# Is CAFADEBUG text file Malware - Can't remove it



## lgerbrandt (Jun 28, 2006)

Problem: Since the textfile CAFADEBUG appeared in one of my document folders, I've had problems with internmittent failure of audio on the internet, and startup has gotten a lot slower. I'm pasting the text that's in this file after SYSINFO below. Outside google search on it names it as a DWARVES and ELVES hijacking of program exception handlers that is almost impossible to detect and remove. In my case, it seems to start with the Conexant Audio filter.

I've tried removing this file and the first time I did it went away but then came back on reboot. Since then I haven't been able to remove it and the symptoms above have remained.

No Malware problems are reported by Malwarebytes Anti-Malware Pro and Adware. I've run SYSINFO - logfile is below: Hijackthis and ADWare Quarantine logfiles are in the next post after this one.

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 3986 Mb
Graphics Card: Intel(R) HD Graphics 4600, 2025 Mb
Hard Drives: C: Total - 121774 MB, Free - 87394 MB;
Motherboard: LENOVO, 20C5S01W00
Antivirus: Windows Defender, Disabled

CAFADEBUG textfile contents:
ćCAudioFilterAgent64.exe(tid 1b94) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1b94) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1b94) 15:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1b94) 31:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1b94) 31:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1b94) 265:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1b94) 68513:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68528:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68560:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68575:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68607:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68622:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68638:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 2965686:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 2966228:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 190c) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 190c) 15:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 190c) 218:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 14e8) 218:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 14e8) 74679:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74679:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74725:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74804:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74804:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74819:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74819:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74835:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9042647:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9045428:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9856328:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 12050369:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 12050384:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1a24) 249:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1a24) 67601:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 72601:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985485:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985516:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985791:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985812:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 2001833:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 2001833:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5778999:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779267:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779282:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779282:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779298:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779298:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779654:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5780218:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5781216:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1364) 46:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1364) 78:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1364) 78:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1364) 78:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1364) 250:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1364) 250:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1364) 250:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1364) 500:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1364) 3843:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 3906:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 3721331:[ J_WMSG] - WM_DEVICECHANGE message received

[Thank you for any help on removing this problem..]


----------



## lgerbrandt (Jun 28, 2006)

*Logfile of Trend Micro HijackThis v2.0.4
*Scan saved at 8:10:39 PM, on 3/17/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem5.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem6.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: ZoneAlarm AntiKeylogger IswSvc (IswSvc) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @oem14.inf,%WBFService_SvcDesc%;Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\System32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZoneAlarm AntiTheft - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe

--
End of file - 10551 bytes

*ADWare Quarantine Logfile
*C:\Users\LKGERB~1\AppData\Local\Temp\Uninstall.exe->C:\AdwCleaner\Quarantine\C\Users\LKGERB~1\AppData\Local\Temp\Uninstall.exe.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage.vir


----------



## lgerbrandt (Jun 28, 2006)

Problem: After the textfile CAFADEBUG.txt appeared in my Public directory I started having problems with the sound disappearing / turned off temporarily as long as I was in the application. I could get it back by rebooting my computer. But the problem still happens randomly, so I tried removing this textfile but couldn't. It said that another process was using the file, namely a Conexant Audio process. Here's my computer SYSINFO

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1 Pro, 64 bit
Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz, Intel64 Family 6 Model 60 Stepping 3
Processor Count: 4
RAM: 3986 Mb
Graphics Card: Intel(R) HD Graphics 4600, 2025 Mb
Hard Drives: C: Total - 121774 MB, Free - 88746 MB;
Motherboard: LENOVO, 20C5S01W00
Antivirus: Windows Defender, Disabled

*Here's the Hijackthis logfile:
*
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:10:39 PM, on 3/17/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - Startup: Send to OneNote.lnk = C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @oem5.inf,%BlueBcmBtRSupport.SVCNAME%;Bluetooth Driver Management Service (BcmBtRSupport) - Unknown owner - C:\Windows\system32\BtwRSupportService.exe (file missing)
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @C:\Windows\system32\CxAudMsg64.exe,-100 (CxAudMsg) - Unknown owner - C:\Windows\system32\CxAudMsg64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem6.inf,%ibm.svcDesc0%;Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\Windows\system32\ibmpmsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Wireless Bluetooth(R) 4.0 Radio Management - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
O23 - Service: ZoneAlarm AntiKeylogger IswSvc (IswSvc) - Check Point Software Technologies LTD - C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lenovo Microphone Mute (LENOVO.MICMUTE) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Conexant SmartAudio service (SAService) - Conexant Systems, Inc. - C:\Windows\system32\SAsrv.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\Windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: Lenovo Hotkey Client Loader (TPHKLOAD) - Lenovo Group Limited - C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @oem14.inf,%WBFService_SvcDesc%;Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\System32\valWBFPolicyService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZoneAlarm Privacy Service (ZAPrivacyService) - Check Point Software Technologies, Ltd. - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service: ZoneAlarm AntiTheft - Check Point Software Technologies Ltd. - C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe

--
End of file - 10551 bytes

*I have run ZoneAlarm, MalwareBytes, and AdW. ZA and Malwarebytes didn't find anything.

The Quarantine file for Adw is as follows [note: the Adw cleanup didn't solve the problem]
*
C:\Users\LKGERB~1\AppData\Local\Temp\Uninstall.exe->C:\AdwCleaner\Quarantine\C\Users\LKGERB~1\AppData\Local\Temp\Uninstall.exe.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.ask.com_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal.vir
C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage->C:\AdwCleaner\Quarantine\C\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage.vir

* Next, I ran the TDSS Rootkit Removing Tool. Everything came up OK except for the following lines at the end:
*
18:00:39.0271 0x06b0 Waiting for KSN requests completion. In queue: 118
18:00:40.0286 0x06b0 Waiting for KSN requests completion. In queue: 118
18:00:41.0302 0x06b0 Waiting for KSN requests completion. In queue: 118
18:00:42.0317 0x06b0 Waiting for KSN requests completion. In queue: 118
18:00:42.0724 0x1ad0 Object required for P2P: [ D339DF97110C5E2C01FA191787E60CA0 ] vm331avs
18:00:43.0333 0x06b0 Waiting for KSN requests completion. In queue: 85
18:00:44.0349 0x06b0 Waiting for KSN requests completion. In queue: 85
18:00:45.0364 0x06b0 Waiting for KSN requests completion. In queue: 85
18:00:46.0380 0x06b0 Waiting for KSN requests completion. In queue: 85
18:00:46.0411 0x1ad0 Object send P2P result: true
18:00:47.0635 0x06b0 AV detected via SS2: Windows Defender, C:\Program Files\Windows Defender\MSASCui.exe ( 4.7.205.0 ), 0x60100 ( disabled : updated )
18:00:47.0636 0x06b0 AV detected via SS2: ZoneAlarm Extreme Security Antivirus, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.226.0 ), 0x41000 ( enabled : updated )
18:00:47.0637 0x06b0 FW detected via SS2: ZoneAlarm Extreme Security Firewall, C:\Program Files (x86)\CheckPoint\ZoneAlarm\\MultiFix.exe ( 13.3.226.0 ), 0x41010 ( enabled )
18:01:00.0206 0x06b0 ============================================================
18:01:00.0206 0x06b0 Scan finished
18:01:00.0206 0x06b0 ============================================================
18:01:00.0206 0x124c Detected object count: 0
18:01:00.0206 0x124c Actual detected object count: 0
18:01:11.0794 0x10b4 Deinitialize success

* Finally, Here's the text that's in the CAFADEBUG.txt file that I can't remove and has register info about my sound device that is no longer working right :*
CAudioFilterAgent64.exe(tid 1b94) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1b94) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1b94) 15:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1b94) 31:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1b94) 31:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1b94) 62:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1b94) 78:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1b94) 156:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1b94) 265:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1b94) 68513:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68528:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68560:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68575:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68607:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68622:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 68638:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 2965686:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1b94) 2966228:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 190c) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 190c) 15:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 190c) 15:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 190c) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 190c) 31:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 190c) 109:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 190c) 218:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 14e8) 0:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 14e8) 31:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 14e8) 109:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 14e8) 218:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 14e8) 74679:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74679:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74725:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74804:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74804:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74819:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74819:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 74835:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9042647:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9045428:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 9856328:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 12050369:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 14e8) 12050384:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1a24) 0:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1a24) 46:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1a24) 140:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1a24) 249:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1a24) 67601:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 72601:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985485:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985516:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985791:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 1985812:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 2001833:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 2001833:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5778999:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779267:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779282:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779282:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779298:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779298:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5779654:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5780218:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1a24) 5781216:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1364) 46:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1364) 78:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1364) 78:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1364) 78:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1364) 250:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1364) 250:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1364) 250:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1364) 281:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1364) 281:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1364) 375:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1364) 500:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1364) 3843:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 3906:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 3721331:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 8801351:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 8801410:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 8801426:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 9477839:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1364) 9478189:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 0:[ J_STATE] - wWinMain

CAudioFilterAgent64.exe(tid 1544) 0:[ J_CMDLINE] - ParseRegistrySettings - AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1544) 0:[ J_CMDLINE] - ParseRegistrySettings - dwCmdLineOption | AFA_Settings = 8

CAudioFilterAgent64.exe(tid 1544) 0:[ J_CMDLINE] - Option - Run AFA as DTM

CAudioFilterAgent64.exe(tid 1544) 0:[ J_WINDOWS] - Windows Version is WINDOWS VISTA or later

CAudioFilterAgent64.exe(tid 1544) 15:[ J_DEVICE] - Attempt to Register the device notification.

CAudioFilterAgent64.exe(tid 1544) 15:[ J_DEVICE] - RegisterDeviceNotification() successfully.

CAudioFilterAgent64.exe(tid 1544) 15:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1544) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a06a9406-4e0b-4972-a3f2-b7d0031701b1}\apodebuggerinterface

CAudioFilterAgent64.exe(tid 1544) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1544) 31:[ J_IOCTL_V] - Enum Waikiki Device Interface Okay instance=0

CAudioFilterAgent64.exe(tid 1544) 31:[ J_IOCTL_V] - Opening \\?\hdaudio#func_01&ven_14f1&dev_510f&subsys_17aa5028&rev_1001#4&87e8d41&0&0001#{a265f694-adb4-4205-a43c-19da17ef25e6}\adragentinterface

CAudioFilterAgent64.exe(tid 1544) 31:[ J_IOCTL_V] - Open WaikikiDevice Interface Okay

CAudioFilterAgent64.exe(tid 1544) 31:[ J_DEVICE] - Device found. attached to the driver.

CAudioFilterAgent64.exe(tid 1544) 31:[ J_DEVICE] - Attempt to Register Unload Event.

CAudioFilterAgent64.exe(tid 1544) 31:[ J_DEVICE] - RegisterUnloadEvent() successfully.

CAudioFilterAgent64.exe(tid 1544) 31:[ J_DEVICE] - RegisterExtIntMicSenseEvent() successfully.

CAudioFilterAgent64.exe(tid 1544) 93:[ J_TOPO] - GetSignalPath From Pin 0 , To Pin 1 Speakers

CAudioFilterAgent64.exe(tid 1544) 93:[ J_TOPO_V] - 
<Pin 00 >
--
[Nodes 00 Volume Control]
--
[Nodes 01 Master Mute]
--
<Pin 01 Speakers>

CAudioFilterAgent64.exe(tid 1544) 93:[ J_TOPO] - Found an known signal path

CAudioFilterAgent64.exe(tid 1544) 203:[ J_STATE] - RegisterNotification 0

CAudioFilterAgent64.exe(tid 1544) 69818:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 69818:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 69881:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 69881:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 70006:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 70006:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 14352215:[ J_STATE] - WM_POWERBROADCAST message received. wParam =0000000a

CAudioFilterAgent64.exe(tid 1544) 14364139:[ J_STATE] - WM_POWERBROADCAST message received. wParam =0000000a

CAudioFilterAgent64.exe(tid 1544) 25417179:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 36286503:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 38223695:[ J_WMSG] - WM_DEVICECHANGE message received

CAudioFilterAgent64.exe(tid 1544) 38223695:[ J_WMSG] - WM_DEVICECHANGE message received

*["end of file": lgerbrandt wrote this and the following:]*

COMMENT: I did a little google-search-read looking for CAFADEBUG related info and found the wikipedia article on Exception handling which noted "Weimer and Necula [2008] wrote that a significant problem with exceptions is that they "create hidden control-flow paths [for error handling] that are difficult for programmers to reason about." [and easier for hackers to mal-reason about]?

QUESTION: Just made me wonder, is something on my computer hijacking a good portion of my register stack every chance it runs into these Conexant exceptions from it, not just slowing it down, causing some files to no longer be accessible or programs un-runable, and "Audio" problems, but up to something nefarious (what to they see and use in my register stacks)?

*Thanks for any help any of you can give!:up:*

NOTE TO ALL READERS: THE FOLLOWING 2 POSTS BY ME ARE REDUNDANT [SKIP THEM] AND WERE NOT INTENDED.
(I would delete them if I could. Anyone who has permission or access, thank you for deleting them for me.)


----------



## lgerbrandt (Jun 28, 2006)

*Need Help Removing CAFADEBUG Exception Processing Malware*

*I originally posted this request for Help 03/18/2015, but have not received a reply or been BUMPED. I would greatly appreciate any help I can get. 
*

Note: "Yesterday, I re-ran AdW. Some of the files that were removed in the first pass were eliminated but most have come back with AdW failing to permanently remove them. In looking again into the CAFADEBUG.txt file that I can't remove (the error triggered when I attempt any change to the file says it can't do it because my Conexant Audio process is running), it has has also now extended the number of rounds of hijacking my register stack from the original 7 to 18.

I believe it is progressively attaching itself to other files it finds in my register and my system will soon be totally degraded from the files it is damaging, that are coming up as missing in the AdW sweep. Can someone help me?"


----------



## JSntgRvr (Jul 1, 2003)

Welcome.

Sorry for the delay.

Please download Farbar Recovery Scan Tool and save it to your desktop.

*Note*: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click *Yes* to disclaimer.
Make sure that under *Optional Scans*, there is a checkmark on Addition.txt and Shortcut.
Press *Scan* button.
It will make a log (*FRST.txt*) in the same directory the tool is run. Please copy and paste it to your reply.
The tool will also produce another two logs (*Addition.txt and Shortcut.txt*). Please attach these to your reply.


----------



## lgerbrandt (Jun 28, 2006)

Note: This is the requested text file info from FRST.txt. I had to eliminate the 3-months file checks to get this textfile into an acceptable length. Finally, I have not run any Fix myself, so am not sure what was not done that I should have done. Thank you for helping.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by lkgerbrandt (administrator) on LKG on 22-03-2015 14:26:28
Running from C:\Users\lkgerbrandt\Downloads
Loaded Profiles: lkgerbrandt (Available profiles: CUSD & lkgerbrandt)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tposd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\shtctky.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\extapsup.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [LenovoOptMouseUpdate] => C:\Program Files\Lenovo\HOTKEY\extapsup.exe [255480 2013-06-20] (Lenovo Group Limited)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [384344 2014-02-17] (Lenovo.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2809072 2014-02-24] (Synaptics Incorporated)
HKLM\...\Run: [ISW] => C:\Program Files (x86)\CheckPoint\AKL\AkSA.exe [935544 2014-07-17] (Check Point Software Technologies LTD)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-05-14] (Vimicro)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [137352 2014-12-18] (Check Point Software Technologies Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3146230006-3855641446-3515958110-1003\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4369952 2014-11-07] (Fitbit, Inc.)
Startup: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-06-23] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-06-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-06-23] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-06-23] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-23] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-29] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-06-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll [2014-02-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)

Chrome: 
=======
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-18]
CHR Extension: (Google Drive) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-18]
CHR Extension: (InboxAce) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhnnbkdgamnemhklnljbjkailpeofnkf [2015-03-17]
CHR Extension: (YouTube) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-18]
CHR Extension: (Google Search) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-18]
CHR Extension: (MapsGalaxy) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\gajmedgoegakbkkfcenbomaeklfnmddl [2015-02-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Google Wallet) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-18]
CHR Extension: (Gmail) - C:\Users\lkgerbrandt\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5738528 2014-11-07] (Fitbit, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
R2 Intel(R) Wireless Bluetooth(R) 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-09-05] (Intel Corporation)
R2 IswSvc; C:\Program Files (x86)\CheckPoint\AKL\AkSVC.exe [1144952 2014-07-17] (Check Point Software Technologies LTD)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 valWBFPolicyService; C:\Windows\System32\valWBFPolicyService.exe [47504 2014-05-12] (Synaptics Incorporated)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [3599312 2014-12-18] (Check Point Software Technologies Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [96272 2014-08-14] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm AntiTheft; C:\Program Files (x86)\CheckPoint\AntiTheft\Antitheft.exe [3129480 2014-12-18] (Check Point Software Technologies Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35936 2013-04-10] (Advanced Micro Devices, Inc.)
S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1386296 2013-08-19] (Motorola Solutions, Inc.)
S3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [117192 2013-09-05] (Intel Corporation)
S3 icsak; C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys [48512 2014-07-17] (Check Point Software Technologies LTD)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [77456 2013-08-19] (Intel Corporation)
S3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R2 ISWKL; C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys [54144 2014-07-17] (Check Point Software Technologies LTD)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [7717984 2014-06-10] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [29616 2014-06-10] (Kaspersky Lab)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-11] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [490080 2014-06-10] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [30304 2014-06-10] (Kaspersky Lab ZAO)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [49760 2014-06-10] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [177760 2014-06-10] (Kaspersky Lab ZAO)
S3 LAN7500; C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys [96256 2013-11-07] (SMSC)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
S3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3589600 2013-09-25] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [418008 2013-06-24] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation )
R3 SensorsHIDClassDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2014-02-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-24] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1065344 2013-09-11] (Vimicro Corporation)
R1 Vsdatant; C:\Windows\System32\drivers\vsdatant.sys [450456 2014-08-13] (Check Point Software Technologies Ltd.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\System32\drivers\amdkmpfd.sys F64E34C6D563D7D955BAD3412D6E5084
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\system32\DRIVERS\ax88772.sys 943B743BEA5AE4EEA43250FFCC99C522
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\system32\drivers\bcbtums.sys 70433F7A216BD0B5EC7DA1202EE53E65
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\System32\drivers\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF
C:\Windows\System32\drivers\bthhfenum.sys 67343511D80BF3D6D9EEDB5BA8D0B06B
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\BthLEEnum.sys D30C67473A2E229662D21F27EAA9AAA5
C:\Windows\System32\drivers\bthmodem.sys 66B791F6B11DC4303DD18A224A501542
C:\Windows\System32\drivers\bthpan.sys 25BB93167DEF270188072603F92A1EF5
C:\Windows\System32\Drivers\BTHport.sys C37F4930795B771400C63C3C87E7A6C2
C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6
C:\Windows\system32\DRIVERS\btmaux.sys 5B8D71504FA8BFA308F6E1169B89D322
C:\Windows\system32\DRIVERS\btmhsf.sys A5D4D0B7EB24454777D6029AA6794D81
C:\Windows\system32\DRIVERS\btwampfl.sys 20C8EB70C0B179DF06A01CA503F4A824
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 3930E508DDA46C1FF68FD963F350AA0A
C:\Windows\system32\drivers\CHDRT64.sys CC9350EB9D1E52A471B164BE3F431335
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\csc.sys 9DBC32A45CFA67074432D2AF6C2832B6
C:\Windows\System32\drivers\dam.sys 315BA4BC19316D72B2E037534E048B93
C:\Windows\System32\drivers\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys E1BB0B6F00F470B451AB45EA13EBA0B3
C:\Windows\system32\DRIVERS\e1i63x64.sys FA988D76745C917CDFE20031C06DE860
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys D887446F3F6051C60C26F4FD1FC8D43F
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\system32\DRIVERS\ibmpmdrv.sys C5637F74E032C700B6F5D3EA03E8F636
C:\Windows\system32\DRIVERS\ibtusb.sys 9723755CBB230D61BFE49FE13D958C18
C:\Program Files (x86)\CheckPoint\AKL\ak\icsak.sys 854B4792CD35410B26399B9D4DD3021D
C:\Windows\system32\DRIVERS\igdkmd64.sys C38AFE18A40ADF005647090DD3AC24F3
C:\Windows\system32\drivers\intelaud.sys FC7C456AF9B9811499EDBD10616832EE
C:\Windows\System32\drivers\IntelPcc.sys E3F57FEBB3498C7AB35704365927A073
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys A770340FC02B999EF0DE6C2A6BC8437C
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\ISCTD64.sys 1ECC1A421B0AEBF9A6934451FBFD7848
C:\Program Files (x86)\CheckPoint\AKL\ISWKL.sys 7087B0ECB683F69D2D756ED41CFDFEA5
C:\Windows\System32\drivers\iwdbus.sys A90C843F4FDD7A07129BA73C6BE13976
C:\Windows\System32\drivers\kbdclass.sys A1D4D34A56DF1D5122CDB265038A2E72
C:\Windows\System32\drivers\kbdhid.sys 4A34D7084B862A92F3ABC4969166B3D3
C:\Windows\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\DRIVERS\kl1.sys 1C6256096A341051509D36AD724830BE
C:\Windows\System32\DRIVERS\klelam.sys F2EB9202FCCC81E0902D3C5A70037A44
C:\Windows\System32\DRIVERS\klif.sys 8DDFA5FFD0661A65C9BC02C15B8F157F
C:\Windows\system32\DRIVERS\klim6.sys B6822DEFE601629F19E0A2D7F0D623F2
C:\Windows\system32\DRIVERS\klwfp.sys 6C21DCF4E605161BC79DF1E627A856F4
C:\Windows\system32\DRIVERS\kneps.sys 4954376B8B18F7F8AA479AF9DB3D2921
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys 15C8C65CEA018C02EA0F648448C491C5
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\system32\DRIVERS\lan7500-x64-n630f.sys A1BB82B637A2107FBC78E5515042A0F5
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\system32\drivers\mbam.sys CA43F8904E24BBE49982E4C0B29E6579
C:\Windows\system32\drivers\MBAMSwissArmy.sys 26C43960C99EE861A5D0EDC4DCF3B1C3
C:\Windows\system32\drivers\mwac.sys 9D7BFFDB5FA62B600DF1FCB4919D9D79
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\TeeDriverx64.sys E0EF6C1399A9B1AAA0B28590411BED04
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 2A2F8D5284E59815169A88F1FC9CEE28
C:\Windows\System32\drivers\mouhid.sys 91223A2AE2955B3E0DA3DB79C3A897A6
C:\Windows\System32\drivers\mountmgr.sys D1D82F007A079A4D623DBD1F36EF30A1
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys DB32958F0E704EFBF7F15161A569E39F
C:\Windows\System32\DRIVERS\mrxsmb.sys 31233271EDE50D1BBB220F78AFA60486
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6276AC2AA203CF47811F6EFBBD214FBF
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 21FE65E2E67C4E31EE95CBD1F91C4B24
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys 82821F4EEC776B4CF11695A38F3ABA46
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys DDD7F92A83F74D1476B71FBA9530A8DC
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\system32\DRIVERS\NETwbw02.sys 31D3E4959C410A7DEC2109CA8BF369AD
C:\Windows\system32\DRIVERS\NETwew02.sys B636B4A8E59A73033B766EA7FD7C3B81
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 7F68063A5A0461E02BC860CE0E6BFDDC
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys 24A8DFC07E4BAF29AEA26E383D4CC886
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\System32\drivers\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\system32\DRIVERS\Rt630x64.sys 19764658C1468C2C0CEF133D28414A6B
C:\Windows\system32\DRIVERS\RtsPer.sys 61EF084BB097FFAB50D05EE5115F7F98
C:\Windows\system32\DRIVERS\rtwlane.sys 79F9D44C9022BE848C8862518B9E7866
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys 7B7C482CF48E6EE33664340D1A78E6FE
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 96B01F117057FB4DAE0FF919ACB55770
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\DRIVERS\Apsx64.sys EF92588890C3ADEE806D6EE7E3892D99
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\Smb_driver_AMDASF.sys 3915DB9FE2BE9429474554D6B8442CAB
C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys 0E70F937F5C8620FE9346D99B5332BB5
C:\Windows\System32\drivers\spaceport.sys D24B1945ED1F9C96DA786DBBF1E983CE
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04
C:\Windows\System32\DRIVERS\srv2.sys 00D8AC8E3053290BDE6EA2FB6810D2FC
C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\system32\DRIVERS\SynTP.sys EC1D81B99C52C4DE1FB6B6F2FC7639FF
C:\Windows\System32\drivers\tcpip.sys 468273F7089A3A33D149955F0F203FA4
C:\Windows\system32\DRIVERS\tcpip.sys 468273F7089A3A33D149955F0F203FA4
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\System32\DRIVERS\ApsHM64.sys A61D61672153DFF710CA33186D2C8B18
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\system32\drivers\usbaudio.sys DF355EB0199198728027962DCFCDE5FB
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60
C:\Windows\System32\drivers\UsbHub3.sys FAA564A13576F9284546BF016D27B551
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\Windows\System32\drivers\USBXHCI.SYS 1A20F03700D2B2ED775E38D751EF2F63
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys C06E8481E068F170A258441639AC5792
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\System32\Drivers\vm331avs.sys D339DF97110C5E2C01FA191787E60CA0
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB
C:\Windows\System32\drivers\vpci.sys EF31713EE4C7CCFE4049F7E7F15645A2
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\drivers\vsdatant.sys 8F1E531D36D95B0586DA00D546AB8B9A
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 35BF5C5F5E3C9902C98978C7640574DA
C:\Windows\system32\DRIVERS\vwifimp.sys 65ED7B9CFEA893DF7748D5FF692690DE
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\drivers\WdBoot.sys 1751F6B031ADAC34724511057D2E455D
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys D296D0F0DB2CD1504F90405603664493
C:\Windows\System32\Drivers\WdNisDrv.sys 9F4DF0043965808973023A9B51A11136
C:\Windows\System32\DRIVERS\wfplwfs.sys BAB713B409258DB7B5D9F9693F802B0E
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\System32\drivers\WinUSB.sys AC263C2F66405589528995AA41040599
C:\Windows\System32\drivers\wmbclass.sys 810D99C5DB8A44D1E3733B93DAACB65A
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\System32\drivers\WSDScan.sys 58035FD3369879E02D65989C44D27450
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager
---------------------
identifier {fwbootmgr}
displayorder {bootmgr}
{bb4a810b-0d21-11e4-8379-28d244a7840d}
{bb4a8104-0d21-11e4-8379-28d244a7840d}
{bb4a8105-0d21-11e4-8379-28d244a7840d}
{bb4a8106-0d21-11e4-8379-28d244a7840d}
{bb4a8107-0d21-11e4-8379-28d244a7840d}
{bb4a8108-0d21-11e4-8379-28d244a7840d}
{bb4a8109-0d21-11e4-8379-28d244a7840d}
{bb4a810a-0d21-11e4-8379-28d244a7840d}
timeout 2

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\bootmgfw.efi
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {bb4a8111-0d21-11e4-8379-28d244a7840d}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Firmware Application (101fffff)
-------------------------------
identifier {bb4a80fd-0d21-11e4-8379-28d244a7840d}
description Setup

Firmware Application (101fffff)
-------------------------------
identifier {bb4a80fe-0d21-11e4-8379-28d244a7840d}
description Boot Menu

Firmware Application (101fffff)
-------------------------------
identifier {bb4a80ff-0d21-11e4-8379-28d244a7840d}
description Diagnostic Splash Screen

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8100-0d21-11e4-8379-28d244a7840d}
description Lenovo Diagnostics

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8101-0d21-11e4-8379-28d244a7840d}
description Startup Interrupt Menu

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8102-0d21-11e4-8379-28d244a7840d}
description Rescue and Recovery

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8103-0d21-11e4-8379-28d244a7840d}
description MEBx Hot Key

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8104-0d21-11e4-8379-28d244a7840d}
description USB CD

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8105-0d21-11e4-8379-28d244a7840d}
description USB FDD

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8106-0d21-11e4-8379-28d244a7840d}
description ATAPI CD0

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8107-0d21-11e4-8379-28d244a7840d}
description ATA HDD0

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8108-0d21-11e4-8379-28d244a7840d}
description ATA HDD1

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8109-0d21-11e4-8379-28d244a7840d}
description ATA HDD2

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810a-0d21-11e4-8379-28d244a7840d}
description USB HDD

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810b-0d21-11e4-8379-28d244a7840d}
description PCI LAN

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810c-0d21-11e4-8379-28d244a7840d}
description IDER BOOT CDROM

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810d-0d21-11e4-8379-28d244a7840d}
description IDER BOOT Floppy

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810e-0d21-11e4-8379-28d244a7840d}
description ATA HDD

Firmware Application (101fffff)
-------------------------------
identifier {bb4a810f-0d21-11e4-8379-28d244a7840d}
description ATAPI CD

Firmware Application (101fffff)
-------------------------------
identifier {bb4a8110-0d21-11e4-8379-28d244a7840d}
description PCI LAN

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.efi
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {87ac6dba-eae7-11e3-9aad-c2729e4139dd}
integrityservices Enable
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {bb4a8111-0d21-11e4-8379-28d244a7840d}
nx OptOut
bootmenupolicy Standard

Resume from Hibernate
---------------------
identifier {bb4a8111-0d21-11e4-8379-28d244a7840d}
device partition=C:
path \Windows\system32\winresume.efi
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {87ac6dba-eae7-11e3-9aad-c2729e4139dd}
recoveryenabled Yes
isolatedcontext Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \EFI\Microsoft\Boot\memtest.efi
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

LastRegBack: 2015-03-17 10:48

==================== End Of Log ============================

Percentage of memory in use: 45%
Total physical RAM: 3986.63 MB
Available physical RAM: 2175.78 MB
Total Pagefile: 4690.63 MB
Available Pagefile: 2591.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.92 GB) (Free:81.33 GB) NTFS
Drive e: () (Removable) (Total:14.89 GB) (Free:11.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


----------



## JSntgRvr (Jul 1, 2003)

There is no malware detected in that log. The text file you refer to looks like a debug report created by the file *CAudioFilterAgent64.exe*. Debug information can be dumped anywhere in the computer.

Please post the addition.txt log to see if we can relate that file to an installed program.

Also, please download *SystemLook* from one of the links below and save it to your Desktop.

*32 bit Download Mirror #1
32 bit Download Mirror #2*

For 64bit systems, Please download *SystemLook* from the link below and save it to your Desktop.

*64 bit Download Mirror*


Double-click *SystemLook.exe* (or SystemLook_x64.exe) to run the application.
Copy the content of the following quote box into the main textfield:


> :filefind
> CAudioFilterAgent64.exe



Click the *Look* button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

*Note:* The log can also be found on your Desktop entitled *SystemLook.txt*


----------



## lgerbrandt (Jun 28, 2006)

I've added both Addition.txt and Shortcuts.txt first and SystemLook after that:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by lkgerbrandt at 2015-03-22 14:32:45
Running from C:\Users\lkgerbrandt\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ZoneAlarm Extreme Security Antivirus (Enabled - Up to date) {23B6D20A-C2DE-B3F5-C67D-07ECD854E6A9}
AS: ZoneAlarm Extreme Security Anti-Spyware (Enabled - Up to date) {98D733EE-E4E4-BC7B-FCCD-3C9EA3D3AC14}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Extreme Security Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.9.0 - Conexant)
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Fitbit Connect (HKLM-x32\...\{E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}) (Version: 2.0.0.6512 - Fitbit Inc.)
Google Chrome (HKLM-x32\...\{51020C27-7422-3FBE-9480-4CB1CCC8E2CC}) (Version: 65.156.32827 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 3.0.1335.5) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Lenovo Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.67.09.03 - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3146230006-3855641446-3515958110-1003\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
Microsoft OneDrive for Business 2013 - en-us (HKLM\...\GrooveRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Online Services Sign-in Assistant (HKLM\...\{46E637E2-AC34-4B45-B5DF-D20903A3DB61}) (Version: 7.250.4303.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 8.30.00 - )
PC Tune-Up (x32 Version: 2.2.0.1 - ZoneAlarm) Hidden
Photo Story 3 for Windows (HKLM-x32\...\{4F41AD68-89F2-4262-A32C-2F70B01FCE9E}) (Version: 3.0.1115.11 - Microsoft Corporation)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.7.34 - Synaptics Incorporated)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.79.00.03 - Lenovo)
ZoneAlarm Antivirus (x32 Version: 13.3.226.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Extreme Security (HKLM-x32\...\ZoneAlarm Extreme Security) (Version: 13.3.226.000 - Check Point)
ZoneAlarm Find My Laptop (x32 Version: 13.3.226.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 13.3.226.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security (x32 Version: 13.3.226.000 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3146230006-3855641446-3515958110-1003_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3146230006-3855641446-3515958110-1003_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lkgerbrandt\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

04-03-2015 09:47:23 Scheduled Checkpoint
10-03-2015 14:48:39 Windows Update
17-03-2015 19:39:22 Installed HiJackThis
22-03-2015 11:59:41 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {12523107-691B-4633-BB20-5E2F13BD433A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-10] (Microsoft Corporation)
Task: {17D040DC-CC2D-43A8-A065-E6BEE32FEE02} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-02-24] (Synaptics Incorporated)
Task: {33AC912B-F706-4415-8B4B-355BF9C9E82C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {35365A19-4236-4AEF-A63D-CA05AF21AE9F} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-3146230006-3855641446-3515958110-1003 => %localappdata%\Microsoft\OneDrive\OneDrive.exe
Task: {51FC7EC7-1A00-457B-827C-62643AD4F5E2} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {5510E45F-186D-4516-BD6C-C02D166FB129} - System32\Tasks\Microsoft Office 15 Sync Maintenance for LKG-lkgerbrandt LKG => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {6D6F147F-080C-484F-AFA7-FF36057DE93E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {6FC06519-7162-49D6-9E7B-C17BD1E83ABC} - \WPD\SqmUpload_S-1-5-21-3146230006-3855641446-3515958110-1001 No Task File <==== ATTENTION
Task: {73C62C4B-4250-4B10-8D53-45F05F53422F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A955DF61-E50A-48F5-92E2-7A1B0FF91BCD} - \Optimize Start Menu Cache Files-S-1-5-21-3146230006-3855641446-3515958110-1001 No Task File <==== ATTENTION
Task: {B5DD8484-CE1D-4758-BE8D-9EF442B46B28} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {BBE89545-667D-4B48-9C4C-A8DB72AFDC67} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C6E16C5A-46C8-4C83-B45F-603A2B6246AE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {F6AA9B5F-D104-4F8D-906D-6BC9E3A96B05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: {FB74C94D-7A79-4C02-B6DC-443B4170EF48} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-23] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-07-28 14:02 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-17 10:12 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-03-17 10:12 - 2015-01-27 07:13 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-12-06 16:05 - 2014-12-06 16:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-12-06 16:04 - 2014-12-06 16:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-10-28 13:22 - 2014-10-28 13:22 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-03-20 14:27 - 2015-03-14 03:12 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libglesv2.dll
2015-03-20 14:27 - 2015-03-14 03:12 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\libegl.dll
2015-03-20 14:27 - 2015-03-14 03:12 - 09278792 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\pdf.dll
2015-03-20 14:27 - 2015-03-14 03:12 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.101\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\lkgerbrandt\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3146230006-3855641446-3515958110-1003\Control Panel\Desktop\\Wallpaper -> C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 75.75.75.75 - 75.75.76.76

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "SmartAudio"
HKLM\...\StartupApproved\Run: => "TpShocks"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "331BigDog"
HKU\S-1-5-21-3146230006-3855641446-3515958110-1003\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3146230006-3855641446-3515958110-1003\...\StartupApproved\Run: => "Fitbit Connect"

==================== Accounts: =============================

Administrator (S-1-5-21-3146230006-3855641446-3515958110-500 - Administrator - Disabled)
CUSD (S-1-5-21-3146230006-3855641446-3515958110-1002 - Administrator - Enabled) => C:\Users\CUSD
Guest (S-1-5-21-3146230006-3855641446-3515958110-501 - Limited - Disabled)
lkgerbrandt (S-1-5-21-3146230006-3855641446-3515958110-1003 - Administrator - Enabled) => C:\Users\lkgerbrandt

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2015 02:12:40 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2884) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (03/22/2015 02:12:39 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (4540) WindowsMail0: The backup has been stopped because it was halted by the client or the connection with the client failed.

Error: (03/22/2015 11:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x1814
Faulting application start time: 0xcAudioFilterAgent64.exe0
Faulting application path: cAudioFilterAgent64.exe1
Faulting module path: cAudioFilterAgent64.exe2
Report Id: cAudioFilterAgent64.exe3
Faulting package full name: cAudioFilterAgent64.exe4
Faulting package-relative application ID: cAudioFilterAgent64.exe5

Error: (03/22/2015 11:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x584
Faulting application start time: 0xcAudioFilterAgent64.exe0
Faulting application path: cAudioFilterAgent64.exe1
Faulting module path: cAudioFilterAgent64.exe2
Report Id: cAudioFilterAgent64.exe3
Faulting package full name: cAudioFilterAgent64.exe4
Faulting package-relative application ID: cAudioFilterAgent64.exe5

Error: (03/22/2015 11:27:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x530
Faulting application start time: 0xcAudioFilterAgent64.exe0
Faulting application path: cAudioFilterAgent64.exe1
Faulting module path: cAudioFilterAgent64.exe2
Report Id: cAudioFilterAgent64.exe3
Faulting package full name: cAudioFilterAgent64.exe4
Faulting package-relative application ID: cAudioFilterAgent64.exe5

Error: (03/22/2015 11:27:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x17f4
Faulting application start time: 0xcAudioFilterAgent64.exe0
Faulting application path: cAudioFilterAgent64.exe1
Faulting module path: cAudioFilterAgent64.exe2
Report Id: cAudioFilterAgent64.exe3
Faulting package full name: cAudioFilterAgent64.exe4
Faulting package-relative application ID: cAudioFilterAgent64.exe5

Error: (03/22/2015 11:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x1698
Faulting application start time: 0xCAudioFilterAgent64.exe0
Faulting application path: CAudioFilterAgent64.exe1
Faulting module path: CAudioFilterAgent64.exe2
Report Id: CAudioFilterAgent64.exe3
Faulting package full name: CAudioFilterAgent64.exe4
Faulting package-relative application ID: CAudioFilterAgent64.exe5

Error: (03/22/2015 11:09:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x12e0
Faulting application start time: 0xCAudioFilterAgent64.exe0
Faulting application path: CAudioFilterAgent64.exe1
Faulting module path: CAudioFilterAgent64.exe2
Report Id: CAudioFilterAgent64.exe3
Faulting package full name: CAudioFilterAgent64.exe4
Faulting package-relative application ID: CAudioFilterAgent64.exe5

Error: (03/22/2015 11:09:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: CAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x1ba8
Faulting application start time: 0xCAudioFilterAgent64.exe0
Faulting application path: CAudioFilterAgent64.exe1
Faulting module path: CAudioFilterAgent64.exe2
Report Id: CAudioFilterAgent64.exe3
Faulting package full name: CAudioFilterAgent64.exe4
Faulting package-relative application ID: CAudioFilterAgent64.exe5

Error: (03/22/2015 10:58:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Faulting module name: cAudioFilterAgent64.exe, version: 1.7.66.0, time stamp: 0x5264bf29
Exception code: 0xc0000005
Fault offset: 0x000000000008d654
Faulting process id: 0x2190
Faulting application start time: 0xcAudioFilterAgent64.exe0
Faulting application path: cAudioFilterAgent64.exe1
Faulting module path: cAudioFilterAgent64.exe2
Report Id: cAudioFilterAgent64.exe3
Faulting package full name: cAudioFilterAgent64.exe4
Faulting package-relative application ID: cAudioFilterAgent64.exe5

System errors:
=============
Error: (03/22/2015 00:33:19 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/22/2015 11:29:15 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/22/2015 09:09:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/22/2015 03:32:09 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (03/21/2015 04:46:59 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/21/2015 02:02:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/21/2015 08:30:21 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/20/2015 07:28:50 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/20/2015 04:34:11 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Error: (03/20/2015 04:31:25 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126

Microsoft Office Sessions:
=========================
Error: (03/22/2015 02:12:40 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail2884WindowsMail0:

Error: (03/22/2015 02:12:39 PM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail4540WindowsMail0:

Error: (03/22/2015 11:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cAudioFilterAgent64.exe1.7.66.05264bf29cAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d654181401d064cdfe7c6478C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe3c373e8f-d0c1-11e4-8367-90489a1bcdec

Error: (03/22/2015 11:28:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cAudioFilterAgent64.exe1.7.66.05264bf29cAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d65458401d064cdfe77a1b1C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe3c3279c7-d0c1-11e4-8367-90489a1bcdec

Error: (03/22/2015 11:27:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cAudioFilterAgent64.exe1.7.66.05264bf29cAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d65453001d064cde55e8037C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe23195a3d-d0c1-11e4-8367-90489a1bcdec

Error: (03/22/2015 11:27:47 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cAudioFilterAgent64.exe1.7.66.05264bf29cAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d65417f401d064cde559bd70C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe2316f7ea-d0c1-11e4-8367-90489a1bcdec

Error: (03/22/2015 11:22:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CAudioFilterAgent64.exe1.7.66.05264bf29CAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d654169801d064cd27fc41fdC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exeC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe65cc91b8-d0c0-11e4-8367-90489a1bcdec

Error: (03/22/2015 11:09:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CAudioFilterAgent64.exe1.7.66.05264bf29CAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d65412e001d064cb68b53bbaC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exeC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exea674d90a-d0be-11e4-8366-90489a1bcdec

Error: (03/22/2015 11:09:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: CAudioFilterAgent64.exe1.7.66.05264bf29CAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d6541ba801d064cb50667d81C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exeC:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe8e346aea-d0be-11e4-8366-90489a1bcdec

Error: (03/22/2015 10:58:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cAudioFilterAgent64.exe1.7.66.05264bf29cAudioFilterAgent64.exe1.7.66.05264bf29c0000005000000000008d654219001d064c9c61b2fc6C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exeC:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe03df9537-d0bd-11e4-8365-90489a1bcdec

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3-4000M CPU @ 2.40GHz
Percentage of memory in use: 45%
Total physical RAM: 3986.63 MB
Available physical RAM: 2175.78 MB
Total Pagefile: 4690.63 MB
Available Pagefile: 2591.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.75 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.92 GB) (Free:81.33 GB) NTFS
Drive e: () (Removable) (Total:14.89 GB) (Free:11.01 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 14.9 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

Users shortcut scan result (x64) Version: 11-03-2015
Ran by lkgerbrandt at 2015-03-22 14:33:22
Running from C:\Users\lkgerbrandt\Downloads
Boot Mode: Normal
==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Camera.lnk -> C:\Windows\Camera\Camera.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk -> C:\Windows\FileManager\FileManager.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Ultranav (Touchpad Clickpad Trackpad TrackPoint Mouse).lnk -> C:\Windows\System32\main.cpl (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Story 3 for Windows.lnk -> C:\Program Files (x86)\Photo Story 3 for Windows\PhotoStory3.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotosApp.lnk -> C:\Windows\FileManager\PhotosApp.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Store.lnk -> C:\Windows\WinStore\WinStore.htm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Easy Transfer.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..onwizardapplication_31bf3856ad364e35_6.3.9600.16384_none_ab3976f4684c4cbf\migwiz.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\Silverlight.Configuration.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\excel.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\groove.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\onenote.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\outlook.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\winword.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Program Files\Microsoft Office 15\root\office15\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center\Microsoft Mouse and Keyboard Center.lnk -> c:\Windows\Installer\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}\DeviceCenter.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Fitbit Connect Website.lnk -> C:\Program Files (x86)\Fitbit Connect\Fitbit Connect website.URL ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Fitbit Connect.lnk -> C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe (Fitbit, Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Diagnostics Tool.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\diagnostics\DiagnosticsCaptureTool.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Logs.lnk -> C:\ProgramData\CheckPoint\ZoneAlarm\Logs ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm PC Tune-Up.lnk -> C:\Program Files (x86)\PC Tune-Up\PCTuneUp.exe (Large Software)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point\ZoneAlarm\ZoneAlarm Security.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..diagnostic-schedule_31bf3856ad364e35_6.3.9600.16384_none_8494fc474dae8abd\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-p..erandprintui-pmcppc_31bf3856ad364e35_6.3.9600.16384_none_fc26a1f754a8abfc\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-msconfig-exe_31bf3856ad364e35_6.3.9600.16384_none_cb389e8e71b71705\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\microsoft shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-snippingtool-app_31bf3856ad364e35_6.3.9600.16384_none_8a82623a5d99fa56\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-soundrecorder_31bf3856ad364e35_6.3.9600.16384_none_8fc7a5ae06da6033\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-stickynotes-app_31bf3856ad364e35_6.3.9600.16384_none_de0517088d429664\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.3.9600.16384_none_69b80c71fc5d6b55\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\Links\Desktop.lnk -> C:\Users\lkgerbrandt\Desktop ()
Shortcut: C:\Users\CUSD\Links\Downloads.lnk -> C:\Users\lkgerbrandt\Downloads ()
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\lkgerbrandt\Documents ()
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\lkgerbrandt\Pictures ()
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.3.9600.16384_none_4b5854e4df3a2068\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\Links\Desktop.lnk -> C:\Users\lkgerbrandt\Desktop ()
Shortcut: C:\Users\Default\Links\Downloads.lnk -> C:\Users\lkgerbrandt\Downloads ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\lkgerbrandt\Documents ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\lkgerbrandt\Pictures ()
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.3.9600.16384_none_4b5854e4df3a2068\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\Links\Desktop.lnk -> C:\Users\lkgerbrandt\Desktop ()
Shortcut: C:\Users\lkgerbrandt\Links\Downloads.lnk -> C:\Users\lkgerbrandt\Downloads ()
Shortcut: C:\Users\lkgerbrandt\Documents\LKG ADDRESS BOOK - Shortcut.lnk -> C:\Documents and Settings\lkgerbrandt\Desktop\LKG ADDRESS BOOK.xls ()
Shortcut: C:\Users\lkgerbrandt\Desktop\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\excel.exe ()
Shortcut: C:\Users\lkgerbrandt\Desktop\HiJackThis.lnk -> C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\lkgerbrandt\Desktop\Office Word 2003 Look - Shortcut.lnk -> C:\Program Files\Microsoft Office 15\root\Templates\1033\Office Word 2003 Look.dotx ()
Shortcut: C:\Users\lkgerbrandt\Desktop\OneNote 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\onenote.exe ()
Shortcut: C:\Users\lkgerbrandt\Desktop\Outlook 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\outlook.exe ()
Shortcut: C:\Users\lkgerbrandt\Desktop\PowerPoint 2013.lnk -> C:\Program Files\Microsoft Office 15\root\office15\powerpnt.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\lkgerbrandt\Documents ()
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\lkgerbrandt\Pictures ()
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk -> C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe (Trend Micro Inc.)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2013.lnk -> C:\Program Files\Microsoft Office 15\Data\Delta\root\office15\excel.exe ()
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\ThreatEmulation.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\ThreatEmulation.exe (Check Point Software Technologies, Ltd.)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.3.9600.16384_none_4b5854e4df3a2068\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Adobe Reader XI.lnk -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes Corporation)
Shortcut: C:\Users\Public\Desktop\ZoneAlarm Security.lnk -> C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies Ltd.)
Shortcut: C:\Users\Test\Links\Desktop.lnk -> C:\Users\lkgerbrandt\Desktop ()
Shortcut: C:\Users\Test\Links\Downloads.lnk -> C:\Users\lkgerbrandt\Downloads ()
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows.Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-m..lepc-mobilitycenter_31bf3856ad364e35_6.3.9600.16384_none_4b5854e4df3a2068\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Uninstall QuickTime.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /i {111EE7DF-FC45-40C7-98A7-753AC46B12FB} /qf
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre7\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect\Uninstall Fitbit Connect.lnk -> C:\Windows\SysWOW64\msiexec.exe (Microsoft Corporation) -> /x {E54705FB-98A6-4C03-B2DC-D8C3B5486DCD}
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-s..ment-policytools-ex_31bf3856ad364e35_6.3.9600.16384_none_4a1db5a9150ca547\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\CUSD\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.3.9600.16384_none_69b80c71fc5d6b55\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\CUSD\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.3.9600.16384_none_69b80c71fc5d6b55\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Office 365\Microsoft Office 365 Portal.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> https://portal.microsoftonline.com
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.3.9600.16384_none_69b80c71fc5d6b55\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files\Microsoft Office 15\root\office15\outlook.exe (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\lkgerbrandt\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Test\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\WinSxS\amd64_microsoft-windows-f..client-applications_31bf3856ad364e35_6.3.9600.16384_none_69b80c71fc5d6b55\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0
ShortcutWithArgument: C:\Users\Test\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

InternetURL: C:\Users\CUSD\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Default\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\lkgerbrandt\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\Test\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

==================== End of log =============================

SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 22/03/2015 by lkgerbrandt
Administrator - Elevation successful

========== filefind ==========

Searching for "CAudioFilterAgent64.exe"
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe	--a---- 909016 bytes	[17:58 22/03/2015]	[20:44 21/10/2013] 1FAAD7BCFB9E64DCD7DFCF34289447E7

-= EOF =-


----------



## JSntgRvr (Jul 1, 2003)

Yes, it is part of the CONEXANT Audio Filter Agent. Not malware. Run MsConfig and select the *SmartAudio* item in the startup tab.

Other than this, is there other issues with the computer?


----------



## lgerbrandt (Jun 28, 2006)

This is good news - thank you! 

Not sure how to carry out the next steps. I would have known what to do on XP to run MsConfig because the Start tab gave me such easy access wherever I wanted to go. On 8.1 how do I get to 'Run' - could you give me the steps and what I would be accomplishing - the reason for doing them? 

In my case, a little bit of knowledge was dangerous I guess. In reading about the difficult to program and yet hidden powers of of someone being able to examine anything in the registers over time, I wanted to be certain that this was legitimate Conexant Audio error handling that was going on. Just an FYI...but it seemed odd to me that there was nothing I could do to get rid of the CAFADEBUG.log and it kept growing every time I booted my computer and accessed the internet, yet after I ran the FRST program, I was then able to delete this file, and it hasn't come back doing the same things - puzzling (?).


----------



## JSntgRvr (Jul 1, 2003)

Startup in Windows 8: http://www.intowindows.com/how-to-disable-startup-programs-in-windows-8-1/

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

*CAFADEBUG.log*

It then should look like:

*Search: CAFADEBUG.log*

Click *Search Files* button and post the log (Search.txt) it makes on the USB drive in your next reply.


----------



## lgerbrandt (Jun 28, 2006)

Just double-checking...I deleted the copy of CAFADEBUG.log (I made a note about this in my prior post). Will this search for it still work - that is, does it need to find it on one of my folders, or is it what I am trying to find in the start file? (sorry if it's a dumb question)...I'll go ahead now with your request re: running FRST anyway...


----------



## JSntgRvr (Jul 1, 2003)

I want to know if it has re-spawned. Run the search option in FRST.


----------



## lgerbrandt (Jun 28, 2006)

Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by lkgerbrandt at 2015-03-23 15:22:57
Running from C:\Users\lkgerbrandt\Downloads
Boot Mode: Normal

================== Search Files: "CAFADEBUG.log" =============

====== End Of Search ======

Apparently not...

Is there a next step? E.g., look in Startup for something lingering re: your earlier suggestion, or ?


----------



## JSntgRvr (Jul 1, 2003)

No, seems it is gone.

We need to remove the tools we've used during cleaning your machine


Download Delfix from *here*
Ensure *Remove disinfection tools* is ticked
*Also tick:
*
Create registry backup
Purge system restore










Click *Run*
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply


----------



## lgerbrandt (Jun 28, 2006)

# DelFix v10.8 - Logfile created 23/03/2015 at 20:45:30
# Updated 29/07/2014 by Xplode
# Username : lkgerbrandt - LKG
# Operating System : Windows 8.1 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Program Files (x86)\Trend Micro\Hijackthis
Deleted : C:\TDSSKiller.3.0.0.44_17.03.2015_17.59.17_log.txt
Deleted : C:\Users\lkgerbrandt\Desktop\HiJackThis.lnk
Deleted : C:\Users\lkgerbrandt\Downloads\Addition.txt
Deleted : C:\Users\lkgerbrandt\Downloads\AdwCleaner.exe
Deleted : C:\Users\lkgerbrandt\Downloads\adwcleaner_4.112.exe
Deleted : C:\Users\lkgerbrandt\Downloads\CKScanner (1).exe
Deleted : C:\Users\lkgerbrandt\Downloads\CKScanner.exe
Deleted : C:\Users\lkgerbrandt\Downloads\FRST.exe
Deleted : C:\Users\lkgerbrandt\Downloads\FRST.txt
Deleted : C:\Users\lkgerbrandt\Downloads\FRST64.exe
Deleted : C:\Users\lkgerbrandt\Downloads\JRT (1).exe
Deleted : C:\Users\lkgerbrandt\Downloads\JRT (2).exe
Deleted : C:\Users\lkgerbrandt\Downloads\JRT.exe
Deleted : C:\Users\lkgerbrandt\Downloads\HiJackThis.msi
Deleted : C:\Users\lkgerbrandt\Downloads\Search.txt
Deleted : C:\Users\lkgerbrandt\Downloads\Shortcut.txt
Deleted : C:\Users\lkgerbrandt\Downloads\SystemLook.txt
Deleted : C:\Users\lkgerbrandt\Downloads\SystemLook_x64 (1).exe
Deleted : C:\Users\lkgerbrandt\Downloads\SystemLook_x64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #28 [Scheduled Checkpoint | 03/04/2015 16:47:23]
Deleted : RP #29 [Windows Update | 03/10/2015 21:48:39]
Deleted : RP #30 [Installed HiJackThis | 03/18/2015 02:39:22]
Deleted : RP #31 [Windows Update | 03/22/2015 18:59:41]

New restore point created !

########## - EOF - ##########


----------



## JSntgRvr (Jul 1, 2003)

Congratulations. Here are some suggestions.


Always keep your *JAVA* updated. Older versions will make your computer vulnerable.

*Windows Updates* - It is *very important* to make sure that both Internet Explorer and Windows are kept current with *the latest critical security patches* from Microsoft
For information and guidelines to follow to prevent future infections you can read * this article * by *Miekiemoes*.

I will mark this topic as solved.

Best wishes!


----------



## lgerbrandt (Jun 28, 2006)

Thank you very much for your help in solving this. A good experience...your promptness, efficiency in getting to a solution, and consideration of best approaches were all greatly appreciated. I'll look back in the getting started forums for how to go about donating...My best


----------



## JSntgRvr (Jul 1, 2003)

You are welcome.


----------

