.0652 0x0a80  luafv - ok
07:16:42.0667 0x0a80  [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
07:16:42.0683 0x0a80  Mcx2Svc - ok
07:16:42.0698 0x0a80  [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas         C:\Windows\system32\drivers\megasas.sys
07:16:42.0714 0x0a80  megasas - ok
07:16:42.0730 0x0a80  [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:16:42.0730 0x0a80  MegaSR - ok
07:16:42.0761 0x0a80  [ E0EF6C1399A9B1AAA0B28590411BED04, 10C193D1ED434A6DC2AD8C450012B9AF1C848A0A0B3B775F13495648FB77E009 ] MEIx64          C:\Windows\system32\DRIVERS\TeeDriverx64.sys
07:16:42.0776 0x0a80  MEIx64 - ok
07:16:42.0808 0x0a80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS           C:\Windows\system32\mmcss.dll
07:16:42.0823 0x0a80  MMCSS - ok
07:16:42.0839 0x0a80  [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem           C:\Windows\system32\drivers\modem.sys
07:16:42.0839 0x0a80  Modem - ok
07:16:42.0854 0x0a80  [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
07:16:42.0854 0x0a80  monitor - ok
07:16:42.0870 0x0a80  [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:16:42.0870 0x0a80  mouclass - ok
07:16:42.0901 0x0a80  [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:16:42.0901 0x0a80  mouhid - ok
07:16:42.0901 0x0a80  [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:16:42.0917 0x0a80  mountmgr - ok
07:16:42.0948 0x0a80  [ 707E98CC15C2224C078C9E71FF1889BC, 958416FE081436FDBF7F2BEBBB2795C54CC4F3F349D6DF463296A7BBA3404F13 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:16:42.0964 0x0a80  MozillaMaintenance - ok
07:16:42.0979 0x0a80  [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:16:42.0979 0x0a80  mpio - ok
07:16:43.0010 0x0a80  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:16:43.0010 0x0a80  mpsdrv - ok
07:16:43.0057 0x0a80  [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:16:43.0088 0x0a80  MpsSvc - ok
07:16:43.0121 0x0a80  [ 1A4F75E63C9FB84B85DFFC6B63FD5404, 01AFA6DBB4CDE55FE4EA05BBE8F753A4266F8D072EA1EE01DB79F5126780C21F ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:16:43.0136 0x0a80  MRxDAV - ok
07:16:43.0152 0x0a80  [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:16:43.0167 0x0a80  mrxsmb - ok
07:16:43.0183 0x0a80  [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:16:43.0183 0x0a80  mrxsmb10 - ok
07:16:43.0199 0x0a80  [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:16:43.0199 0x0a80  mrxsmb20 - ok
07:16:43.0214 0x0a80  [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:16:43.0214 0x0a80  msahci - ok
07:16:43.0230 0x0a80  [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
07:16:43.0245 0x0a80  msdsm - ok
07:16:43.0261 0x0a80  [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC           C:\Windows\System32\msdtc.exe
07:16:43.0261 0x0a80  MSDTC - ok
07:16:43.0277 0x0a80  [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:16:43.0277 0x0a80  Msfs - ok
07:16:43.0277 0x0a80  [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
07:16:43.0277 0x0a80  mshidkmdf - ok
07:16:43.0292 0x0a80  [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:16:43.0308 0x0a80  msisadrv - ok
07:16:43.0308 0x0a80  [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
07:16:43.0308 0x0a80  MSiSCSI - ok
07:16:43.0323 0x0a80  msiserver - ok
07:16:43.0323 0x0a80  [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
07:16:43.0323 0x0a80  MSKSSRV - ok
07:16:43.0339 0x0a80  [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:16:43.0339 0x0a80  MSPCLOCK - ok
07:16:43.0355 0x0a80  [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
07:16:43.0370 0x0a80  MSPQM - ok
07:16:43.0401 0x0a80  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
07:16:43.0401 0x0a80  MsRPC - ok
07:16:43.0417 0x0a80  [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
07:16:43.0417 0x0a80  mssmbios - ok
07:16:43.0433 0x0a80  [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
07:16:43.0433 0x0a80  MSTEE - ok
07:16:43.0433 0x0a80  [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:16:43.0433 0x0a80  MTConfig - ok
07:16:43.0448 0x0a80  [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup             C:\Windows\system32\Drivers\mup.sys
07:16:43.0448 0x0a80  Mup - ok
07:16:43.0495 0x0a80  [ 35739E6A0C67147A9B75226946CDC903, C9DE77D6812C778F601F52E87ECDD228E52EA691AB9CEAD388998A7B5AFC3B89 ] MyWiFiDHCPDNS   C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
07:16:43.0511 0x0a80  MyWiFiDHCPDNS - ok
07:16:43.0698 0x0a80  [ 63F5AC8B04F3134E97379CA38DBFBC3C, 1F414CD4554407A0106FB34FC502818A5471E859992A8E7E253B15573283DA5D ] N360            C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
07:16:43.0713 0x0a80  N360 - ok
07:16:43.0729 0x0a80  [ 73A40E29F61E5D142C8F42B28A351190, 2D2C7EE9547738A8A676AB785C151E8B48ED40FE7CF6174650814C7F5F58513B ] NAL             C:\Windows\system32\Drivers\iqvw64e.sys
07:16:43.0729 0x0a80  NAL - ok
07:16:43.0776 0x0a80  [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent        C:\Windows\system32\qagentRT.dll
07:16:43.0791 0x0a80  napagent - ok
07:16:43.0807 0x0a80  [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
07:16:43.0823 0x0a80  NativeWifiP - ok
07:16:43.0869 0x0a80  [ C180A82874D3CDC390A27F2F1E1AF025, 9F473661524D645D5C1D616BF2BEC2996DFAE9268B7CF280FCCBD19AA072E567 ] NAVENG          C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.001\ENG64.SYS
07:16:43.0869 0x0a80  NAVENG - ok
07:16:44.0152 0x0a80  [ E66CA6C321614D7BC0AFC9C8436131B9, BF732419D56E1B8AB3B11B19403087D4EDBF9108F0252ACBB561235040AB4436 ] NAVEX15         C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141028.001\EX64.SYS
07:16:44.0293 0x0a80  NAVEX15 - ok
07:16:44.0355 0x0a80  [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:16:44.0371 0x0a80  NDIS - ok
07:16:44.0386 0x0a80  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
07:16:44.0386 0x0a80  NdisCap - ok
07:16:44.0402 0x0a80  [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:16:44.0402 0x0a80  NdisTapi - ok
07:16:44.0402 0x0a80  [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
07:16:44.0417 0x0a80  Ndisuio - ok
07:16:44.0433 0x0a80  [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
07:16:44.0433 0x0a80  NdisWan - ok
07:16:44.0433 0x0a80  [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
07:16:44.0449 0x0a80  NDProxy - ok
07:16:44.0449 0x0a80  [ EE00C544C025958AF50C7B199F3C8595, D774DB020D9C46D1AA0B2DB9FA2C36C4A9C38D904CC6929695321D32ACA0D4D1 ] Netaapl         C:\Windows\system32\DRIVERS\netaapl64.sys
07:16:44.0449 0x0a80  Netaapl - ok
07:16:44.0464 0x0a80  [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
07:16:44.0464 0x0a80  NetBIOS - ok
07:16:44.0480 0x0a80  [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
07:16:44.0480 0x0a80  NetBT - ok
07:16:44.0480 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] Netlogon        C:\Windows\system32\lsass.exe
07:16:44.0480 0x0a80  Netlogon - ok
07:16:44.0511 0x0a80  [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman          C:\Windows\System32\netman.dll
07:16:44.0527 0x0a80  Netman - ok
07:16:44.0932 0x0a80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:16:44.0963 0x0a80  NetMsmqActivator - ok
07:16:44.0979 0x0a80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:16:44.0979 0x0a80  NetPipeActivator - ok
07:16:45.0041 0x0a80  [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm        C:\Windows\System32\netprofm.dll
07:16:45.0057 0x0a80  netprofm - ok
07:16:45.0057 0x0a80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:16:45.0057 0x0a80  NetTcpActivator - ok
07:16:45.0073 0x0a80  [ 21318671BCAD3ACF16638F98D4D00973, CEA6E3B6BCB4B74A9ACACBEEA12EEA967BBC2240398E2EBC04D7910109CACA11 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
07:16:45.0073 0x0a80  NetTcpPortSharing - ok
07:16:45.0104 0x0a80  [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc          C:\Windows\system32\DRIVERS\netvsc60.sys
07:16:45.0104 0x0a80  netvsc - ok
07:16:45.0260 0x0a80  [ C873B801A7D628474313B2887D051607, 894877BAB599F52FB606B240D53FEB84CC4A6BAD8A45CB1983231CD2AE0C7A79 ] NETwNs64        C:\Windows\system32\DRIVERS\NETwsw02.sys
07:16:45.0385 0x0a80  NETwNs64 - ok
07:16:45.0416 0x0a80  [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
07:16:45.0416 0x0a80  nfrd960 - ok
07:16:45.0463 0x0a80  [ 9ED6B2F6D9D04FB883F578ABC239EE07, F93F2AFB91AE605D96E83258F2EA20BF08E74FE8C36EEF39650F369071A080AF ] NitroReaderDriverReadSpool3 C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
07:16:45.0494 0x0a80  NitroReaderDriverReadSpool3 - ok
07:16:45.0509 0x0a80  [ 8AD77806D336673F270DB31645267293, E23F324913554A23CD043DD27D4305AF62F48C0561A0FC7B7811E55B74B1BE79 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:16:45.0525 0x0a80  NlaSvc - ok
07:16:45.0525 0x0a80  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:16:45.0525 0x0a80  Npfs - ok
07:16:45.0541 0x0a80  [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi             C:\Windows\system32\nsisvc.dll
07:16:45.0541 0x0a80  nsi - ok
07:16:45.0556 0x0a80  [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:16:45.0556 0x0a80  nsiproxy - ok
07:16:45.0650 0x0a80  [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:16:45.0697 0x0a80  Ntfs - ok
07:16:45.0712 0x0a80  [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null            C:\Windows\system32\drivers\Null.sys
07:16:45.0712 0x0a80  Null - ok
07:16:45.0728 0x0a80  [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:16:45.0743 0x0a80  nvraid - ok
07:16:45.0743 0x0a80  [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:16:45.0759 0x0a80  nvstor - ok
07:16:45.0759 0x0a80  [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:16:45.0759 0x0a80  nv_agp - ok
07:16:45.0790 0x0a80  [ 011252EDC0E4A3BECF81306A08DD99DB, F1758D813E0A9C169F9593114D9BEC554D4731137F677AA62AD0FCA86F1B16D4 ] O2FJ2RDR        C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys
07:16:45.0806 0x0a80  O2FJ2RDR - ok
07:16:45.0821 0x0a80  [ 4E37455DB16AEC75862B1D0BC35B589E, F60FCE0C3E6C1559B0A8E0A032AFD30216E1DE2142E8E4C181C43DB6C4B5A443 ] O2FLASH         C:\Windows\system32\DRIVERS\o2flash.exe
07:16:45.0821 0x0a80  O2FLASH - ok
07:16:45.0821 0x0a80  [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:16:45.0837 0x0a80  ohci1394 - ok
07:16:45.0868 0x0a80  [ 30B5F9FB0C35AE6B4A0851D24CE2EE8B, 0340E77E8EC2ADC21B8DDD9C9CC95B3F4BCAFD54618A333C72D7D9587D593B83 ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:16:45.0884 0x0a80  ose - ok
07:16:45.0899 0x0a80  [ 4965B005492CBA7719E82B71E3245495, 52AD72C05FACC1E0E416A1FA25F34FDD3CB274FAB973BEAAE911A2FACA42B650 ] ose64           C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:16:45.0915 0x0a80  ose64 - ok
07:16:46.0227 0x0a80  [ FE9C0029E1AF26350D9985D00520E5C8, 967079CCF7B2CBD4B48C9F076675C26AF93A1CEC26C96811F279414E34004EE6 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:16:46.0461 0x0a80  osppsvc - ok
07:16:46.0508 0x0a80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:16:46.0523 0x0a80  p2pimsvc - ok
07:16:46.0539 0x0a80  [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc          C:\Windows\system32\p2psvc.dll
07:16:46.0555 0x0a80  p2psvc - ok
07:16:46.0570 0x0a80  [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
07:16:46.0570 0x0a80  Parport - ok
07:16:46.0586 0x0a80  [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
07:16:46.0601 0x0a80  partmgr - ok
07:16:46.0633 0x0a80  [ 256390425414F90FCBC12F525A84EB11, A4992020BF6A239AD8A77125426E2C39980C9ABC971C4DBCB24B358F946AD7F9 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:16:46.0664 0x0a80  PcaSvc - ok
07:16:46.0679 0x0a80  [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci             C:\Windows\system32\drivers\pci.sys
07:16:46.0679 0x0a80  pci - ok
07:16:46.0695 0x0a80  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide          C:\Windows\system32\drivers\pciide.sys
07:16:46.0695 0x0a80  pciide - ok
07:16:46.0711 0x0a80  [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:16:46.0726 0x0a80  pcmcia - ok
07:16:46.0742 0x0a80  [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw             C:\Windows\system32\drivers\pcw.sys
07:16:46.0742 0x0a80  pcw - ok
07:16:46.0804 0x0a80  [ 946010CDFA91469351B22E2620CEBCD8, F099C92706D42ADC289B72724F7932E5D4F62A427AEC967DDB0A1D728AE59A63 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:16:46.0835 0x0a80  PEAUTH - ok
07:16:47.0007 0x0a80  [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
07:16:47.0085 0x0a80  PeerDistSvc - ok
07:16:48.0442 0x0a80  [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:16:48.0442 0x0a80  PerfHost - ok
07:16:48.0536 0x0a80  [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla             C:\Windows\system32\pla.dll
07:16:48.0583 0x0a80  pla - ok
07:16:48.0661 0x0a80  [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:16:48.0676 0x0a80  PlugPlay - ok
07:16:48.0692 0x0a80  [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
07:16:48.0692 0x0a80  PNRPAutoReg - ok
07:16:48.0723 0x0a80  [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
07:16:48.0723 0x0a80  PNRPsvc - ok
07:16:48.0754 0x0a80  [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
07:16:48.0770 0x0a80  PolicyAgent - ok
07:16:48.0801 0x0a80  [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power           C:\Windows\system32\umpo.dll
07:16:48.0801 0x0a80  Power - ok
07:16:48.0832 0x0a80  [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:16:48.0832 0x0a80  PptpMiniport - ok
07:16:48.0848 0x0a80  [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor       C:\Windows\system32\drivers\processr.sys
07:16:48.0848 0x0a80  Processor - ok
07:16:48.0863 0x0a80  [ 53E83F1F6CF9D62F32801CF66D8352A8, 1225FED810BE8E0729EEAE5B340035CCBB9BACD3EF247834400F9B72D05ACE48 ] ProfSvc         C:\Windows\system32\profsvc.dll
07:16:48.0879 0x0a80  ProfSvc - ok
07:16:48.0879 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:16:48.0879 0x0a80  ProtectedStorage - ok
07:16:48.0895 0x0a80  [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:16:48.0895 0x0a80  Psched - ok
07:16:48.0988 0x0a80  [ 119B221670D50C82BF203B673778F2D3, FC096329405669B06239FED869CDD585566A19F54F5484987EF4FE1C51921080 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
07:16:48.0988 0x0a80  QBCFMonitorService - ok
07:16:49.0035 0x0a80  [ 6BEE1814470DC12FA20C53DFC3C97EBB, 91E8C22E54A090966E9B96395392B2C03A32DB1AF8DB2289E2EA9460F0A76C0F ] QBFCService     C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
07:16:49.0035 0x0a80  QBFCService - ok
07:16:49.0238 0x0a80  [ 9E5E9AF398D1AE13B67B623D5C695BA9, C916041BD02BC0B4E4458298BDDCBD2C04F3320CEDF87CE3349EF95B4BC8256C ] QBVSS           C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
07:16:49.0316 0x0a80  QBVSS - ok
07:16:49.0363 0x0a80  [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:16:49.0409 0x0a80  ql2300 - ok
07:16:49.0425 0x0a80  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:16:49.0441 0x0a80  ql40xx - ok
07:16:49.0472 0x0a80  [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE           C:\Windows\system32\qwave.dll
07:16:49.0487 0x0a80  QWAVE - ok
07:16:49.0503 0x0a80  [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:16:49.0503 0x0a80  QWAVEdrv - ok
07:16:49.0534 0x0a80  [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:16:49.0534 0x0a80  RasAcd - ok
07:16:49.0534 0x0a80  [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
07:16:49.0534 0x0a80  RasAgileVpn - ok
07:16:49.0550 0x0a80  [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto         C:\Windows\System32\rasauto.dll
07:16:49.0550 0x0a80  RasAuto - ok
07:16:49.0565 0x0a80  [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
07:16:49.0565 0x0a80  Rasl2tp - ok
07:16:49.0581 0x0a80  [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan          C:\Windows\System32\rasmans.dll
07:16:49.0597 0x0a80  RasMan - ok
07:16:49.0612 0x0a80  [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:16:49.0612 0x0a80  RasPppoe - ok
07:16:49.0612 0x0a80  [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
07:16:49.0628 0x0a80  RasSstp - ok
07:16:49.0643 0x0a80  [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
07:16:49.0643 0x0a80  rdbss - ok
07:16:49.0659 0x0a80  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
07:16:49.0659 0x0a80  rdpbus - ok
07:16:49.0659 0x0a80  [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:16:49.0659 0x0a80  RDPCDD - ok
07:16:49.0690 0x0a80  [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
07:16:49.0690 0x0a80  RDPDR - ok
07:16:49.0706 0x0a80  [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:16:49.0706 0x0a80  RDPENCDD - ok
07:16:49.0706 0x0a80  [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:16:49.0706 0x0a80  RDPREFMP - ok
07:16:49.0768 0x0a80  [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
07:16:49.0768 0x0a80  RdpVideoMiniport - ok
07:16:49.0862 0x0a80  [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
07:16:49.0862 0x0a80  RDPWD - ok
07:16:49.0909 0x0a80  [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:16:49.0924 0x0a80  rdyboost - ok
07:16:49.0971 0x0a80  [ BC49E8BDBC6C1B161FDDB350CE423366, D98C7948EE36808164766DD9934C204599275BE9FCD83515F9C0153202D38C34 ] RegSrvc         C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
07:16:49.0987 0x0a80  RegSrvc - ok
07:16:50.0002 0x0a80  [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:16:50.0002 0x0a80  RemoteAccess - ok
07:16:50.0002 0x0a80  [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:16:50.0018 0x0a80  RemoteRegistry - ok
07:16:50.0033 0x0a80  [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
07:16:50.0033 0x0a80  RFCOMM - ok
07:16:50.0049 0x0a80  [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:16:50.0049 0x0a80  RpcEptMapper - ok
07:16:50.0065 0x0a80  [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator      C:\Windows\system32\locator.exe
07:16:50.0065 0x0a80  RpcLocator - ok
07:16:50.0111 0x0a80  [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs           C:\Windows\system32\rpcss.dll
07:16:50.0127 0x0a80  RpcSs - ok
07:16:50.0143 0x0a80  [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:16:50.0143 0x0a80  rspndr - ok
07:16:50.0174 0x0a80  [ BABCEF4417B904E29D3FEAE2DBACD383, 1800D1CFC9E582154DFBFD4D2357980863F56AD8E6E5F39444B60F7E675F991D ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
07:16:50.0189 0x0a80  RtkAudioService - ok
07:16:50.0205 0x0a80  [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
07:16:50.0205 0x0a80  s3cap - ok
07:16:50.0205 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] SamSs           C:\Windows\system32\lsass.exe
07:16:50.0221 0x0a80  SamSs - ok
07:16:50.0267 0x0a80  [ 9EBC8558F87AB6645DD12A0EE99E1353, 5A4B49051FB7BFACAB81F0CF1B27057BC46D4A064005BF738549208667D00AAA ] SboxDrv         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
07:16:50.0267 0x0a80  SboxDrv - ok
07:16:50.0299 0x0a80  [ 6E5A7FD77EE6D70C738B6439B5E8FF0C, 0E9570B5FD7BEDF62EB9D35B6834E2F0B740548D128D153DAF452B2CED0905A9 ] SboxSvc         C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
07:16:50.0299 0x0a80  SboxSvc - ok
07:16:50.0314 0x0a80  [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:16:50.0330 0x0a80  sbp2port - ok
07:16:50.0330 0x0a80  [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:16:50.0345 0x0a80  SCardSvr - ok
07:16:50.0345 0x0a80  [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:16:50.0345 0x0a80  scfilter - ok
07:16:50.0408 0x0a80  [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule        C:\Windows\system32\schedsvc.dll
07:16:50.0439 0x0a80  Schedule - ok
07:16:50.0439 0x0a80  [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc     C:\Windows\System32\certprop.dll
07:16:50.0455 0x0a80  SCPolicySvc - ok
07:16:50.0470 0x0a80  [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus           C:\Windows\system32\drivers\sdbus.sys
07:16:50.0470 0x0a80  sdbus - ok
07:16:50.0486 0x0a80  [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:16:50.0486 0x0a80  SDRSVC - ok
07:16:50.0501 0x0a80  [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:16:50.0501 0x0a80  secdrv - ok
07:16:50.0517 0x0a80  [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon        C:\Windows\system32\seclogon.dll
07:16:50.0533 0x0a80  seclogon - ok
07:16:50.0548 0x0a80  [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS            C:\Windows\system32\sens.dll
07:16:50.0548 0x0a80  SENS - ok
07:16:50.0564 0x0a80  [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:16:50.0564 0x0a80  SensrSvc - ok
07:16:50.0611 0x0a80  [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum         C:\Windows\system32\drivers\serenum.sys
07:16:50.0611 0x0a80  Serenum - ok
07:16:50.0626 0x0a80  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial          C:\Windows\system32\drivers\serial.sys
07:16:50.0642 0x0a80  Serial - ok
07:16:50.0642 0x0a80  [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:16:50.0657 0x0a80  sermouse - ok
07:16:50.0673 0x0a80  [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv      C:\Windows\system32\sessenv.dll
07:16:50.0673 0x0a80  SessionEnv - ok
07:16:50.0673 0x0a80  [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
07:16:50.0689 0x0a80  sffdisk - ok
07:16:50.0720 0x0a80  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:16:50.0720 0x0a80  sffp_mmc - ok
07:16:50.0735 0x0a80  [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
07:16:50.0735 0x0a80  sffp_sd - ok
07:16:50.0767 0x0a80  [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
07:16:50.0782 0x0a80  sfloppy - ok
07:16:50.0798 0x0a80  [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:16:50.0813 0x0a80  SharedAccess - ok
07:16:50.0845 0x0a80  [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:16:50.0860 0x0a80  ShellHWDetection - ok
07:16:50.0876 0x0a80  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:16:50.0907 0x0a80  SiSRaid2 - ok
07:16:50.0923 0x0a80  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:16:50.0923 0x0a80  SiSRaid4 - ok
07:16:50.0938 0x0a80  [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
07:16:50.0938 0x0a80  Smb - ok
07:16:50.0969 0x0a80  [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:16:50.0969 0x0a80  SNMPTRAP - ok
07:16:50.0985 0x0a80  [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr           C:\Windows\system32\drivers\spldr.sys
07:16:50.0985 0x0a80  spldr - ok
07:16:51.0016 0x0a80  [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler         C:\Windows\System32\spoolsv.exe
07:16:51.0032 0x0a80  Spooler - ok
07:16:51.0172 0x0a80  [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc          C:\Windows\system32\sppsvc.exe
07:16:51.0266 0x0a80  sppsvc - ok
07:16:51.0297 0x0a80  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
07:16:51.0297 0x0a80  sppuinotify - ok
07:16:51.0359 0x0a80  [ E163E10191958FF6A2B0B48353F9E9FD, C4F5B83B5C435458AEEC4BD5C6A0FE15F4C3CD5C23CA7F5949A62214634DBB36 ] SRTSP           C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS
07:16:51.0391 0x0a80  SRTSP - ok
07:16:51.0406 0x0a80  [ 68E7B6708B9EEE021301C483825D05EA, 87E262405473A063E3E6E9D1D61D8381C997C95F77317CDBB3C59369436E70C5 ] SRTSPX          C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS
07:16:51.0406 0x0a80  SRTSPX - ok
07:16:51.0453 0x0a80  [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv             C:\Windows\system32\DRIVERS\srv.sys
07:16:51.0469 0x0a80  srv - ok
07:16:51.0484 0x0a80  [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:16:51.0500 0x0a80  srv2 - ok
07:16:51.0515 0x0a80  [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:16:51.0515 0x0a80  srvnet - ok
07:16:51.0531 0x0a80  [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
07:16:51.0547 0x0a80  SSDPSRV - ok
07:16:51.0562 0x0a80  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc         C:\Windows\system32\sstpsvc.dll
07:16:51.0562 0x0a80  SstpSvc - ok
07:16:51.0609 0x0a80  [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn        C:\Windows\system32\DRIVERS\stdcfltn.sys
07:16:51.0609 0x0a80  stdcfltn - ok
07:16:51.0625 0x0a80  [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:16:51.0625 0x0a80  stexstor - ok
07:16:51.0640 0x0a80  [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
07:16:51.0640 0x0a80  StillCam - ok
07:16:51.0671 0x0a80  [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc          C:\Windows\System32\wiaservc.dll
07:16:51.0687 0x0a80  stisvc - ok
07:16:51.0703 0x0a80  [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc         C:\Windows\system32\storsvc.dll
07:16:51.0718 0x0a80  StorSvc - ok
07:16:51.0734 0x0a80  [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc         C:\Windows\system32\drivers\storvsc.sys
07:16:51.0749 0x0a80  storvsc - ok
07:16:51.0781 0x0a80  [ 4732444B7A815E8ECD66E9D1FC82DDC8, 6DC333BE9921683AA815CFB7FAC4F94C315F564D3A9D2E7F06E3D232A2450232 ] ST_Accel        C:\Windows\system32\DRIVERS\ST_Accel.sys
07:16:51.0781 0x0a80  ST_Accel - ok
07:16:51.0796 0x0a80  [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
07:16:51.0796 0x0a80  swenum - ok
07:16:51.0859 0x0a80  [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv           C:\Windows\System32\swprv.dll
07:16:51.0874 0x0a80  swprv - ok
07:16:51.0905 0x0a80  [ 5C9EE2303CA7F267665D75237862B39C, 5DECD977A823C14B4D980D3DB621BC875231B741653F0450A027FC9E87725F9D ] SymDS           C:\Windows\system32\drivers\N360x64\1506000.020\SYMDS64.SYS
07:16:51.0921 0x0a80  SymDS - ok
07:16:51.0968 0x0a80  [ 9F31630D7FC2DD9D5DA1CE359AAD1F46, 296D29EDF53956D1899DE4669AB429C280DF9F183F00AE1CE528E7C575802235 ] SymEFA          C:\Windows\system32\drivers\N360x64\1506000.020\SYMEFA64.SYS
07:16:51.0999 0x0a80  SymEFA - ok
07:16:52.0015 0x0a80  [ 97E11C50CE52277B377396EA8838E539, E17D03F80E14F961C41F2D54D1EF73D29BF01F38459C5710D786234F8BA3C835 ] SymEvent        C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
07:16:52.0030 0x0a80  SymEvent - ok
07:16:52.0061 0x0a80  [ 2C95265BE19F338E1C1090E4E91055BB, 1E580E9367B1C89B06BD4B34EFD94CD511FD3AA1617D943DDFE0A28B7ED5D5F9 ] SymIRON         C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS
07:16:52.0077 0x0a80  SymIRON - ok
07:16:52.0093 0x0a80  [ 5570A74FF9B1EFBC5154DD1E2F05C517, 2C883A0334CBE4AE257028805C9BB1E529A80F56BA6D341E8EBB83CB3E46FEB7 ] SymNetS         C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS
07:16:52.0108 0x0a80  SymNetS - ok
07:16:52.0139 0x0a80  [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid        C:\Windows\system32\DRIVERS\VMBusVideoM.sys
07:16:52.0139 0x0a80  SynthVid - ok
07:16:52.0249 0x0a80  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain         C:\Windows\system32\sysmain.dll
07:16:52.0295 0x0a80  SysMain - ok
07:16:52.0311 0x0a80  [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:16:52.0311 0x0a80  TabletInputService - ok
07:16:52.0327 0x0a80  [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv         C:\Windows\System32\tapisrv.dll
07:16:52.0342 0x0a80  TapiSrv - ok
07:16:52.0358 0x0a80  [ 927D0CDB3F96EFC1E98FB1A2C9FB67AD, 58F14DAA0EA21EA2F2A1D3D62C88BD8E5A0E0EF498B7B8D367BEEADE6A46843C ] tapoas          C:\Windows\system32\DRIVERS\tapoas.sys
07:16:52.0358 0x0a80  tapoas - ok
07:16:52.0389 0x0a80  [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS             C:\Windows\System32\tbssvc.dll
07:16:52.0389 0x0a80  TBS - ok
07:16:52.0451 0x0a80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
07:16:52.0498 0x0a80  Tcpip - ok
07:16:52.0576 0x0a80  [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:16:52.0623 0x0a80  TCPIP6 - ok
07:16:52.0639 0x0a80  [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:16:52.0639 0x0a80  tcpipreg - ok
07:16:52.0795 0x0a80  [ BFAADE870B9B0CAED85AEB682610A2BD, 4147623CAFF7158ADF73DE823E3AE1364735E80268EAD1A6AB224479FD6CA1EA ] tcsd_win32.exe  C:\Program Files\Dell\Dell Data Protection\TSS\bin\tcsd_win32.exe
07:16:52.0841 0x0a80  tcsd_win32.exe - ok
07:16:52.0857 0x0a80  [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:16:52.0857 0x0a80  TDPIPE - ok
07:16:52.0873 0x0a80  [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
07:16:52.0873 0x0a80  TDTCP - ok
07:16:52.0888 0x0a80  [ DDAD5A7AB24D8B65F8D724F5C20FD806, B71F2967A4EE7395E4416C1526CB85368AEA988BDD1F2C9719C48B08FAFA9661 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
07:16:52.0888 0x0a80  tdx - ok
07:16:52.0904 0x0a80  [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
07:16:52.0904 0x0a80  TermDD - ok
07:16:52.0951 0x0a80  [ 4FC4C50985E5B840F4D72E57286887B8, 0BCBB4A938803AE3A3532B6D8FFC85594AA9AEF5D8F9792684841BEA8780AE9E ] TermService     C:\Windows\System32\termsrv.dll
07:16:52.0966 0x0a80  TermService - ok
07:16:52.0982 0x0a80  [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes          C:\Windows\system32\themeservice.dll
07:16:52.0997 0x0a80  Themes - ok
07:16:53.0013 0x0a80  [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER     C:\Windows\system32\mmcss.dll
07:16:53.0013 0x0a80  THREADORDER - ok
07:16:53.0013 0x0a80  [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks          C:\Windows\System32\trkwks.dll
07:16:53.0029 0x0a80  TrkWks - ok
07:16:53.0091 0x0a80  [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:16:53.0107 0x0a80  TrustedInstaller - ok
07:16:53.0138 0x0a80  [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:16:53.0138 0x0a80  tssecsrv - ok
07:16:53.0185 0x0a80  [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:16:53.0200 0x0a80  TsUsbFlt - ok
07:16:53.0200 0x0a80  [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD         C:\Windows\system32\drivers\TsUsbGD.sys
07:16:53.0216 0x0a80  TsUsbGD - ok
07:16:53.0231 0x0a80  [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:16:53.0247 0x0a80  tunnel - ok
07:16:53.0247 0x0a80  [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:16:53.0247 0x0a80  uagp35 - ok
07:16:53.0264 0x0a80  [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:16:53.0279 0x0a80  udfs - ok
07:16:53.0295 0x0a80  [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect       C:\Windows\system32\UI0Detect.exe
07:16:53.0295 0x0a80  UI0Detect - ok
07:16:53.0310 0x0a80  [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:16:53.0310 0x0a80  uliagpkx - ok
07:16:53.0342 0x0a80  [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
07:16:53.0342 0x0a80  umbus - ok
07:16:53.0357 0x0a80  [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
07:16:53.0357 0x0a80  UmPass - ok
07:16:53.0388 0x0a80  [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService    C:\Windows\System32\umrdp.dll
07:16:53.0388 0x0a80  UmRdpService - ok
07:16:53.0420 0x0a80  [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost        C:\Windows\System32\upnphost.dll
07:16:53.0435 0x0a80  upnphost - ok
07:16:53.0451 0x0a80  [ 524BFB402B1AB1007ED91E94D6AB6F72, 5A970292D2E7A580FAD86615BC6E66C2A5C74044EFF6C1543E928773E5B9C0F8 ] usb3Hub         C:\Windows\system32\DRIVERS\usb3Hub.sys
07:16:53.0451 0x0a80  usb3Hub - ok
07:16:53.0466 0x0a80  [ 5C3BE22E485B9BF11FCEFDC676C728D0, F55061066ECF6920D56518A677BB538C18B7F1BB150ED6DB3591408F44E8D53A ] USBAAPL64       C:\Windows\system32\Drivers\usbaapl64.sys
07:16:53.0466 0x0a80  USBAAPL64 - ok
07:16:53.0466 0x0a80  [ 91D3C92A44FC682DD791147604E79152, AA0B6799BF9C26C2C1793C91295288A4989AA43EC5E070B650DA7F0A142817CE ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
07:16:53.0482 0x0a80  usbccgp - ok
07:16:53.0513 0x0a80  [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:16:53.0513 0x0a80  usbcir - ok
07:16:53.0529 0x0a80  [ F7FFDF2A1D19A76A87759126B244C816, C91F09D77E22D976952A46F7B93F611B719EDAF694D538242FA8FAF1BA9BB2F0 ] usbehci         C:\Windows\system32\drivers\usbehci.sys
07:16:53.0529 0x0a80  usbehci - ok
07:16:53.0576 0x0a80  [ 245FE7FC634D6A993E682E0A9EBA4ABB, F7A536D215EE3A63358EC8B5946D7BB3B56357BF91347B07013E00DAC98775B6 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:16:53.0591 0x0a80  usbhub - ok
07:16:53.0638 0x0a80  [ C1A8966E0D09BFB501045105B30D86F2, 5BB95FBA441B898E258A3BFE174FC1042A04C19E25C59DE1FD90594290B11DA9 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
07:16:53.0638 0x0a80  usbohci - ok
07:16:53.0654 0x0a80  [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
07:16:53.0669 0x0a80  usbprint - ok
07:16:53.0669 0x0a80  [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
07:16:53.0685 0x0a80  usbscan - ok
07:16:53.0685 0x0a80  [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:16:53.0685 0x0a80  USBSTOR - ok
07:16:53.0700 0x0a80  [ 2E682DCE4319A90E02A327F8A427544A, 3528C5A4669BAD53041085C3E72C64388D308E42AD9D1FAC85B6F2FFD81610FB ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
07:16:53.0716 0x0a80  usbuhci - ok
07:16:53.0732 0x0a80  [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
07:16:53.0732 0x0a80  usbvideo - ok
07:16:53.0747 0x0a80  [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms           C:\Windows\System32\uxsms.dll
07:16:53.0763 0x0a80  UxSms - ok
07:16:53.0763 0x0a80  [ 204F3F58212B3E422C90BD9691A2DF28, D748A8CEE4D59B4248C9B1ACA5155D0FF6635A29564B4391B7FAC6261F93FE99 ] VaultSvc        C:\Windows\system32\lsass.exe
07:16:53.0763 0x0a80  VaultSvc - ok
07:16:53.0778 0x0a80  [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:16:53.0778 0x0a80  vdrvroot - ok
07:16:53.0810 0x0a80  [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds             C:\Windows\System32\vds.exe
07:16:53.0825 0x0a80  vds - ok
07:16:53.0841 0x0a80  [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
07:16:53.0841 0x0a80  vga - ok
07:16:53.0841 0x0a80  [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave         C:\Windows\System32\drivers\vga.sys
07:16:53.0841 0x0a80  VgaSave - ok
07:16:53.0856 0x0a80  [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
07:16:53.0856 0x0a80  vhdmp - ok
07:16:53.0888 0x0a80  [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:16:53.0888 0x0a80  viaide - ok
07:16:53.0903 0x0a80  [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
07:16:53.0919 0x0a80  VMBusHID - ok
07:16:53.0919 0x0a80  [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:16:53.0934 0x0a80  volmgr - ok
07:16:53.0950 0x0a80  [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
07:16:53.0966 0x0a80  volmgrx - ok
07:16:53.0981 0x0a80  [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
07:16:53.0997 0x0a80  volsnap - ok
07:16:54.0044 0x0a80  [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
07:16:54.0044 0x0a80  vsmraid - ok
07:16:54.0278 0x0a80  [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS             C:\Windows\system32\vssvc.exe
07:16:54.0387 0x0a80  VSS - ok
07:16:54.0387 0x0a80  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:16:54.0387 0x0a80  vwifibus - ok
07:16:54.0418 0x0a80  [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:16:54.0418 0x0a80  vwififlt - ok
07:16:54.0418 0x0a80  [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
07:16:54.0418 0x0a80  vwifimp - ok
07:16:54.0449 0x0a80  [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time         C:\Windows\system32\w32time.dll
07:16:54.0465 0x0a80  W32Time - ok
07:16:54.0465 0x0a80  [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:16:54.0480 0x0a80  WacomPen - ok
07:16:54.0496 0x0a80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:16:54.0496 0x0a80  WANARP - ok
07:16:54.0496 0x0a80  [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:16:54.0496 0x0a80  Wanarpv6 - ok
07:16:54.0590 0x0a80  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc     C:\Windows\system32\Wat\WatAdminSvc.exe
07:16:54.0636 0x0a80  WatAdminSvc - ok
07:16:54.0730 0x0a80  [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine        C:\Windows\system32\wbengine.exe
07:16:54.0761 0x0a80  wbengine - ok
07:16:54.0792 0x0a80  [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:16:54.0792 0x0a80  WbioSrvc - ok
07:16:54.0824 0x0a80  [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
07:16:54.0824 0x0a80  wcncsvc - ok
07:16:54.0839 0x0a80  [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:16:54.0839 0x0a80  WcsPlugInService - ok
07:16:54.0855 0x0a80  [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd              C:\Windows\system32\drivers\wd.sys
07:16:54.0855 0x0a80  Wd - ok
07:16:54.0902 0x0a80  [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:16:54.0917 0x0a80  Wdf01000 - ok
07:16:54.0948 0x0a80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:16:54.0948 0x0a80  WdiServiceHost - ok
07:16:54.0948 0x0a80  [ BF1FC3F79B863C914687A737C2F3D681, B2DF47AC4931ACFB243775767B77065CC0D98778FC0243C793A3E219EB961209 ] WdiSystemHost   C:\Windows\system32\wdi.dll
07:16:54.0964 0x0a80  WdiSystemHost - ok
07:16:54.0995 0x0a80  [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient       C:\Windows\System32\webclnt.dll
07:16:54.0995 0x0a80  WebClient - ok
07:16:55.0026 0x0a80  [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:16:55.0042 0x0a80  Wecsvc - ok
07:16:55.0073 0x0a80  [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
07:16:55.0073 0x0a80  wercplsupport - ok
07:16:55.0089 0x0a80  [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:16:55.0104 0x0a80  WerSvc - ok
07:16:55.0136 0x0a80  [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:16:55.0136 0x0a80  WfpLwf - ok
07:16:55.0151 0x0a80  [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:16:55.0151 0x0a80  WIMMount - ok
07:16:55.0151 0x0a80  WinDefend - ok
07:16:55.0167 0x0a80  WinHttpAutoProxySvc - ok
07:16:55.0370 0x0a80  [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
07:16:55.0385 0x0a80  Winmgmt - ok
07:16:55.0463 0x0a80  [ BCB1310604AA415C4508708975B3931E, 9D943F086D454345153A0DD426B4432532A44FD87950386B186E1CAD2AC70565 ] WinRM           C:\Windows\system32\WsmSvc.dll
07:16:55.0526 0x0a80  WinRM - ok
07:16:55.0541 0x0a80  [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:16:55.0541 0x0a80  WinUsb - ok
07:16:55.0604 0x0a80  [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc         C:\Windows\System32\wlansvc.dll
07:16:55.0635 0x0a80  Wlansvc - ok
07:16:55.0884 0x0a80  [ 357CABBF155AFD1D3926E62539D2A3A7, C43CFF84E7D930B4999DC061AB0766B57AAD7540B3E6EE54605B10ECE90825F5 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:16:56.0056 0x0a80  wlidsvc - ok
07:16:56.0072 0x0a80  [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
07:16:56.0072 0x0a80  WmiAcpi - ok
07:16:56.0087 0x0a80  [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:16:56.0103 0x0a80  wmiApSrv - ok
07:16:56.0103 0x0a80  WMPNetworkSvc - ok
07:16:56.0118 0x0a80  [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:16:56.0118 0x0a80  WPCSvc - ok
07:16:56.0118 0x0a80  [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:16:56.0134 0x0a80  WPDBusEnum - ok
07:16:56.0134 0x0a80  [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
07:16:56.0150 0x0a80  ws2ifsl - ok
07:16:56.0150 0x0a80  [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc          C:\Windows\system32\wscsvc.dll
07:16:56.0150 0x0a80  wscsvc - ok
07:16:56.0165 0x0a80  [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
07:16:56.0165 0x0a80  WSDPrintDevice - ok
07:16:56.0165 0x0a80  [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
07:16:56.0165 0x0a80  WSDScan - ok
07:16:56.0181 0x0a80  WSearch - ok
07:16:56.0259 0x0a80  [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:16:56.0337 0x0a80  wuauserv - ok
07:16:56.0352 0x0a80  [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:16:56.0352 0x0a80  WudfPf - ok
07:16:56.0368 0x0a80  [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:16:56.0384 0x0a80  WUDFRd - ok
07:16:56.0399 0x0a80  [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
07:16:56.0399 0x0a80  wudfsvc - ok
07:16:56.0430 0x0a80  [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc         C:\Windows\System32\wwansvc.dll
07:16:56.0446 0x0a80  WwanSvc - ok
07:16:56.0633 0x0a80  [ C3FFB098C24A82B61E1818C3BB978B48, C7BC57A8D549B7478052F05FD0B4C623F1B70187358FD3CB5A7E9B5092FBD75F ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
07:16:56.0774 0x0a80  ZeroConfigService - ok
07:16:56.0805 0x0a80  ================ Scan global ===============================
07:16:56.0805 0x0a80  [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
07:16:56.0852 0x0a80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:16:56.0867 0x0a80  [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
07:16:56.0898 0x0a80  [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
07:16:56.0930 0x0a80  [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
07:16:56.0945 0x0a80  [ Global ] - ok
07:16:56.0945 0x0a80  ================ Scan MBR ==================================
07:16:56.0961 0x0a80  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
07:16:57.0070 0x0a80  \Device\Harddisk0\DR0 - ok
07:16:57.0086 0x0a80  ================ Scan VBR ==================================
07:16:57.0086 0x0a80  [ C0D41A9FB4EABCB7A060E5E08ABB7EF7 ] \Device\Harddisk0\DR0\Partition1
07:16:57.0101 0x0a80  \Device\Harddisk0\DR0\Partition1 - ok
07:16:57.0101 0x0a80  [ 9C722E178F26315D0C6287E094838065 ] \Device\Harddisk0\DR0\Partition2
07:16:57.0117 0x0a80  \Device\Harddisk0\DR0\Partition2 - ok
07:16:57.0117 0x0a80  ================ Scan generic autorun ======================
07:16:57.0164 0x0a80  [ 49250EC8E64916CF40A78AC6CD916F40, C29B6999D6D98A884FD11C354CD89074A037807B17753CDAC4F218AF070DC40F ] C:\Program Files\DellTPad\Apoint.exe
07:16:57.0179 0x0a80  Apoint - ok
07:16:57.0819 0x0a80  [ 61389338DF2FE34B240F70B757A7EA27, A8BE0557A3B8BEB706418F27D9C8C4730E1869DC7DF4FDE82BCDF6355628109E ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
07:16:58.0193 0x0a80  RtHDVCpl - ok
07:16:58.0302 0x0a80  [ A07B6A63FEF50D6E15FFC4D808DD1B3F, 08EBE90A23FF7DFBFA45FD333D008A2B7C1992617CC25736146F02B28F568840 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
07:16:58.0349 0x0a80  RtHDVBg - ok
07:16:58.0365 0x0a80  [ 0E3F7320DB0FDF89722A3BB5A9C42E7B, D5D606168417CCF718E82C0CB685B33B5961A6C64879AC4454781A40E563BDD6 ] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
07:16:58.0365 0x0a80  WavesSvc - ok
07:16:58.0412 0x0a80  [ A07B6A63FEF50D6E15FFC4D808DD1B3F, 08EBE90A23FF7DFBFA45FD333D008A2B7C1992617CC25736146F02B28F568840 ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
07:16:58.0443 0x0a80  RtHDVBg_PushButton - ok
07:16:58.0458 0x0a80  [ 54412E0B0A95DEB6D1D2C56DC1829D5C, 4A6590BB38061FCF9E46BF4757247976BC0AF78AAA3FB492F4E85271B8447E90 ] C:\Windows\system32\igfxtray.exe
07:16:58.0474 0x0a80  IgfxTray - ok
07:16:58.0505 0x0a80  [ 1656BD1C13CBB8B2F87523172989CB06, 81BEC690805D8DD0B74FBD26CD120DEE6C65EE842DE278FA0EFDAC94478A4A19 ] C:\Windows\system32\hkcmd.exe
07:16:58.0505 0x0a80  HotKeysCmds - ok
07:16:58.0568 0x0a80  [ 4B7A77245C65884BDC2B319BA0B8B1AE, C67DBC93E1E5696A23A55F9F9C842CE229BD74557DD0D58198ADCF061A68497E ] C:\Windows\system32\igfxpers.exe
07:16:58.0583 0x0a80  Persistence - ok
07:16:58.0646 0x0a80  [ 7C3DD8DB6B6E75FCD2B1A0B041B884C4, 61012E5FFC91C5EF26D3B79D50C704DFF58B7EE6CBAB5BB5226946D69121DED0 ] C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe
07:16:58.0646 0x0a80  IAStorIcon - ok
07:16:58.0708 0x0a80  [ 4420BBAC770EB87AB74E4B9146E18924, 6DB78DB9FD72F1E8C7651D2B3FF090CB4A8C90BA0D11F69D533960CE67170CFC ] C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe
07:16:58.0724 0x0a80  BLEServicesCtrl - ok
07:16:58.0724 0x0a80  BTMTrayAgent - ok
07:16:58.0739 0x0a80  [ DD81D91FF3B0763C392422865C9AC12E, F5691B8F200E3196E6808E932630E862F8F26F31CD949981373F23C9D87DB8B9 ] C:\Windows\system32\rundll32.exe
07:16:58.0770 0x0a80  Logitech Download Assistant - ok
07:16:58.0880 0x0a80  [ 65FE31BF767ACB069896D639BA585C36, 443AA33AE3999E42BA63B324DB148B204B6BE14A7E54BAB8C4FDD96539987E11 ] C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
07:16:58.0880 0x0a80  CSFTrayApp - ok
07:16:58.0958 0x0a80  [ 98612B185D226486E1F691C55EBE7F12, A8284BBC4622B00AD7BC591534256988D54A598D506B7B244B2ABDF929722B2F ] C:\Program Files\Dell\Dell Data Protection\Encryption\Local Console\CmgSysTray.exe
07:16:58.0958 0x0a80  LocalSecurityAgent - ok
07:16:59.0114 0x0a80  [ B294823B9028F6C30BC0F79AD04C726D, 59661BE9FC087CA89FBE906BF20FD735E5B47D579CE0D466AE1B01BDE33554EB ] C:\Windows\system32\EmsServiceHelper.exe
07:16:59.0192 0x0a80  EmsService - ok
07:16:59.0426 0x0a80  [ 7B214267AD189EF67170228EAF549E6F, 2ED428B3B3BC6013061A8FC4A295362E13ECC27FA532148E84B842493AED17E9 ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
07:16:59.0597 0x0a80  IntelPROSet - ok
07:16:59.0644 0x0a80  [ 50E81F5F143F4ABBCCC4BDF92D70C383, E5723A1CCC0E0B22F36A035ADCFE78D98A97A77CBD9D34CF95E75B78C139F175 ] C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
07:16:59.0660 0x0a80  USB3MON - ok
07:16:59.0722 0x0a80  [ BC47ABD9F73C6D6A1DEFFF21A815DFF6, C9EC15D1BD40E852CF61B089820DC4F6DFDC8AF1FA8434D2E7712ADCD7B9AB00 ] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
07:16:59.0722 0x0a80  Dell Webcam Central - ok
07:16:59.0800 0x0a80  [ 47EA5F76FAB723C61AB4A0D79BAD512C, A7A38EB0A7068B160E6949945EF639F999A06AE35746F6E79C7350745798E5C9 ] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
07:16:59.0831 0x0a80  Adobe ARM - ok
07:17:00.0096 0x0a80  [ 818DA091BF0F17AFDFA19CF39226FF0F, 3967E0C3E111EB8E0E0F7D275F9E8F2C36536474842ECEF2153C9128749CB20A ] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe
07:17:00.0377 0x0a80  Intuit SyncManager - ok
07:17:00.0674 0x0a80  [ 545676F48851A5C65A38CAE5B5518C95, F7CD893B8198AA22347CB96A61C258217FA0A1B1CC1733784B5FD84A7B208264 ] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
07:17:00.0689 0x0a80  APSDaemon - ok
07:17:00.0705 0x0a80  [ 016B31B67ACDF4AEB325FAC166684E5D, 3C22DF4E55554EB16EA2CA5927285C35E2A6C3DE22ACDDCD68492EAFAD4B0A9F ] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe
07:17:00.0720 0x0a80  ControlCenter4 - ok
07:17:01.0204 0x0a80  [ 84ED734D77A8F8B7E56C954D42731945, 12E51DF14DEE016B7FE53221D58B47DF27E9BB840B49CB334A99A42777570D4A ] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
07:17:01.0485 0x0a80  BrStsMon00 - ok
07:17:01.0672 0x0a80  [ F502D167FC410346BA29AE349D5FE5E7, B6AF18748BDE6D14497D239E568C3DCD854418C5FD0A64C939BACCE6A11B2D8D ] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
07:17:01.0688 0x0a80  ConnectionCenter - ok
07:17:01.0719 0x0a80  [ D88B2D487439305A2EC308A6796C3044, 79DF0A41ECB08D5BEB3393B2BA15E6C88AD626803E1734EFBA0DBE4ECF7274D7 ] C:\Program Files (x86)\iTunes\iTunesHelper.exe
07:17:01.0719 0x0a80  iTunesHelper - ok
07:17:01.0797 0x0a80  [ E39E50740CC9DA4DE984EDA0745FD7CE, 622C7D40779271EA4275CE5B89F2DA17B41122F3E0AF3B93828184A037DE9B62 ] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
07:17:01.0828 0x0a80  Carbonite Backup - ok
07:17:02.0015 0x0a80  [ CA595FA53E6C797EC1AB43AFB4B4F183, A0A7DDD2ECA97D6533DF908861C000B69C327184F4FFC7C4D971AE4651AD337F ] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
07:17:02.0015 0x0a80  iCloudServices - ok
07:17:02.0031 0x0a80  [ 096407F0CB75519F4DBFBA5BB413187B, 9F7A13FA6DA2B2FE58B69AD94DA372DA0C73918C1E3C57D1BC8F7662875C7CBD ] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
07:17:02.0031 0x0a80  ApplePhotoStreams - ok
07:17:02.0046 0x0a80  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
07:17:02.0062 0x0a80  RoboForm - ok
07:17:02.0218 0x0a80  [ 9DFDDB86952846EAD3E00F9399724CBE, 800A3C55D9D166F80068A265A389A335F7105312429CC9983909DC46B242A8C7 ] C:\Users\ASAP Consulting\AppData\Local\Apps\2.0\RHJO8VBN.E8Q\7JG4ANAZ.6DA\dell..tion_0f612f649c4a10af_0005.0009_14e1a3fbfbaf942c\DellSystemDetect.exe
07:17:02.0234 0x0a80  DellSystemDetect - ok
07:17:02.0234 0x0a80  [ BDC28D69C3AB3AD7C3188CF2843F6927, EC7D422E4BCE106047AAAA81E5F965061EEA9F3FD52FC645E241F1E24690D3FC ] C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
07:17:02.0234 0x0a80  RoboForm - ok
07:17:02.0234 0x0a80  Waiting for KSN requests completion. In queue: 190
07:17:03.0248 0x0a80  Waiting for KSN requests completion. In queue: 190
07:17:04.0262 0x0a80  Waiting for KSN requests completion. In queue: 190
07:17:05.0291 0x0a80  AV detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x50000 ( disabled : updated )
07:17:05.0291 0x0a80  FW detected via SS2: Norton Security Suite, C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\WSCStub.exe ( 21.6.0.0 ), 0x51010 ( enabled )
07:17:08.0162 0x0a80  ============================================================
07:17:08.0162 0x0a80  Scan finished
07:17:08.0162 0x0a80  ============================================================
07:17:08.0162 0x0c2c  Detected object count: 0
07:17:08.0162 0x0c2c  Actual detected object count: 0
07:17:20.0532 0x0c94  Deinitialize success
 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 29 October 2014 - 02:46 PM

This looks very good. No more active malware has been found.

Uninstall Combofix:
Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.
3w7i5uxa.png


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Mozilla Firefox 32.0.3
Internet Explorer Version 10

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.
 


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 alfadreamer1

alfadreamer1
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:15 AM

Posted 29 October 2014 - 03:58 PM

Deeprybka,

Thank you for all your help.    Please have a beer on me, check your paypal.



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 30 October 2014 - 12:19 AM

Thank you very much! :)
party.gif


Take care!
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:15 PM

Posted 30 October 2014 - 12:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users