View Full Version : New advertising malware?
jhrowehl
2015-02-21, 18:37
I have some advertising malware that loads false Iexplore processes after approximately 1 minute after opening either Firefox or Internet Explorer. Here are the logs from Farbar and aswMBR:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-02-2015
Ran by Henry (administrator) on ELSERVICE13 on 21-02-2015 11:09:26
Running from C:\Users\Henry\Documents\Downloads\Spybot
Loaded Profiles: Henry (Available profiles: Henry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\nsmservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(DigitalPersona, Inc.) C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\netsetman.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpAgent.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
(Invincea, Inc.) C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
() C:\ProgramData\BOINC\slots\6\enigma_0.76.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
(Safer Networking Limited) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [InvProtect] => C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe [6779592 2015-02-12] (Invincea, Inc.)
HKLM\...\Run: [CANON P-215II SVC] => rundll32.exe P215IISvc.dll,EntryPointUserMessage
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetSetMan] => C:\Program Files (x86)\NetSetMan\netsetman.exe [5414056 2014-06-03] (Ilja Herlein)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [1893224 2012-02-23] (TODO: <Company name>)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [P-215II CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe [2251056 2014-03-30] (Canon Electronics Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\DPAgent.exe,
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-02] (AMD)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-19] (SlySoft, Inc.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [DellSystemDetect] => C:\Users\Henry\AppData\Local\Apps\2.0\NAYH0GJE.AQP\Z389LM6C.22Q\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1310488628-551009281-1505269296-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1310488628-551009281-1505269296-1000 -> {09B51FB5-BBE0-487A-81B4-F16DC548B604} URL =
BHO: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll (Invincea, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll (Invincea, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\pkmcdo.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668
FF Homepage: www.excite.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF user.js: detected! => C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\user.js
FF Extension: Ant Video Downloader - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\anttoolbar@ant.com [2015-01-17]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Garmin Communicator - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-26]
FF Extension: QuickJava - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-26]
FF Extension: Invincea Web Redirector - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\webredirector@invincea.com [2015-02-20]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-11-01]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-11-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2542288 2014-08-13] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [199888 2014-08-13] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2150088 2015-02-12] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 nsmService; C:\Program Files (x86)\NetSetMan\nsmservice.exe [1277608 2014-06-02] (Ilja Herlein)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [232448 2014-09-30] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-19] (Nuance Communications, Inc.)
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 RWAR3HV_0002_0; C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE [430592 2013-08-14] (Visioneer Inc.)
R2 RWAR3Monitor; C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe [223744 2014-11-11] (Visioneer Inc.) [File not signed]
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174792 2015-02-12] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2012-03-21] (TheGreenBow)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{B72A21F9-6C42-44BF-BEBD-DD11EDF0E075}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2310488 2014-02-13] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [52232 2015-02-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183816 2015-02-12] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2012-03-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140976 2012-03-21] (TheGreenBow)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-08-02] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [107008 2006-11-22] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2006-11-09] (WIBU-SYSTEMS AG)
S3 cpuz134; \??\C:\Users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-20 18:26 - 2015-02-20 18:26 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2015-02-19 20:29 - 2015-02-19 20:29 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 20:29 - 2015-02-19 20:29 - 00001850 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-16 16:26 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 16:26 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-15 14:01 - 2015-02-15 14:01 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-12 21:42 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:42 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:05 - 2015-02-20 14:20 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00003224 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-10 16:42 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:42 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 16:42 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:42 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 16:42 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 16:42 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 16:42 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 16:42 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 16:42 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 16:42 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 16:42 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 16:42 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:42 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 16:42 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:42 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:42 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:42 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 16:42 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 16:42 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 16:41 - 2015-02-16 16:55 - 00025260 _____ () C:\Windows\system32\ScanResults.xml
2015-02-10 16:41 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:41 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 16:41 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 16:41 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 16:41 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 16:41 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:41 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 16:41 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:41 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 16:41 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 16:41 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 16:41 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 16:41 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:41 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 16:41 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 16:41 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 16:41 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:41 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 16:41 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 16:41 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 16:41 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 16:41 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 16:41 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:41 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 16:41 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 16:41 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 16:40 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:34 - 2015-02-16 16:48 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-08 12:18 - 2015-02-08 19:00 - 00000165 _____ () C:\Windows\Reimage.ini
2015-02-07 09:20 - 2015-02-07 09:20 - 00000000 ____D () C:\Users\Henry\AppData\Local\GARMIN_Corp
2015-02-03 22:09 - 2015-02-21 11:09 - 00000000 ____D () C:\FRST
2015-02-03 22:07 - 2015-02-03 22:07 - 00000000 ____D () C:\RegBackup
2015-01-27 17:02 - 2015-01-27 17:02 - 00001017 _____ () C:\Users\Henry\Desktop\AVIGenerator.lnk
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Program Files (x86)\AVIGenerator
2015-01-27 17:01 - 2015-01-27 17:04 - 00000000 ____D () C:\Users\Henry\VideoPlayer Picture
2015-01-27 17:01 - 2015-01-27 17:01 - 00001079 _____ () C:\Users\Public\Desktop\LorexPlayer11.exe.lnk
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\VideoPlayer
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lorex Player 11
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Lorex
2015-01-26 17:35 - 2015-02-20 18:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-21 11:06 - 2014-11-02 11:06 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-21 10:56 - 2014-10-26 17:06 - 00058338 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-21 10:28 - 2014-10-26 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-21 10:20 - 2014-11-15 13:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-21 08:45 - 2014-11-02 00:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-20 22:20 - 2014-11-15 13:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-20 20:56 - 2015-01-03 09:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-20 18:31 - 2014-10-26 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-20 18:31 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-20 18:31 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-20 18:26 - 2014-10-26 17:07 - 00001974 _____ () C:\Users\Public\Desktop\Protected Workspace.lnk
2015-02-20 18:26 - 2014-10-26 17:07 - 00000000 ____D () C:\Program Files (x86)\Invincea
2015-02-20 18:25 - 2014-10-26 16:38 - 01932833 _____ () C:\Windows\WindowsUpdate.log
2015-02-20 18:23 - 2014-11-29 16:32 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-20 18:23 - 2014-11-01 11:51 - 00131072 ___SH () C:\CredSED.dat
2015-02-20 18:22 - 2015-01-11 15:06 - 00005564 _____ () C:\Windows\setupact.log
2015-02-20 18:22 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-20 17:32 - 2009-07-14 00:13 - 00798530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-20 13:15 - 2014-11-02 00:27 - 00000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2015-02-20 13:11 - 2014-11-02 00:27 - 00000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2015-02-20 13:08 - 2014-11-14 22:26 - 00001063 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-02-19 22:17 - 2014-11-03 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 21:31 - 2014-11-01 12:58 - 00000000 ____D () C:\Users\Henry\Documents\Garmin Data
2015-02-19 20:40 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Henry\Documents\D
2015-02-19 20:30 - 2014-11-03 20:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 20:29 - 2014-11-03 20:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-19 20:29 - 2014-10-26 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 19:49 - 2014-11-18 17:09 - 00000184 _____ () C:\Windows\setscan.ini
2015-02-18 19:48 - 2014-11-01 20:20 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\.oit
2015-02-18 07:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-14 22:53 - 2015-01-14 16:53 - 00002678 _____ () C:\Windows\PFRO.log
2015-02-13 21:01 - 2014-11-01 19:09 - 00000000 ____D () C:\Users\Henry\Documents\Garmin
2015-02-13 20:50 - 2014-11-03 20:32 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GARMIN
2015-02-13 20:38 - 2014-11-03 20:35 - 00000000 ____D () C:\Users\Henry\AppData\Local\Garmin
2015-02-12 17:17 - 2009-07-13 23:45 - 00316800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 17:16 - 2014-11-01 13:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\CrashDumps
2015-02-12 17:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 16:46 - 2014-11-01 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 16:41 - 2014-11-01 11:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 16:37 - 2014-11-02 12:58 - 00000000 ____D () C:\Program Files (x86)\NetSetMan
2015-02-11 13:17 - 2014-11-01 13:31 - 00000000 ____D () C:\Users\Henry\Documents\AGFM
2015-02-11 11:04 - 2014-11-05 18:35 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\Program Files\Dell
2015-02-09 21:22 - 2014-11-01 19:10 - 00000000 ____D () C:\Users\Henry\Documents\Humor
2015-02-09 05:38 - 2014-11-17 06:06 - 00000576 _____ () C:\wifi-debug.xml
2015-02-07 12:17 - 2014-11-01 20:09 - 00000000 ____D () C:\Users\Henry\Documents\Product Manuals
2015-02-05 16:21 - 2014-11-05 18:33 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2015-02-05 12:28 - 2014-10-26 16:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:28 - 2014-10-26 16:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:28 - 2014-10-26 16:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:15 - 2014-11-15 13:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:15 - 2014-11-15 13:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 09:30 - 2014-11-01 10:31 - 00000000 ____D () C:\Users\Henry
2015-02-04 09:27 - 2014-12-26 13:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 09:27 - 2014-12-04 22:11 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-04 09:27 - 2014-11-08 17:45 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-02-04 09:27 - 2014-11-03 20:39 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\IrfanView
2015-02-04 09:27 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GHISLER
2015-02-04 09:27 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-04 09:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 09:26 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-02 09:58 - 2014-11-03 16:33 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-01-27 16:01 - 2014-11-01 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-26 16:33 - 2014-11-02 00:27 - 00000000 ____D () C:\DVR
2015-01-24 10:22 - 2014-11-09 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
==================== Files in the root of some directories =======
2014-12-25 11:45 - 2015-01-19 21:59 - 0000263 _____ () C:\Users\Henry\AppData\Roaming\Binary Clock_Settings.ini
2014-11-02 00:27 - 2015-02-20 13:11 - 0000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2014-11-02 00:27 - 2015-02-20 13:15 - 0000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2014-11-05 20:40 - 2014-12-31 10:37 - 0072704 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 17:45 - 2014-11-01 17:45 - 0000093 _____ () C:\Users\Henry\AppData\Local\fusioncache.dat
2014-11-04 06:34 - 2014-12-28 23:19 - 0007597 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2014-11-12 21:31 - 2014-11-12 21:31 - 0000040 ___SH () C:\ProgramData\.zreglib
Some content of TEMP:
====================
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\AppData\Local\Temp\sqlite3.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 00:48
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-02-2015
Ran by Henry at 2015-02-21 11:10:16
Running from C:\Users\Henry\Documents\Downloads\Spybot
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{BF728146-387A-B1FE-28F1-F25B5363D5EA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4293 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
BOINC (HKLM\...\{0DF28429-855F-4BDC-B264-058D2785965E}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Canon driver for P-215II (x64) (HKLM\...\{29365D7E-86E6-4828-AFE5-0BDBE73A39F6}) (Version: 1.0.5197 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Application (HKLM-x32\...\{2F5ED7FC-EB58-41C8-ACBD-094362D6DA4F}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Mail (HKLM-x32\...\{B6ADDC04-4138-490A-80B6-7D874008F281}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for PaperPort 14 (HKLM-x32\...\{1458CC10-F280-4D16-A791-B72893FC1DA1}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Presto! BizCard 6 (HKLM-x32\...\{8662E3EE-8811-4CDE-9B4C-2B75A3746DA8}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Printer (HKLM-x32\...\{BDFF5BF0-2949-450D-8030-E6892B0DB03C}) (Version: 1.0.5200 - Canon Electronics Inc.)
CmgMasterPrerequisites (x32 Version: 1.4.1.777 - Credant Technologies Inc.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{AB904BBA-B274-44E7-9FDD-E96E5D69F9D3}) (Version: 2.3.440.224 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (HKLM\...\{05FDD00D-1C45-44D1-AB3F-C24D45C39457}) (Version: 8.4.1.1717 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.1.777 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.1.777 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Data Vault (Version: 4.0.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell Precision Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 02.00.07 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.5.19821 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
DraftSight (HKLM-x32\...\{87A003CE-22FD-4952-9B0F-B98304A13427}) (Version: 8.1.398 - Dassault Systemes)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Learn Microsoft Visual Basic 6.0 Now (HKLM-x32\...\Learn Microsoft Visual Basic 6.0 Now) (Version: - )
Lorex Client 10 (HKLM-x32\...\Lorex Client) (Version: 10 - )
Lorex Player 11 (HKLM-x32\...\{CA8CEEE3-8F1B-4A27-80A4-A1A00A3AE3F5}) (Version: 1.2.14 - Lorex)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio for Enterprise Architects SR-1 [English] (HKLM-x32\...\{90560409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.3313 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Learning Edition (HKLM-x32\...\Visual Basic 6.0 Learning Edition) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio .NET Enterprise Architect 2003 - English (HKLM-x32\...\Visual Studio .NET Enterprise Architect 2003 - English) (Version: - Microsoft)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Sunbird (0.9) (HKLM-x32\...\Mozilla Sunbird (0.9)) (Version: 0.9 (en-US) - Mozilla)
MSDN Library - April 2003 (HKLM-x32\...\{8F729180-4934-49B5-8DAF-9320F5AAEE95}) (Version: 7.40.3085 - Microsoft)
MSDN Library - Visual Studio 6.0 (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
NETGEAR VPN Client Lite (HKLM-x32\...\NETGEAR VPN Client Lite) (Version: - NETGEAR)
NetSetMan Pro 3.7.3 (HKLM-x32\...\NetSetMan_is1) (Version: 3.7.3 - Ilja Herlein)
Nuance OmniPage 18 (HKLM-x32\...\{10FD521E-11D1-4A08-A497-BB49B701C6D8}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{43A4BB54-C319-4207-8948-42E79E66F47F}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM\...\{D117E04F-3FF8-45E2-8C1A-3E173C3111FE}) (Version: 7.30.6212 - Nuance Communications, Inc.)
OneTouch 4 ScanSoft OmniPage 16.2 OCR Module (HKLM-x32\...\{F80376CE-BB27-4757-B2A1-F3873F7FC457}) (Version: 2.0.0 - Visioneer)
OneTouch 4.6 (HKLM-x32\...\{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}) (Version: 4.6.2014.9305 - Visioneer Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
P-215II CaptureOnTouch (HKLM-x32\...\{21FE8257-EF7A-46A9-B4A0-C50E4E55795E}) (Version: 3.0 - Canon Electronics Inc.)
P-215II UserManual (HKLM-x32\...\{AA1A23EF-80B0-4F98-A0A5-603D2441657B}) (Version: 1.05.0000 - Canon Electronics Inc.)
PLI Viewer (HKLM-x32\...\PLI Viewer_is1) (Version: - Henry Rowehl)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6023 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scansoft PDF Professional (x32 Version: - ) Hidden
Scope (HKLM-x32\...\{F4070264-6752-4B25-82CD-451356E80E3C}) (Version: 5.23.0.0 - )
Scope (x32 Version: 5.23.0.0 - GFM GmbH, Austria) Hidden
Scope (x32 Version: 5.6.3.0 - GFM GmbH, Austria) Hidden
SetIP (HKLM-x32\...\SetIP) (Version: 2.00.00.00 - Xerox Ltd.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
Ulead Photo Express 4.0 SE (HKLM-x32\...\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}) (Version: - )
Ulead VideoStudio 7 SE Basic (HKLM-x32\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
Visioneer Acuity Assets V1 (HKLM-x32\...\{8D4A39B4-5D75-462C-89A2-81C1D887B9B5}) (Version: 5.1.812.11295 - Visioneer)
Visioneer Acuity Assets V1 (HKLM-x32\...\{B18BA00A-8857-4A54-B1CF-82BBB33CBF96}) (Version: 5.1.1114.7042 - Visioneer Inc.)
Visioneer RoadWarrior 3 Driver (HKLM-x32\...\{518D2CF0-1451-4A51-B420-FA9C19ED9599}) (Version: 5.1.13.8153 - Visioneer Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD My Cloud (HKLM\...\{432F3CFC-ED41-4CDC-9D8F-6643C8A71CEA}) (Version: 1.0.6.13 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WIBU-KEY Setup (WIBU-KEY Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 5.20b of 2007-Apr-18 (Setup) - WIBU-SYSTEMS AG)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Xerox WorkCentre 3315 (HKLM-x32\...\Xerox WorkCentre 3315) (Version: - Xerox Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
15-02-2015 19:28:27 Windows Backup
16-02-2015 16:27:01 Windows Update
19-02-2015 20:27:48 Garmin Express
19-02-2015 20:29:06 Garmin Express
20-02-2015 18:24:16 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-11-23 09:56 - 2014-12-26 17:06 - 00992043 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 fr.a2dfp.net
127.0.0.1 m.fr.a2dfp.net
127.0.0.1 mfr.a2dfp.net
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 static.a-ads.com
127.0.0.1 abcstats.com
127.0.0.1 ad4.abradio.cz
127.0.0.1 a.abv.bg
127.0.0.1 adserver.abv.bg
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 ca.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 track.acclaimnetwork.com
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 achmedia.com
127.0.0.1 csh.actiondesk.com
127.0.0.1 ads.activepower.net
127.0.0.1 app.activetrail.com
127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
127.0.0.1 traffic.acwebconnecting.com
127.0.0.1 office.ad1.ru
127.0.0.1 cms.ad2click.nl
127.0.0.1 ad2games.com
127.0.0.1 ads.ad2games.com
127.0.0.1 content.ad20.net
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01CDA079-E77B-421B-90B9-75C2DAAF2326} - System32\Tasks\{77EC7949-2166-4C99-A482-47664618375C} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {0E57CEDD-C6BA-479E-824F-9D9FB0182642} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {26894EDA-0EB2-4937-B448-CD4DF445DD75} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {28B4D76D-CFC1-4BAF-A663-74CC919672C3} - System32\Tasks\{B43AC92C-8F82-4E72-883E-4A0B25F47BF4} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {3C1EFCB7-E81C-4EAA-95D3-D8A1A6D12A6F} - System32\Tasks\{321E17FF-DD87-4263-80FD-AD992F7D62E1} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {403103E9-5857-43F7-A4A4-C9F3B1691BB6} - System32\Tasks\Dell\PPO SM Manual Update => C:\Program Files\Dell\PPO\DcsuWrap.exe [2014-08-15] (Dell Inc.)
Task: {4B573AF8-25FE-49CC-AD1C-6ABE3F9FB781} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {571D3241-AEDC-4FA5-95E4-FF50179E65E6} - System32\Tasks\NetSetMan => C:\Program Files (x86)\NetSetMan\netsetman.exe [2014-06-03] (Ilja Herlein)
Task: {68D5D6E6-27B2-46DC-A690-A49805D6FCF5} - System32\Tasks\{18C23A6D-5405-41EE-8CBF-019CDF144345} => C:\totalcmd\TOTALCMD.EXE [2012-08-03] (Ghisler Software GmbH)
Task: {6E5BD55F-4A0A-4D72-9B2B-551C35D8517C} - System32\Tasks\{E5774B80-584C-477F-BDD4-089CE253FC27} => pcalua.exe -a C:\Users\Henry\Documents\Downloads\Visioneer\HiddenDevices.exe -d C:\Users\Henry\Documents\Downloads\Visioneer
Task: {7BD388DD-3811-4416-BF3B-F40C41F0A149} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C04DBAF-00AC-4F7E-AA99-AB71337B4664} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {94179557-D46C-4493-A857-704EA6934870} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A22AFACB-6E1C-43DB-9A40-4BA28C01CBF0} - System32\Tasks\{76300760-610E-4F6A-871B-95BDAA2C3F34} => D:\SETUP.EXE
Task: {A3910C73-9DED-42CC-86EB-38687AD85BC2} - System32\Tasks\{BB86F365-1D4E-482E-AC11-BF302E1FD6F7} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {BFF99A1F-B2E1-4E8B-8889-FB37398862B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C24C108D-795C-499C-B91C-B46713D3ABE2} - System32\Tasks\{F0E1B53D-B723-4DE0-BCFC-7E82834E305A} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {DE7DE3E1-7DDA-42B8-BDED-247F8E2BBEBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {E2244DBB-385A-4C62-B727-9E65B19AEB08} - System32\Tasks\{665DC180-863A-496B-857C-BC8F4F3B89FD} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {EC53F16E-BE76-4247-86BD-646CA3DAB8A5} - System32\Tasks\{62BE403F-5535-4C72-A461-AE9059E0B730} => D:\SETUP.EXE
Task: {F4D39289-4BC2-4A70-8FF9-12990900D3E3} - System32\Tasks\{9CF71E80-E39E-4CEA-9770-D5981D522BF6} => D:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-11 17:59 - 2014-09-11 17:59 - 00303968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2014-11-01 12:58 - 2011-07-28 11:55 - 00034304 _____ () C:\Windows\System32\sxr2mlm.dll
2014-11-01 12:58 - 2012-11-06 06:48 - 01214464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sxr2mdu.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00062816 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00079200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00036192 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00129376 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00666464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00879456 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00707424 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00353632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 01507680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00047968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\FVEProvider.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2007-07-23 15:05 - 2007-07-23 15:05 - 00066544 _____ () C:\Program Files\Roxio\Drag-to-Disc\DLAAPI_W.DLL
2014-10-26 17:08 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2015-02-12 18:19 - 2015-02-12 18:19 - 00615112 _____ () C:\Program Files (x86)\Invincea\Enterprise\X64\SqlliteICD.dll
2014-10-26 17:08 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2014-11-02 11:13 - 2014-11-02 11:18 - 28693504 _____ () C:\ProgramData\BOINC\projects\boinc.bakerlab.org_rosetta\minirosetta_3.52_windows_x86_64.exe
2014-11-02 11:46 - 2014-11-02 11:46 - 00510976 _____ () C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
2015-02-20 12:37 - 2014-11-02 11:46 - 00057856 _____ () C:\ProgramData\BOINC\slots\6\enigma_0.76.exe
2013-03-25 12:42 - 2013-03-25 12:42 - 00021824 _____ () C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\SSLSupport.dll
2014-08-13 08:27 - 2014-08-13 08:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 12:34 - 2014-07-29 12:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-07-29 12:34 - 2014-07-29 12:34 - 00136192 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec-mscrypto.dll
2014-07-29 12:34 - 2014-07-29 12:34 - 00303616 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxmlsec.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-26 17:08 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-12-26 13:20 - 2008-06-19 17:35 - 00333288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll
2014-12-26 13:16 - 2008-03-04 15:52 - 00790392 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll
2014-12-26 13:16 - 2008-03-05 10:34 - 00795520 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll
2014-12-26 13:16 - 2008-02-26 12:04 - 00717176 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll
2014-12-26 13:11 - 2008-12-24 18:23 - 00121344 _____ () C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll
2015-01-26 17:35 - 2015-01-26 17:35 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-12-27 12:46 - 2014-12-27 12:46 - 00133120 _____ () C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.222.220
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
ACTUser (S-1-5-21-1310488628-551009281-1505269296-1005 - Limited - Enabled)
Administrator (S-1-5-21-1310488628-551009281-1505269296-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1310488628-551009281-1505269296-1003 - Limited - Enabled)
Guest (S-1-5-21-1310488628-551009281-1505269296-501 - Limited - Enabled)
Henry (S-1-5-21-1310488628-551009281-1505269296-1000 - Administrator - Enabled) => C:\Users\Henry
HomeGroupUser$ (S-1-5-21-1310488628-551009281-1505269296-1011 - Limited - Enabled)
SQLDebugger (S-1-5-21-1310488628-551009281-1505269296-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Visioneer RoadWarrior 3
Description: Visioneer RoadWarrior 3
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Visioneer Incorporated
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/21/2015 11:10:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (02/21/2015 10:55:09 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Dnscache service.
Error: (02/20/2015 06:21:13 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/20/2015 05:23:49 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/19/2015 08:28:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Garmin Core Update Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (02/19/2015 08:25:38 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
Error: (02/19/2015 08:25:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
Error: (02/19/2015 08:25:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
Error: (02/19/2015 08:25:36 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR3.
Error: (02/18/2015 03:26:16 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The AVGIDSAgent service did not shut down properly after receiving a preshutdown control.
Error: (02/18/2015 03:25:36 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (02/21/2015 11:10:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:38 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:28 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:25 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/21/2015 11:10:24 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
CodeIntegrity Errors:
===================================
Date: 2014-11-09 16:43:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:46:22.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:36:23.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:55:27.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:30:57.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:08:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:52:31.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:44:27.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:39:25.794
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:21:17.096
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 46%
Total physical RAM: 16289.21 MB
Available physical RAM: 8701.4 MB
Total Pagefile: 32576.6 MB
Available Pagefile: 22761.98 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:620.07 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-03 22:19:21
-----------------------------
22:19:21.866 OS Version: Windows x64 6.1.7601 Service Pack 1
22:19:21.866 Number of processors: 8 586 0x3C03
22:19:21.867 ComputerName: ELSERVICE13 UserName: Henry
22:19:26.400 Initialize success
22:19:26.548 VM: initialized successfully
22:19:26.549 VM: Intel CPU supported
22:19:47.886 VM: disk I/O iaStorA.sys
22:21:36.322 AVAST engine defs: 15020300
22:21:44.138 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006d
22:21:44.141 Disk 0 Vendor: Size: 0MB BusType: 0
22:21:44.227 Disk 0 MBR read successfully
22:21:44.229 Disk 0 MBR scan
22:21:44.233 Disk 0 Windows VISTA default MBR code
22:21:44.235 Disk 0 MBR hidden
22:21:44.250 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
22:21:44.264 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12014 MB offset 81920
22:21:44.272 Disk 0 Boot: NTFS code=1
22:21:44.284 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941814 MB offset 24686592
22:21:44.323 Disk 0 scanning C:\Windows\system32\drivers
22:21:54.190 Service scanning
22:22:10.965 Modules scanning
22:22:10.969 Disk 0 trace - called modules:
22:22:10.976 ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys SEDFilter.sys stdcfltn.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
22:22:10.980 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d825790]
22:22:10.984 3 CLASSPNP.SYS[fffff880015b143f] -> nt!IofCallDriver -> [0xfffffa800d743b90]
22:22:10.988 5 Wdf01000.sys[fffff88000ef2fe9] -> nt!IofCallDriver -> [0xfffffa800d741cb0]
22:22:10.992 7 stdcfltn.sys[fffff880019cdd12] -> nt!IofCallDriver -> [0xfffffa800d740ab0]
22:22:10.996 9 iaStorF.sys[fffff880019f4f84] -> nt!IofCallDriver -> \Device\0000006d[0xfffffa800d7179c0]
22:22:14.783 AVAST engine scan C:\Windows
22:22:18.296 AVAST engine scan C:\Windows\system32
22:27:03.108 AVAST engine scan C:\Windows\system32\drivers
22:27:13.412 AVAST engine scan C:\Users\Henry
22:34:59.390 Disk 0 MBR has been saved successfully to "C:\Users\Henry\Documents\Downloads\Spybot\MBR.dat"
22:34:59.407 The log file has been saved successfully to "C:\Users\Henry\Documents\Downloads\Spybot\aswMBR.txt"
aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-02-21 11:13:01
-----------------------------
11:13:01.894 OS Version: Windows x64 6.1.7601 Service Pack 1
11:13:01.894 Number of processors: 8 586 0x3C03
11:13:01.895 ComputerName: ELSERVICE13 UserName: Henry
11:13:05.158 Initialize success
11:13:05.220 VM: initialized successfully
11:13:05.221 VM: Intel CPU supported
11:13:08.961 VM: disk I/O iaStorA.sys
11:14:50.672 AVAST engine defs: 15022100
11:15:03.264 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
11:15:03.266 Disk 0 Vendor: Size: 0MB BusType: 0
11:15:03.292 Disk 0 MBR read successfully
11:15:03.295 Disk 0 MBR scan
11:15:03.300 Disk 0 Windows VISTA default MBR code
11:15:03.303 Disk 0 MBR hidden
11:15:03.316 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
11:15:03.325 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 12014 MB offset 81920
11:15:03.329 Disk 0 Boot: NTFS code=1
11:15:03.335 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 941814 MB offset 24686592
11:15:03.352 Disk 0 scanning C:\Windows\system32\drivers
11:15:14.939 Service scanning
11:15:33.201 Modules scanning
11:15:33.206 Disk 0 trace - called modules:
11:15:33.212 ntoskrnl.exe CLASSPNP.SYS disk.sys Wdf01000.sys SEDFilter.sys stdcfltn.sys iaStorF.sys storport.sys hal.dll iaStorA.sys
11:15:33.215 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d732790]
11:15:33.219 3 CLASSPNP.SYS[fffff8800140143f] -> nt!IofCallDriver -> [0xfffffa800d68ee10]
11:15:33.223 5 Wdf01000.sys[fffff88000e2bfe9] -> nt!IofCallDriver -> [0xfffffa800d68b8c0]
11:15:33.226 7 stdcfltn.sys[fffff880019cfd12] -> nt!IofCallDriver -> [0xfffffa800d68bc50]
11:15:33.229 9 iaStorF.sys[fffff880019f6f84] -> nt!IofCallDriver -> \Device\0000006f[0xfffffa800d6629c0]
11:15:36.806 AVAST engine scan C:\Windows
11:15:41.498 AVAST engine scan C:\Windows\system32
11:21:26.337 AVAST engine scan C:\Windows\system32\drivers
11:22:01.485 AVAST engine scan C:\Users\Henry
11:24:01.934 Disk 0 MBR has been saved successfully to "C:\Users\Henry\Documents\Downloads\Spybot\MBR.dat"
11:24:01.943 The log file has been saved successfully to "C:\Users\Henry\Documents\Downloads\Spybot\aswMBR.txt"
Running from C:\Users\Henry\Documents\Downloads\Spybot
We'll need to move FRST to desktop.
Please go to Documents\Downloads\Spybot, and locate Farbar Recovery Scan Tool
right click and select CUT
Go to an open spot on your desktop, right click and select PASTE
You should now have Farbar Recovery Scan Tool on your desktop.
~~~~~~~~~~~~~~~~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1310488628-551009281-1505269296-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1310488628-551009281-1505269296-1000 -> {09B51FB5-BBE0-487A-81B4-F16DC548B604} URL =
FF user.js: detected! => C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\user.js
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\AppData\Local\Temp\sqlite3.exe
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~~`
http://i.imgur.com/BY4dvz9.png AdwCleaner
Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.
-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
****
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt
jhrowehl
2015-02-22, 19:20
OK, followed all your instructions with no problems. Just a tiny bump in the carpet... the ADWCleaner log file didn't open after reboot, I had to find it. Other than that, so far so good. It looks like the problem has been fixed. I'll have to monitor for a couple of days before I'm certain that it's gone, but I will keep you posted.
Thanks for the help!
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Henry at 2015-02-22 11:35:06 Run:1
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1310488628-551009281-1505269296-1005\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1310488628-551009281-1505269296-1000 -> {09B51FB5-BBE0-487A-81B4-F16DC548B604} URL =
FF user.js: detected! => C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\user.js
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\AppData\Local\Temp\sqlite3.exe
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-1310488628-551009281-1505269296-1005\User => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
"HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{09B51FB5-BBE0-487A-81B4-F16DC548B604}" => Key deleted successfully.
HKCR\CLSID\{09B51FB5-BBE0-487A-81B4-F16DC548B604} => Key not found.
C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\user.js => Moved successfully.
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
C:\Users\Henry\AppData\Local\Temp\sqlite3.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
# AdwCleaner v4.111 - Logfile created 22/02/2015 at 11:48:04
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Henry - ELSERVICE13
# Running from : C:\Users\Henry\Desktop\AdwCleaner.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Users\Henry\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\anttoolbar@ant.com
File Deleted : C:\Windows\Reimage.ini
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4476B401-61AB-45F6-B851-B2E06B4A5E54}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4CB6A1BF-F717-465A-82CD-4F5A6FFA7BCA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6479AC05-5444-4CCE-A0F9-5325C8C7BFA7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{72EF0088-0831-47A0-9CA5-BB3B8390FEE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F0AFE92-5E08-4FC5-800C-618FD23786A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F09C36C5-D66B-44B2-BA4E-4072A7BF9608}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE2B4A74-8565-45DA-BE11-C4B46B366891}
Key Deleted : HKCU\Software\Reimage
Key Deleted : [x64] HKLM\SOFTWARE\Reimage
***** [ Web browsers ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
*************************
AdwCleaner[R0].txt - [1657 bytes] - [22/02/2015 11:43:22]
AdwCleaner[S0].txt - [1563 bytes] - [22/02/2015 11:48:04]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1622 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Professional x64
Ran by Henry on Sun 02/22/2015 at 12:01:56.53
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Henry\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Users\Henry\appdata\locallow\pcdr"
~~~ FireFox
Successfully deleted the following from C:\Users\Henry\AppData\Roaming\mozilla\firefox\profiles\zle9j8xn.default-1419567438668\prefs.js
user_pref("browser.startup.homepage", "www.excite.com");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/22/2015 at 12:07:15.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
so far so good. It looks like the problem has been fixed. I'll have to monitor for a couple of days before I'm certain that it's gone, but I will keep you posted
Good deal
What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.
http://i.imgur.com/GzlsbnV.png ESET Online Scan
Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
Please download ESET Online Scan (http://download.eset.com/special/eos/esetsmartinstaller_enu.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Double-click esetsmartinstaller_enu.exe to run the programme.
Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
Agree to the Terms of Use once more and click Start. Allow components to download.
Place a checkmark next to Enable detection of potentially unwanted applications.
Click Advanced settings. Place a checkmark next to:
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology
Ensure Remove found threats is unchecked.
Click Start.
Wait for the scan to finish. Please be patient as this can take some time.
Upon completion, click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png. If no threats were found, skip the next two bullet points.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png and save the file to your Desktop, naming it something such as "MyEsetScan".
Push the Back button.
Place a checkmark next to http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKN1w2nv.png.pagespeed.ic.JWqIaEgZi7.png and click http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/SzOC1p0.png.pagespeed.ce.OWDP45O6oG.png.
Re-enable your anti-virus software.
Copy the contents of the log and paste in your next reply.
jhrowehl
2015-02-22, 21:49
Still have the problem. I did run Eset last night, with the option to fix errors unchecked. This is what it found:
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A potentially unsafe application
C:\Program Files (x86)\Mozilla FireFox Update\Bundle.exe a variant of Win32/Amonetize.BQ potentially unwanted application
C:\ProgramData\Optimizer\program\winapp_Test002.exe a variant of Win32/Agent.WMC trojan
C:\ProgramData\Optimizer\program\windows_firefoxupdateam.exe a variant of Win32/Amonetize.BQ potentially unwanted application
C:\Users\All Users\Optimizer\program\winapp_Test002.exe a variant of Win32/Agent.WMC trojan
C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe a variant of Win32/Amonetize.BQ potentially unwanted application
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe a variant of Win32/ReImageRepair.E potentially unwanted application
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe a variant of Win32/ReImageRepair.E potentially unwanted application
C:\Users\Henry\Documents\AGFM\MemStick\autorun.inf Win32/AutoRun.DK worm
C:\Users\Henry\Documents\Downloads\ui.exe probably unknown NewHeur_PE virus
C:\Users\Henry\Documents\Downloads\3gp to mp3 converter\Free3GPVideoConverter.exe Win32/Toolbar.Conduit.A potentially unwanted application
C:\Users\Henry\Documents\Downloads\codecs\media.player.codec.pack.v4.3.1.setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application
C:\Users\Henry\Documents\Downloads\codecs\media.player.codec.pack.v4.3.2.setup.exe Win32/OpenCandy potentially unsafe application
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter.exe Win32/Toolbar.Zugo potentially unwanted application
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter_site_update.exe a variant of Win32/OpenInstall potentially unwanted application
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter_site_update_oc.exe Win32/OpenCandy potentially unsafe application
C:\Users\Henry\Documents\Downloads\Garmin\GarminExpress-22719648.exe a variant of Win32/WinWrapper.A potentially unwanted application
C:\Users\Henry\Documents\Downloads\Garmin\ReimageRepair.exe Win32/ReImageRepair.E potentially unwanted application
C:\Users\Henry\Documents\Downloads\Secondpower uninstall\ui.exe probably unknown NewHeur_PE virus
C:\Users\Henry\Documents\Phone Backups\DarePicker.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\MITAI2Companion.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\QuickContact.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\TimeSheet.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Airdroid\Apps_downloaded_by_AirDroid.zip a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_06_16\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_06_16\Apps\appinventor.ai_jhrowehl.QuickContact_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_06_16\Apps\appinventor.ai_jhrowehl.TimeSheet_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_08_18\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_08_18\Apps\appinventor.ai_jhrowehl.QuickContact_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_08_18\Apps\appinventor.ai_jhrowehl.TimeSheet_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_08_18\Apps\com.luckyxmobile.timers4me_7007.apk a variant of Android/KyView.D potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_11_15\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.QuickContact_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.TimeSheet_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_6148.apk a variant of Android/KyView.D potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7006.apk a variant of Android/KyView.D potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7007.apk a variant of Android/KyView.D potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7008.apk a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7009.apk a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7010.apk a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7011.apk a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7013.apk a variant of Android/KyView.C potentially unwanted application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_01_14\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_01_14\Apps\appinventor.ai_jhrowehl.QuickContact_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_01_14\Apps\appinventor.ai_jhrowehl.TimeSheet_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2013_01_14\Apps\com.google.appinventor.aiphoneapp_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2014_01_11\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\AppsMedia_2014_01_11\Apps\com.google.appinventor.aiphoneapp_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.DarePicker_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.QuickContact_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\Schedule\Apps\appinventor.ai_jhrowehl.TimeSheet_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Users\Henry\Documents\Phone Backups\Motorola\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.google.appinventor.aiphoneapp_1.apk a variant of Android/Appinventor.A potentially unsafe application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe a variant of Win32/Agent.WMC trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe a variant of Win32/Agent.WMC trojan
I've researched security risks for the items located in C:\Users\Henry\Documents\Phone Backups
Android/Appinventor,
I've seen where people say they are not a risk, that it is a false positive and others remove what was found.
Since I don't know, this I will leave to you if you want it removed or not.
For the others found we can remove.
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
C:\Program Files (x86)\Mozilla FireFox Update\Bundle.exe
C:\ProgramData\Optimizer\program\winapp_Test002.exe
C:\ProgramData\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\All Users\Optimizer\program\winapp_Test002.exe
C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\Documents\AGFM\MemStick\autorun.inf
C:\Users\Henry\Documents\Downloads\ui.exe
C:\Users\Henry\Documents\Downloads\3gp to mp3 converter\Free3GPVideoConverter.exe
C:\Users\Henry\Documents\Downloads\codecs\media.player.codec.pack.v4.3.1.setup.exe
C:\Users\Henry\Documents\Downloads\codecs\media.player.codec.pack.v4.3.2.setup.exe
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter.exe
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter_site_update.exe
C:\Users\Henry\Documents\Downloads\FLV Converter\hamsterfreevideoconverter_site_update_oc.exe
C:\Users\Henry\Documents\Downloads\Secondpower uninstall\ui.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
After running the above script let me know if there are any improvements.
jhrowehl
2015-02-23, 05:03
I've researched security risks for the items located in C:\Users\Henry\Documents\Phone Backups
Android/Appinventor,
I've seen where people say they are not a risk, that it is a false positive and others remove what was found.
Since I don't know, this I will leave to you if you want it removed or not.
I'll run that when I get home from work tomorrow.
Just for info, the AppInventor stuff is from the MIT AppInventor site. It's for the average person to write Andriod apps without having to invest in specific software. I've been tinkering with it for about 2 years now, and it hasn't caused any problems on any of my computers. So... I consider all those entries to be false positives.
The converters and codecs are the same packages that I've been using for a long time. The only difference being that this laptop (with the malware) is only about 3 months old, and is the first Windows 7 system that I have... the others, that I've been using those packages on, were Win XP. Since those packages are known to me, and haven't caused problems in the past, is it safe to leave them installed? If removing them helps narrow down the malware, consider them gone... I can re-install them (or something similar) later.
I'll run that when I get home from work tomorrow.
Just for info, the AppInventor stuff is from the MIT AppInventor site. It's for the average person to write Andriod apps without having to invest in specific software. I've been tinkering with it for about 2 years now, and it hasn't caused any problems on any of my computers. So... I consider all those entries to be false positives.
The converters and codecs are the same packages that I've been using for a long time. The only difference being that this laptop (with the malware) is only about 3 months old, and is the first Windows 7 system that I have... the others, that I've been using those packages on, were Win XP. Since those packages are known to me, and haven't caused problems in the past, is it safe to leave them installed? If removing them helps narrow down the malware, consider them gone... I can re-install them (or something similar) later.
Glad you replied.
I would think those tools you have used are pretty much still safe it's just not that much information on the tools is out there.. Seems Windows 7 is a different creature that identifies files and folders from tools as malicious when not directly Microsoft.
Eset identifies these items as
potentially unsafe application
potentially unwanted application
WindowsOptimizer_P2.
If you read a whole line:
+ "WindowsOptimizer_P2" "Optimize Windows system,clean up temporary folders and files,remove useless information,strongly recommend run it." "MicroTools"
..you'll see that it's not MS program but made by MicroTools.
C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe a variant of Win32/Amonetize.BQ potentially unwanted application
http://www.herdprotect.com/windows_firefoxupdateam.exe-a2af7d4a49abd298f827ae1f9e93ab47ac09491f.aspx
has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Windows Network Accelerater
winapp_Test002.exe
C:\ProgramData\Windows VXM
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe a variant of Win32/ReImageRepair.E potentially unwanted application
this was downloaded and ran from a temp directory and safe to delete.
If you run any online scans again it is possible those same items would be found again.
How's your computer now?
jhrowehl
2015-02-24, 00:20
I just ran the fix, without removing the software that I have some degree of trust in (converters and codecs). I have the fislist.txt and fixlog.txt files in this message. I included them so that you know what I decided to remove, and what the results were. Hopefully that helps narrow the potential list of files to check for embedded malware.
I've been surfing the net for about 15 to 30 minutes, and so far, no rogue 'Iexplore' processes. That's a good sign! The next couple of days will more or less tell the tale. I'll keep you posted on that.
A couple of observations... I program in Visual Basic as a hobby, and use Inno Setup Compiler for distribution. I haven't installed it on this computer yet. So, I'm assuming that the Amonetize stuff is a result of having installed some of my own programs??
ReImage - I had investigated that as a possible solution for the problem you helped me with. I installed it, ran it, and then the red flags went up. It detected some spectacular amount of 'problems', (like, 450? 500?) and if I paid for the full program, the fixes would be applied. The problem I had with that, is the 'fixes' were system files downloaded from their 'extensive database of files'... Yeah. No. Sorry - not me. After that, it would randomly pop up message boxes with increasing numbers of problems found. So, I uninstalled it. Or so I thought. The fact that it didn't completely go away is real suspicious to me.
You also mentioned VXM in your message. I was getting random message boxes with things like 'Silverlight Plugs is out of date... click here to install new version'. That was highly suspisious to me also.
I have to run, have a few things to do - will finish this message later.
Before I forget, it's been almost an hour on the net so far - without the rogue Iexplore processes... it's looking hopeful this time!
start
CloseProcesses:
C:\Program Files (x86)\Mozilla FireFox Update\Bundle.exe
C:\ProgramData\Optimizer\program\winapp_Test002.exe
C:\ProgramData\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\All Users\Optimizer\program\winapp_Test002.exe
C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\Documents\AGFM\MemStick\autorun.inf
C:\Users\Henry\Documents\Downloads\ui.exe
C:\Users\Henry\Documents\Downloads\Secondpower uninstall\ui.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
EmptyTemp:
End
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-02-2015
Ran by Henry at 2015-02-23 16:39:26 Run:2
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
C:\Program Files (x86)\Mozilla FireFox Update\Bundle.exe
C:\ProgramData\Optimizer\program\winapp_Test002.exe
C:\ProgramData\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\All Users\Optimizer\program\winapp_Test002.exe
C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe
C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Henry\Documents\AGFM\MemStick\autorun.inf
C:\Users\Henry\Documents\Downloads\ui.exe
C:\Users\Henry\Documents\Downloads\Secondpower uninstall\ui.exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe
EmptyTemp:
End
*****************
Processes closed successfully.
C:\Program Files (x86)\Mozilla FireFox Update\Bundle.exe => Moved successfully.
C:\ProgramData\Optimizer\program\winapp_Test002.exe => Moved successfully.
C:\ProgramData\Optimizer\program\windows_firefoxupdateam.exe => Moved successfully.
"C:\Users\All Users\Optimizer\program\winapp_Test002.exe" => File/Directory not found.
"C:\Users\All Users\Optimizer\program\windows_firefoxupdateam.exe" => File/Directory not found.
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YG6LD8WA\ReimagePackage1805x64[1].exe => Moved successfully.
"C:\Users\Henry\AppData\Local\Temp\ReimagePackage.exe" => File/Directory not found.
C:\Users\Henry\Documents\AGFM\MemStick\autorun.inf => Moved successfully.
C:\Users\Henry\Documents\Downloads\ui.exe => Moved successfully.
C:\Users\Henry\Documents\Downloads\Secondpower uninstall\ui.exe => Moved successfully.
"C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe" => File/Directory not found.
"C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\youtube-download-trace[1].exe" => File/Directory not found.
I'm assuming that the Amonetize stuff is a result of having installed some of my own programs??
Could be or it came in bundled with other software you downloaded, How some of this stuff gets in is a total mystery.
Before I forget, it's been almost an hour on the net so far - without the rogue Iexplore processes... it's looking hopeful this time!
Yabba Dabba Do!
jhrowehl
2015-02-24, 02:27
Well... it's been about 3 hours, and I just got the rogue Iexplore processes again...
I was reading the news (excite.com), and local newspaper (PilotOnline.com), hit my credit union website (Navy federal), then American Express, and all was fine. I decided to update my posts and share the good news. But, as soon as I loaded this page, there they were.
A quick note about Eset... When I ran it a few days ago, it took about 8 hours to complete. I also noticed that it used the internet. I assume that's why it's an online tool. I have 9 1/2 hours at work, but internet is tightly controlled, so I don't have access to allow it to run. At home, I have about 5 hours a night. I am extremely time limited, so running it will probably have to wait until my next day off, Friday.
I'm kinda thinking, maybe I should run FRST again, and remove the converters and codecs that I decided to keep...
Any thoughts?
jhrowehl
2015-02-24, 02:29
Could be or it came in bundled with other software you downloaded, How some of this stuff gets in is a total mystery.
Yabba Dabba Do!
Well... it's been about 3 hours, and I just got the rogue Iexplore processes again...
I was reading the news (excite.com), and local newspaper (PilotOnline.com), hit my credit union website (Navy federal), then American Express, and all was fine. I decided to update my posts and share the good news. But, as soon as I loaded this page, there they were.
A quick note about Eset... When I ran it a few days ago, it took about 8 hours to complete. I also noticed that it used the internet. I assume that's why it's an online tool. I have 9 1/2 hours at work, but internet is tightly controlled, so I don't have access to allow it to run. At home, I have about 5 hours a night. I am extremely time limited, so running it will probably have to wait until my next day off, Friday.
I'm kinda thinking, maybe I should run FRST again, and remove the converters and codecs that I decided to keep...
Any thoughts?
I'm kinda thinking, maybe I should run FRST again, and remove the converters and codecs that I decided to keep...
We can do that but first let's try this:
If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.
Emergency Backup Procedure - Tech Support Forum (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/306529-emergency-backup-procedure.html)
Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.
How to use ComboFix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)
Download ComboFix from here:
Link 1 (http://www.bleepingcomputer.com/download/combofix/)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
Place ComboFix.exe on your Desktop <--Important
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can get help on disabling your protection programs here (http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html)
Double click on ComboFix.exe & follow the prompts.
You may be asked to install or update the Recovery Console (http://en.wikipedia.org/wiki/Recovery_Console) (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer
---------------------------------------------------------------------------------------------
Ensure your AntiVirus and AntiSpyware applications are re-enabled.
Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.
---------------------------------------------------------------------------------------------
If there are Internet issues after running ComboFix:
Internet Explorer:
Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" and check to "Automatically detect settings". Also clear any proxy address and port. ok, apply (only if applicable), ok.
Firefox:
Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection. "No Proxy" should be selected, unless you have one set up yourself.
Chrome:
Select -> Tools menu -> then "Options", then go to "Change Proxy Settings", then "LAN Settings" , then take out the check mark for "Use a proxy server for your LAN" if set, unless you set this up yourself.
Safari
Launch Safari
Go to general settings menu
Then in Preferences/ Advanced
Then on line click Proxies change settings ...
Click Internet Options, then click the Connections tab, click Network Settings.
Disable option (uncheck) for the use of proxy server ...
jhrowehl
2015-02-24, 04:33
Could be or it came in bundled with other software you downloaded, How some of this stuff gets in is a total mystery.
Yabba Dabba Do!
Got it again...
I tried to post replies, twice, but for some reason they're not in the thread. Kinda odd... the rogue Iexplore processes popped up at one point when I got to the forums here.
It used to show up in about a minute or so. After the first fix, it took about 15 minutes. This time, about 3 or 4 hours.
I'm thinking maybe I should run FRST again, and remove the converters and codecs that I decided to keep. Any thoughts on that?
jhrowehl
2015-02-24, 05:12
We can do that but first let's try this:
I'll give you a steel ruler so you can rap my knuckles... I didn't realize that this thread hit the second page. That's why I didn't see my replies, and ended up posting 3 times...
I got your message, and have copied it off for print/reference, as well as the ComboFix instructions. I'll do a file copy over the network tomorrow. That ought to be fun, I have about a half a Terabyte of files. I do routine backups to two separate locations, but those are compressed/procesed backups. I don't know if the ComboFix instructions to do a straight file copy is for a technical based reason, or just to make things easier for people that are... um... computer literacy challenged?
If you have a recent backup that should suffice.
jhrowehl
2015-02-25, 02:19
OK, sounds good. I have everything ready to go on this end, but will have to wait until tomorrow before I can run ComboFix. I didn't see anything about posting a log file after it completes... am I missing something?
When finished, it shall produce a log for you. Post that log in your next reply
Still having rogue Iexplore processes?
jhrowehl
2015-02-25, 15:56
Still having rogue Iexplore processes?
Yes, I am, but I haven't run ComboFix yet. I'm getting ready to do that now... will keep you posted.
jhrowehl
2015-02-25, 16:33
I just ran ComboFix... log file appears below.
I'll monitor this for a couple of days to see if it comes back and keep you posted.
ComboFix 15-02-16.01 - Henry 02/25/2015 9:00.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.16289.12882 [GMT -5:00]
Running from: c:\users\Henry\Desktop\ComboFix.exe
AV: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus Free Edition 2015 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\PCDr\6584\AddOnDownloaded\0124e21d-018c-4ce0-92a3-b9e205a76bc0.dll
c:\programdata\PCDr\6584\AddOnDownloaded\01729c78-925e-4e01-a2dd-3c0f0989e6d1.dll
c:\programdata\PCDr\6584\AddOnDownloaded\073fb38f-0e69-479d-bca1-4f81ec9dcbf6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\095557b2-2408-4eaf-b39b-d55c8606482c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6584\AddOnDownloaded\0d461521-7dbf-4cec-a29e-936c88cdf8c9.dll
c:\programdata\PCDr\6584\AddOnDownloaded\100c3865-0c76-461b-b2fd-042d6d5fa7f6.dll
c:\programdata\PCDr\6584\AddOnDownloaded\10494c60-ec8b-4856-b24a-b6d076c4499f.dll
c:\programdata\PCDr\6584\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1b0b3c38-2b97-4f8d-954b-06296209b73d.dll
c:\programdata\PCDr\6584\AddOnDownloaded\1e0aaf9a-9947-4a7b-b1ae-8a89919438ed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\263d6ac9-4f87-466c-947c-bd9af71d7035.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2a6b5d0b-a2fc-4bdd-b3fe-6bbefb85b7e4.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2b7a7ebb-6083-4253-a1e6-149883b6eb45.dll
c:\programdata\PCDr\6584\AddOnDownloaded\2eccd5d6-e118-4f76-97b6-ba56fb6c597a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3410f47b-5e8c-47c6-bf2c-234af4121d4c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\378deb7f-049e-4a5e-83b2-5381dcd9e928.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3972fea3-214c-4935-a7d1-96bf66115683.dll
c:\programdata\PCDr\6584\AddOnDownloaded\3b1c7acd-5e3e-4459-ab98-5109117e2341.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4804ced5-915b-48a3-a465-b8a5e02714bf.dll
c:\programdata\PCDr\6584\AddOnDownloaded\4818e109-9489-4cd8-9044-44defd8ec187.dll
c:\programdata\PCDr\6584\AddOnDownloaded\481fbe3e-ec08-4d5a-94ea-95c753609e7c.dll
c:\programdata\PCDr\6584\AddOnDownloaded\48476a77-44f9-40a8-a623-f3402f22b01b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\50441041-9037-4c34-842c-4a8523e700da.dll
c:\programdata\PCDr\6584\AddOnDownloaded\51fdf16e-ecb9-4fa4-8469-76fc9a22293b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\57d7325c-8462-4866-a9ca-3f9228775fed.dll
c:\programdata\PCDr\6584\AddOnDownloaded\5c57a158-1254-45f6-b629-b2debbf1fd29.dll
c:\programdata\PCDr\6584\AddOnDownloaded\5dc7cfd3-e8ce-4478-9404-0ae32511b353.dll
c:\programdata\PCDr\6584\AddOnDownloaded\62d1f0b0-bc9a-4f6c-bad7-93b19a91276a.dll
c:\programdata\PCDr\6584\AddOnDownloaded\649574c7-1acb-458c-a846-1bc04bfcdb93.dll
c:\programdata\PCDr\6584\AddOnDownloaded\67c3d4fe-b638-467a-9fe2-c5813ade3330.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6b5978fa-48d7-4309-a523-7e157768c0d8.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f4fb483-ce30-493a-8cb4-3e530ab1be5b.dll
c:\programdata\PCDr\6584\AddOnDownloaded\6f9e83ca-5216-40db-863d-61ffff2a1563.dll
c:\programdata\Roaming
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini
c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA7FFFFB744BA0000000010\11.0.0\eula.ini2
.
.
((((((((((((((((((((((((( Files Created from 2015-01-25 to 2015-02-25 )))))))))))))))))))))))))))))))
.
.
2015-02-25 14:10 . 2015-02-25 14:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-02-22 19:17 . 2015-02-22 19:17 -------- d-----w- c:\users\Henry\AppData\Roaming\PCDr
2015-02-22 19:17 . 2015-02-22 19:17 -------- d-----w- c:\programdata\PCDr
2015-02-22 16:43 . 2015-02-22 17:14 -------- d-----w- C:\AdwCleaner
2015-02-16 21:26 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-02-16 21:26 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-02-16 21:26 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-02-16 21:26 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-02-15 19:01 . 2015-02-15 19:01 -------- d-----w- c:\program files (x86)\YouTube-Downloader
2015-02-13 02:42 . 2015-01-23 03:43 620032 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2015-02-13 02:42 . 2015-01-23 03:17 4300800 ----a-w- c:\windows\SysWow64\jscript9.dll
2015-02-13 02:42 . 2015-01-23 04:42 814080 ----a-w- c:\windows\system32\jscript9diag.dll
2015-02-13 02:42 . 2015-01-23 04:41 6041600 ----a-w- c:\windows\system32\jscript9.dll
2015-02-11 16:04 . 2015-02-11 16:04 -------- d-----w- c:\programdata\PC-Doctor for Windows
2015-02-11 16:04 . 2015-02-11 16:04 -------- d-----w- c:\program files\Dell Support Center
2015-02-10 21:41 . 2015-01-13 03:10 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-02-10 21:40 . 2015-01-09 02:03 3201536 ----a-w- c:\windows\system32\win32k.sys
2015-02-07 14:20 . 2015-02-07 14:20 -------- d-----w- c:\users\Henry\AppData\Local\GARMIN_Corp
2015-02-04 03:09 . 2015-02-23 21:39 -------- d-----w- C:\FRST
2015-02-04 03:07 . 2015-02-04 03:07 -------- d-----w- C:\RegBackup
2015-01-27 22:02 . 2015-01-27 22:02 -------- d-----w- c:\program files (x86)\AVIGenerator
2015-01-27 22:01 . 2015-01-27 22:04 -------- d-----w- c:\users\Henry\VideoPlayer Picture
2015-01-27 22:01 . 2015-01-27 22:01 -------- d-----w- c:\users\Henry\AppData\Roaming\VideoPlayer
2015-01-27 22:01 . 2015-01-27 22:01 -------- d-----w- c:\program files (x86)\Lorex
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-21 01:56 . 2015-01-03 14:26 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-02-12 21:41 . 2014-11-01 16:00 116773704 ----a-w- c:\windows\system32\MRT.exe
2015-02-05 17:28 . 2014-10-26 21:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 17:28 . 2014-10-26 21:38 701616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-08 14:55 . 2010-11-21 03:27 298120 ------w- c:\windows\system32\MpSigStub.exe
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\SysWow64\drivers\AnyDVD.sys
2014-12-23 15:41 . 2014-12-23 15:41 150440 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2014-12-20 22:31 . 2014-12-20 22:31 40344 ----a-w- c:\windows\system32\drivers\ElbyCDIO.sys
2014-12-19 03:06 . 2015-01-13 22:53 210432 ----a-w- c:\windows\system32\profsvc.dll
2014-12-19 01:46 . 2015-01-13 22:53 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2014-12-18 22:31 . 2014-12-18 22:31 97176 ----a-w- c:\windows\SysWow64\ElbyCDIO.dll
2014-12-15 09:13 . 2015-01-21 00:28 11870360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{562FEE9C-CBF4-419A-AF96-3B7E1C49643C}\mpengine.dll
2014-12-11 23:12 . 2014-12-11 23:12 1120752 ----a-w- c:\windows\boinc.scr
2014-12-11 17:47 . 2015-01-13 22:53 87040 ----a-w- c:\windows\system32\TSWbPrxy.exe
2014-12-09 02:24 . 2014-12-09 02:24 260888 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
2014-12-06 04:17 . 2015-01-13 22:53 303616 ----a-w- c:\windows\system32\nlasvc.dll
2014-12-06 03:50 . 2015-01-13 22:53 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2014-12-06 03:50 . 2015-01-13 22:53 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{1C52FA7C-51B7-4621-9D5A-11101BA13134}]
2015-02-12 23:18 973000 ----a-w- c:\program files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2014-04-02 389120]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"AnyDVD"="c:\program files (x86)\SlySoft\AnyDVD\AnyDVD.exe" [2015-02-19 109480]
"GarminExpressTrayApp"="c:\program files (x86)\Garmin\Express Tray\ExpressTray.exe" [2015-01-28 688984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2014-04-10 292848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-02 767200]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" [2014-12-03 3498728]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2014-07-22 5562736]
"NetSetMan"="c:\program files (x86)\NetSetMan\netsetman.exe" [2014-06-03 5414056]
"PaperPort PTD"="c:\program files (x86)\Nuance\PaperPort\pptd40nt.exe" [2013-04-19 36168]
"IndexSearch"="c:\program files (x86)\Nuance\PaperPort\IndexSearch.exe" [2013-04-19 18248]
"PDF7 Registry Controller"="c:\program files (x86)\Nuance\PDF Professional 7\RegistryController.exe" [2012-02-17 141160]
"PDFProHook"="c:\program files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe" [2012-02-17 641384]
"OmniPage Preload"="c:\program files (x86)\Nuance\OmniPage18\OmniPage18.exe" [2012-02-24 1893224]
"AVG_UI"="c:\program files (x86)\AVG\AVG2015\avgui.exe" [2014-12-18 3667472]
"P-215II CaptureOnTouch"="c:\program files (x86)\Canon Electronics\P215II\TouchDR.exe" [2014-03-30 2251056]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2010-01-07 140520]
.
c:\users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice 4.1.1.lnk - c:\program files (x86)\OpenOffice 4\program\quickstart.exe [2014-7-29 117248]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Network Server.lnk - c:\program files (x86)\WIBUKEY\Server\WkSvMgr.exe [2014-11-7 3768320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe;c:\program files (x86)\AVG\AVG2015\avgidsagent.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz134;cpuz134;c:\users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 Dell.CommandPowerManager.Service;Dell.CommandPowerManager.Service;c:\windows\SysWOW64\dllhost.exe;c:\windows\SysWOW64\dllhost.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys;c:\windows\SYSNATIVE\drivers\intelaud.sys [x]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 iumsvc;Intel(R) Update Manager;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 netvsc;netvsc;c:\windows\system32\DRIVERS\netvsc60.sys;c:\windows\SYSNATIVE\DRIVERS\netvsc60.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SynthVid;SynthVid;c:\windows\system32\DRIVERS\VMBusVideoM.sys;c:\windows\SYSNATIVE\DRIVERS\VMBusVideoM.sys [x]
R3 TGBVPNVirtM;TheGreenBow Virtual Miniport;c:\windows\system32\DRIVERS\TGBVPNVirtM.sys;c:\windows\SYSNATIVE\DRIVERS\TGBVPNVirtM.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R3 Wibukey2_64;Wibukey2_64;c:\windows\system32\drivers\wibukey2_64.sys;c:\windows\SYSNATIVE\drivers\wibukey2_64.sys [x]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]
R4 DellDataVault;Dell Data Vault;c:\program files\Dell\DellDataVault\DellDataVault.exe ;c:\program files\Dell\DellDataVault\DellDataVault.exe [x]
R4 DellDataVaultWiz;Dell Data Vault Wizard;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe;c:\program files\Dell\DellDataVault\DellDataVaultWiz.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys;c:\windows\SYSNATIVE\DRIVERS\amdkmpfd.sys [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]
S0 CredFltL;Dell SED PBA Filter;c:\windows\system32\DRIVERS\CredFltL.sys;c:\windows\SYSNATIVE\DRIVERS\CredFltL.sys [x]
S0 DLACDBHE;DLACDBHE;c:\windows\System32\Drivers\DLACDBHE.SYS;c:\windows\SYSNATIVE\Drivers\DLACDBHE.SYS [x]
S0 DRVECDB;DRVECDB;c:\windows\System32\Drivers\DRVECDB.SYS;c:\windows\SYSNATIVE\Drivers\DRVECDB.SYS [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SEDFilter;Dell SED PBA Enhancement;c:\windows\system32\DRIVERS\SEDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\SEDFilter.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys;c:\windows\SYSNATIVE\DRIVERS\stdcfltn.sys [x]
S1 Avgdiska;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiska.sys;c:\windows\SYSNATIVE\DRIVERS\avgdiska.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]
S1 DLARTL_E;DLARTL_E;c:\windows\system32\Drivers\DLARTL_E.SYS;c:\windows\SYSNATIVE\Drivers\DLARTL_E.SYS [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ApHidMonitorService;Alps HID Monitor Service;c:\program files\DellTPad\HidMonitorSvc.exe;c:\program files\DellTPad\HidMonitorSvc.exe [x]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2015\avgwdsvc.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [x]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [x]
S2 Dell Foundation Services;Dell Foundation Services;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe;c:\program files\Dell\Dell Foundation Services\DFSSvc.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 DellMgmtAgent;Dell Management Agent Service;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [x]
S2 DellMgmtLoader;Dell Security Framework Loader;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [x]
S2 DellMgmtServer;DELL Security Framework Local Server;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe;c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [x]
S2 DLABMFSE;DLABMFSE;c:\windows\system32\Drivers\DLABMFSE.SYS;c:\windows\SYSNATIVE\Drivers\DLABMFSE.SYS [x]
S2 DLABOIOE;DLABOIOE;c:\windows\system32\Drivers\DLABOIOE.SYS;c:\windows\SYSNATIVE\Drivers\DLABOIOE.SYS [x]
S2 DLADResE;DLADResE;c:\windows\system32\Drivers\DLADResE.SYS;c:\windows\SYSNATIVE\Drivers\DLADResE.SYS [x]
S2 DLAIFS_E;DLAIFS_E;c:\windows\system32\Drivers\DLAIFS_E.SYS;c:\windows\SYSNATIVE\Drivers\DLAIFS_E.SYS [x]
S2 DLAOPIOE;DLAOPIOE;c:\windows\system32\Drivers\DLAOPIOE.SYS;c:\windows\SYSNATIVE\Drivers\DLAOPIOE.SYS [x]
S2 DLAPoolE;DLAPoolE;c:\windows\system32\Drivers\DLAPoolE.SYS;c:\windows\SYSNATIVE\Drivers\DLAPoolE.SYS [x]
S2 DLAUDF_E;DLAUDF_E;c:\windows\system32\Drivers\DLAUDF_E.SYS;c:\windows\SYSNATIVE\Drivers\DLAUDF_E.SYS [x]
S2 DLAUDFAE;DLAUDFAE;c:\windows\system32\Drivers\DLAUDFAE.SYS;c:\windows\SYSNATIVE\Drivers\DLAUDFAE.SYS [x]
S2 DRVEDDM;DRVEDDM;c:\windows\system32\Drivers\DRVEDDM.SYS;c:\windows\SYSNATIVE\Drivers\DRVEDDM.SYS [x]
S2 Emc.Captiva.WebCaptureService;EMC Captiva Cloud Service;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe;c:\program files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [x]
S2 Garmin Core Update Service;Garmin Core Update Service;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe;c:\program files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 iBtSiva;Intel Bluetooth Service;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe;c:\program files (x86)\Intel\Bluetooth\ibtsiva.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
S2 InvProtectSvc;Invincea Enterprise Service;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 nsmService;NSM Service;c:\program files (x86)\NetSetMan\nsmservice.exe;c:\program files (x86)\NetSetMan\nsmservice.exe [x]
S2 PDFProFiltSrv;PDFProFiltSrv;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe;c:\program files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [x]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe;c:\program files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [x]
S2 poaService;Dell PPO Service;c:\program files\Dell\PPO\poaService.exe;c:\program files\Dell\PPO\poaService.exe [x]
S2 PoaSMSrv;Dell PPO System Maintenance Service;c:\program files\Dell\PPO\poaSmSrv.exe;c:\program files\Dell\PPO\poaSmSrv.exe [x]
S2 poaTaServ;Dell PPO Track & Analyze Service;c:\program files\Dell\PPO\poaTaServ.exe;c:\program files\Dell\PPO\poaTaServ.exe [x]
S2 RtkAudioService;Realtek Audio Service;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe;c:\program files\Realtek\Audio\HDA\RtkAudioService64.exe [x]
S2 RWAR3HV_0002_0;RWAR3HV_0002_0;c:\program files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE;c:\program files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE [x]
S2 RWAR3Monitor;RWAR3Monitor;c:\program files\Visioneer\RWAR3\RWAR3Monitor.exe;c:\program files\Visioneer\RWAR3\RWAR3Monitor.exe [x]
S2 SboxSvc;SboxSvc;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 TgbIke Starter;TgbIke Starter;c:\windows\SysWOW64\TgbStarter.exe;c:\windows\SysWOW64\TgbStarter.exe [x]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [x]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [x]
S2 WindowsVNT_R3;Windows Virtual Network (WVN3);c:\program files (x86)\Windows Network Accelerater\v3\winvxm.exe;c:\program files (x86)\Windows Network Accelerater\v3\winvxm.exe [x]
S2 YouTubeDownload_A3;YouTube Downloader Services (A3);c:\program files (x86)\YouTube-Downloader\A3\youtubeserv.exe;c:\program files (x86)\YouTube-Downloader\A3\youtubeserv.exe [x]
S2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe;c:\program files\Intel\WiFi\bin\ZeroConfigService.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\cvusbdrv.sys [x]
S3 DDDriver;DDDriver;c:\windows\system32\drivers\DDDriver64Dcsa.sys;c:\windows\SYSNATIVE\drivers\DDDriver64Dcsa.sys [x]
S3 DellProf;DellProf;c:\windows\system32\drivers\DellProf.sys;c:\windows\SYSNATIVE\drivers\DellProf.sys [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 ibtusb;Intel(R) Wireless Bluetooth(R) 4.0 + HS Adapter;c:\windows\system32\DRIVERS\ibtusb.sys;c:\windows\SYSNATIVE\DRIVERS\ibtusb.sys [x]
S3 InvProtectDrv;InvProtectDrv;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys;c:\program files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys;c:\windows\SYSNATIVE\DRIVERS\iwdbus.sys [x]
S3 O2FJ2RDR;O2FJ2RDR;c:\windows\system32\DRIVERS\O2FJ2w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\O2FJ2w7x64.sys [x]
S3 POADrvr;POADrvr;c:\windows\system32\drivers\POADrvr.sys;c:\windows\SYSNATIVE\drivers\POADrvr.sys [x]
S3 SboxDrv;SboxDrv;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys;c:\program files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [x]
S3 ST_ACCEL;STMicroelectronics Accelerometer Service;c:\windows\system32\DRIVERS\ST_Accel.sys;c:\windows\SYSNATIVE\DRIVERS\ST_Accel.sys [x]
S3 TGBMPEnum;TheGreenBow VPN Miniport Enumerator;c:\windows\system32\DRIVERS\TGBMPEnum.sys;c:\windows\SYSNATIVE\DRIVERS\TGBMPEnum.sys [x]
S3 usb3Hub;UoIP Hub;c:\windows\system32\DRIVERS\usb3Hub.sys;c:\windows\SYSNATIVE\DRIVERS\usb3Hub.sys [x]
S3 wbfcvusbdrv;WBF Control Vault;c:\windows\system32\Drivers\wbfcvusbdrv.sys;c:\windows\SYSNATIVE\Drivers\wbfcvusbdrv.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NAL
*Deregistered* - NAL
.
Contents of the 'Scheduled Tasks' folder
.
2015-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-10-26 17:28]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 18:03]
.
2015-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 18:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1C52FA7C-51B7-4621-9D5A-11101BA13134}]
2015-02-12 23:19 1179336 ----a-w- c:\program files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileBackuped]
@="{831cebdd-6baf-4432-be76-9e0989c14aef}"
[HKEY_CLASSES_ROOT\CLSID\{831cebdd-6baf-4432-be76-9e0989c14aef}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DBARFileNotBackuped]
@="{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}"
[HKEY_CLASSES_ROOT\CLSID\{275e4fd7-21ef-45cf-a836-832e5d2cc1b3}]
2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2014-03-13 727896]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-01-18 7510232]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-01-14 1374936]
"WavesSvc"="c:\program files\Realtek\Audio\HDA\WavesSvc64.exe" [2013-12-31 285272]
"RtHDVBg_PushButton"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2014-01-14 1374936]
"DellPoaEvents"="c:\program files\Dell\PPO\DellPoaEvents.exe" [2014-08-15 396496]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshellex.dll" [2014-03-26 7825720]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2014-05-28 36352]
"IntelPROSet"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2014-05-30 4876528]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-28 558496]
"CSFTrayApp"="c:\program files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe" [2014-09-11 232288]
"InvProtect"="c:\program files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" [2015-02-12 6779592]
"CANON P-215II SVC"="P215IISvc.dll" [2014-01-29 132608]
"boinctray"="c:\program files\BOINC\boinctray.exe" [2014-12-11 67056]
"boincmgr"="c:\program files\BOINC\boincmgr.exe" [2014-12-11 9639920]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.excite.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Open with Nuance PDF Converter 7 - c:\program files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
Trusted Zone: dell.com
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 208.67.222.222 208.67.222.220 192.168.0.1
FF - ProfilePath - c:\users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\
FF - prefs.js: browser.startup.homepage - www.excite.com
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-DellSystemDetect - c:\users\Henry\AppData\Local\Apps\2.0\NAYH0GJE.AQP\Z389LM6C.22Q\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
.
.
.
Completion time: 2015-02-25 09:12:45
ComboFix-quarantined-files.txt 2015-02-25 14:12
.
Pre-Run: 662,444,105,728 bytes free
Post-Run: 667,668,533,248 bytes free
.
- - End Of File - - C1B5AAC5F518523202D0D45AE314A997
5C616939100B85E558DA92B899A0FC36
jhrowehl
2015-02-25, 21:34
I ran ComboFix, but the problem remains. Now I have two invisible Internet Explorer applications running instead of just one, and they are both pointing to the same web page. What was happening before, was that the single application would change web pages about once every second or so.
Not sure why but it makes me think it's coming from FlashPlayer?
Delete cache and other browser data in Chrome
Select Tools.
Select Clear browsing data.
In the dialogue that appears, select the highlighted check-boxes for the types of information that you want to remove.
Clear browsing history
Clear download history
Empty the cache
Delete cookies and other site and plug-in data
Clear saved passwords
Clear saved Auto-fill form data
Clear data from hosted apps
De-authorize content licenses
Use the menu at the top to select the amount of data that you want to delete. Select beginning of time to delete everything.
Click Clear browsing data.
=========================
~~~
Flush the FireFox Cache
(these directions are specific to Firefox 19, if you have a different version the exact steps might be slightly different)
In Firefox, Options
Select Options
Select Privacy tab
Find the section that reads: You might want to clear your recent history or remove individual cookies
Select clear your recent history
Click the Details drop-down arrow
Make sure a check mark is placed in the following boxes:
Cookies
Cache
Next select the Time Range to Clear drop-down menu
Select Everything (this will only delete all the cookies and cache, and will save the other items not selected)
Click Clear Now
=========================
Clear Browser Cache in IE11
Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg, and then select theGeneral tab, then select Browsing history select the Delete button.
Select the check box next to each of the following categories.
Temporary Internet files and website files
Cookies and website data
History
Click Delete
Please Download Flash Cookie Killer (http://www.xs4all.nl/~fstaal01/downloads/flushflash.exe) by Bobbie Flekman and save it to your Desktop
==========
Warning
Steps (1-3) will delete all existing highscores and game settings for flash games. Steps (4-8) might prevent the ability to save highscores in some games all together.
==========
Double click http://i25.tinypic.com/2mfktht.png
from your desktop
Check "Everything but Adobe Site Settings"
Mouse click "Make it so!"
http://i27.tinypic.com/soqx38.png
Now go to the Adobe Flash Player Settings Manager (http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html)
In the "Website Storage Settings" choose the "Delete All Sites" tab then "Confirm"
http://i30.tinypic.com/2dkwnbn.png
Next in the "Global Storage Settings" uncheck "Allow third-party Flash content to store on your computer"
http://i28.tinypic.com/10qkhp2.png
Finally in the "Global Privacy Settings" choose "Always Deny" then "Confirm"
http://i27.tinypic.com/29q15za.png
You have now successfully deleted cookies stored and changed the Flash Players default settings to prevent access in the future.
~~~~~~~~~~~~~~~~~~~~`
Download OTM by OldTimer Here (http://oldtimer.geekstogo.com/OTM.exe) & save it to your desktop.
Double click on OTM.exe to run it
Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error
:Commands
[emptytemp]
[EMPTYFLASH]
[Reboot]
Click on MoveIt!
When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.
A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.
~~~~~~~~~~~
jhrowehl
2015-02-26, 00:01
I was checking on this problem other places, and found some interesting information. Other people with this particular problem have made the observation that the rogue Iexplore processes only happen when connected to the internet via wireless (WiFi only, not when hard-wired). I checked this on my computer, and verified that yes, that is the case.
On a BleepingComputer forum, the problem has been identified. Here's the URL that I found, and the message from the thread:
http://www.bleepingcomputer.com/forums/t/537155/rogue-iexplorerexe-processes/
Posted 10 June 2014 - 06:18 PM
Hi Machiavelli,
I was not expecting a response so soon. But thank you very much.
Before reading your reply, and expecting a 5 day wait, I started investigating other cases that seemed similar to mine. This is contrary to what your response asked me to do, so I apologize for that. However, I believe that things have turned out fairly well.
After reading about rootkits and how they pose a special difficulty for malware removal, I noticed that I had not checked off "rootkit protection" when I ran the malwarebytes anti-malware program using the default settings. I don't seem to have a good copy of the malwarebytes log file but its report mentioned two instances of "forged physical sector" occurring on Drive 0, sector 1 and 211.
As I mentioned previously, the infected computer only displayed symptoms (multiple high-impact iexplorer.exe tasks) when connected to the internet. I ran this scan with the computer off the network and stayed off while I ran the Kaspersky TDSSKILLER program, again looking for rootkits.
In addition to three unsigned file messages that were listed as PUP, TDSSKiller reported the detection of Rootkit.Boot.Cidox which it later "cured". Here is the excerpt:
09:55:15.0059 0x17a4 [ 24ACB7E5BE595468E3B9AA488B9B4FCB,
63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows
\system32\services.exe
09:55:15.0069 0x17a4 [ Global ] - ok
09:55:15.0069 0x17a4 ================ Scan MBR ==================================
09:55:15.0079 0x17a4 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
09:55:15.0639 0x17a4 \Device\Harddisk0\DR0 - ok
09:55:15.0639 0x17a4 ================ Scan VBR ==================================
09:55:15.0649 0x17a4 [ AC3F64BF335A44CC7222D4C2A19002D0 ] \Device\Harddisk0\DR0\Partition1
09:55:15.0649 0x17a4 \Device\Harddisk0\DR0\Partition1 - detected Rootkit.Boot.Cidox.b ( 0 )
09:55:15.0649 0x17a4 \Device\Harddisk0\DR0\Partition1 ( Rootkit.Boot.Cidox.b ) - infected
09:55:15.0659 0x17a4 [ 043101663774E869C1BCB9508EDD43F1 ] \Device\Harddisk0\DR0\Partition2
09:55:15.0669 0x17a4 \Device\Harddisk0\DR0\Partition2 - ok
09:55:15.0669 0x17a4 [ 1D1077A86F92C7F9AA9635B3BBE17D3A ] \Device\Harddisk0\DR0\Partition3
09:55:15.0679 0x17a4 \Device\Harddisk0\DR0\Partition3 - ok
09:55:15.0709 0x17a4 [ EE5049425E0028B6FBA80D41E309EDC0 ] \Device\Harddisk0\DR0\Partition4
09:55:15.0709 0x17a4 \Device\Harddisk0\DR0\Partition4 - ok
After TDSSKILLER finished, I rebooted the system. Only then did I dare try connecting to the network to see if the symptoms (iexplorer.exe processes) would return. 10 hours later, they still have not, so I am feeling fairly confident of having stumbled into a fix.
Based on this, I will withdraw my request for help and ask that this case be closed. Thank you very much, though, for the help. It was only after learning that there was a 5 day backlog that I started reading up on rootkits and I chose to try TDSSKILLER after reading about a case similar to mine where it had worked.
I am not the person who normally uses this laptop and it is not clear how this situation arose in the first place. However, I believe they received a flurry of frightening messages that may have caused them to click "OK" a few times when they should not have.
Regards and thanks for this great collection of information.
mwamateur
I was checking on this problem other places, and found some interesting information. Other people with this particular problem have made the observation that the rogue Iexplore processes only happen when connected to the internet via wireless (WiFi only, not when hard-wired). I checked this on my computer, and verified that yes, that is the case.
OK, let me see if I understand.
You have no extra IE processes if your not connected to WiFi?
I was checking for background services that might use IE to do what they call "call home"
~~~~
We can have you run TDSSKiller too.
Download the latest version of TDSSKiller from here (http://media.kaspersky.com/utilities/VirusUtilities/EN/tdsskiller.exe) and save it to your Desktop.
Doubleclick on TDSSKiller.exe to run the application
https://dl.dropbox.com/u/73555776/tdss%20start.JPG
Then click on Change parameters.
https://dl.dropbox.com/u/73555776/tdss%20Change%20param.JPG
Check the boxes beside Verify Driver Digital Signature, Detect TDLFS file system and Use KSN to scan objects , then click OK.
Click the Start Scan button.
If a suspicious object is detected, the default action will be Skip, click on Continue.
https://dl.dropbox.com/u/73555776/tdss%20threat.JPG
If malicious objects are found, they will show in the Scan results and offer three (3) options.
Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Get the report by selecting Reports
https://dl.dropbox.com/u/73555776/tdss%20report.JPG
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
Please copy and paste its contents on your next reply.
A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
jhrowehl
2015-02-26, 03:09
OK, let me see if I understand.
You have no extra IE processes if your not connected to WiFi?
Well.... that's what it acted like, until I just got it with WiFi shut off and on a hard line connection. I thought I had located a good clue as to the source of the problem, but it's not acting that way now. Maybe a variant of what the other person had???
Do you still want me to run TDSSKiller, or should I hold on that?
jhrowehl
2015-02-26, 04:54
I Ran TDSSKiller. The only thing it found was a driver for a portable page scanner that I returned (Visioneer Road Warrior 3). Here's the log file:
21:45:18.0535 0x2ff8 TDSS rootkit removing tool 3.0.0.44 Jan 22 2015 08:27:04
21:45:43.0800 0x2ff8 ============================================================
21:45:43.0800 0x2ff8 Current date / time: 2015/02/25 21:45:43.0800
21:45:43.0800 0x2ff8 SystemInfo:
21:45:43.0800 0x2ff8
21:45:43.0800 0x2ff8 OS Version: 6.1.7601 ServicePack: 1.0
21:45:43.0800 0x2ff8 Product type: Workstation
21:45:43.0801 0x2ff8 ComputerName: ELSERVICE13
21:45:43.0801 0x2ff8 UserName: Henry
21:45:43.0801 0x2ff8 Windows directory: C:\Windows
21:45:43.0801 0x2ff8 System windows directory: C:\Windows
21:45:43.0801 0x2ff8 Running under WOW64
21:45:43.0801 0x2ff8 Processor architecture: Intel x64
21:45:43.0801 0x2ff8 Number of processors: 8
21:45:43.0801 0x2ff8 Page size: 0x1000
21:45:43.0801 0x2ff8 Boot type: Normal boot
21:45:43.0801 0x2ff8 ============================================================
21:45:50.0193 0x2ff8 KLMD registered as C:\Windows\system32\drivers\53617272.sys
21:45:50.0517 0x2ff8 System UUID: {95FE5133-F7DA-3D54-FF6A-4340E6870587}
21:45:51.0052 0x2ff8 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 ( 931.51 Gb ), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:45:51.0070 0x2ff8 ============================================================
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0:
21:45:51.0070 0x2ff8 MBR partitions:
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1777000
21:45:51.0070 0x2ff8 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x178B000, BlocksNum 0x72F7B000
21:45:51.0070 0x2ff8 ============================================================
21:45:51.0116 0x2ff8 C: <-> \Device\Harddisk0\DR0\Partition2
21:45:51.0117 0x2ff8 ============================================================
21:45:51.0117 0x2ff8 Initialize success
21:45:51.0117 0x2ff8 ============================================================
21:46:03.0129 0x2d38 ============================================================
21:46:03.0129 0x2d38 Scan started
21:46:03.0129 0x2d38 Mode: Manual; SigCheck; TDLFS;
21:46:03.0129 0x2d38 ============================================================
21:46:03.0129 0x2d38 KSN ping started
21:46:05.0840 0x2d38 KSN ping finished: true
21:46:07.0843 0x2d38 ================ Scan system memory ========================
21:46:07.0843 0x2d38 System memory - ok
21:46:07.0844 0x2d38 ================ Scan services =============================
21:46:08.0342 0x2d38 [ A87D604AEA360176311474C87A63BB88, B1507868C382CD5D2DBC0D62114FCFBF7A780904A2E3CA7C7C1DD0844ADA9A8F ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
21:46:08.0477 0x2d38 1394ohci - ok
21:46:08.0500 0x2d38 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2, FDAAB7E23012B4D31537C5BDEF245BB0A12FA060A072C250E21C68E18B22E002 ] ACPI C:\Windows\system32\drivers\ACPI.sys
21:46:08.0519 0x2d38 ACPI - ok
21:46:08.0526 0x2d38 [ 99F8E788246D495CE3794D7E7821D2CA, F91615463270AD2601F882CAED43B88E7EDA115B9FD03FC56320E48119F15F76 ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
21:46:08.0591 0x2d38 AcpiPmi - ok
21:46:08.0694 0x2d38 [ FC5B75CA6A1DA31EDD4F8D53F5540B98, CDC445F2790ADFC4C5568C40D4DA8BB95CD71991665B38AEC3D84571C99C3520 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:46:08.0707 0x2d38 AdobeARMservice - ok
21:46:09.0192 0x2d38 [ 080255CDCB878813B481B8C348D47D8E, 75808821FBC732D0504795B8F85852E4C01D3B412989A1E597E1295CFF7B7A45 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:46:09.0207 0x2d38 AdobeFlashPlayerUpdateSvc - ok
21:46:09.0268 0x2d38 [ 2F6B34B83843F0C5118B63AC634F5BF4, 43E3F5FBFB5D33981AC503DEE476868EC029815D459E7C36C4ABC2D2F75B5735 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
21:46:09.0290 0x2d38 adp94xx - ok
21:46:09.0308 0x2d38 [ 597F78224EE9224EA1A13D6350CED962, DA7FD99BE5E3B7B98605BF5C13BF3F1A286C0DE1240617570B46FE4605E59BDC ] adpahci C:\Windows\system32\drivers\adpahci.sys
21:46:09.0326 0x2d38 adpahci - ok
21:46:09.0337 0x2d38 [ E109549C90F62FB570B9540C4B148E54, E804563735153EA00A00641814244BC8A347B578E7D63A16F43FB17566EE5559 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
21:46:09.0359 0x2d38 adpu320 - ok
21:46:09.0379 0x2d38 [ 4B78B431F225FD8624C5655CB1DE7B61, 198A5AF2125C7C41F531A652D200C083A55A97DC541E3C0B5B253C7329949156 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
21:46:09.0489 0x2d38 AeLookupSvc - ok
21:46:09.0545 0x2d38 [ FA886682CFC5D36718D3E436AACF10B9, F80AB4F91AA6B5C7ECCB000D8E1BC2CF776DC3D69B3D9EBC2558C19035A6B3AB ] AFD C:\Windows\system32\drivers\afd.sys
21:46:09.0586 0x2d38 AFD - ok
21:46:09.0592 0x2d38 [ 608C14DBA7299D8CB6ED035A68A15799, 45360F89640BF1127C82A32393BD76205E4FA067889C40C491602F370C09282A ] agp440 C:\Windows\system32\drivers\agp440.sys
21:46:09.0608 0x2d38 agp440 - ok
21:46:09.0619 0x2d38 [ 3290D6946B5E30E70414990574883DDB, 0E9294E1991572256B3CDA6B031DB9F39CA601385515EE59F1F601725B889663 ] ALG C:\Windows\System32\alg.exe
21:46:09.0648 0x2d38 ALG - ok
21:46:09.0692 0x2d38 [ 5812713A477A3AD7363C7438CA2EE038, A7316299470D2E57A11499C752A711BF4A71EB11C9CBA731ED0945FF6A966721 ] aliide C:\Windows\system32\drivers\aliide.sys
21:46:09.0706 0x2d38 aliide - ok
21:46:09.0735 0x2d38 [ 7FE5CA98F71699F728972AA8BA03EC22, 6C9A122281C66F657887712E0AC2BD8263B46A45ECF972DAFE080B77E24C96C1 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
21:46:09.0791 0x2d38 AMD External Events Utility - ok
21:46:09.0804 0x2d38 [ 1FF8B4431C353CE385C875F194924C0C, 3EA3A7F426B0FFC2461EDF4FDB4B58ACC9D0730EDA5B728D1EA1346EA0A02720 ] amdide C:\Windows\system32\drivers\amdide.sys
21:46:09.0818 0x2d38 amdide - ok
21:46:09.0862 0x2d38 [ 7024F087CFF1833A806193EF9D22CDA9, E7F27E488C38338388103D3B7EEDD61D05E14FB140992AEE6F492FFC821BF529 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
21:46:09.0888 0x2d38 AmdK8 - ok
21:46:10.0476 0x2d38 [ 83508FB41256A868CECEB9A35E767DE8, 6B2254B139643DB8D6BBBCF25E6D9BDDDB68417346D6F7583FF8203182702D3F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
21:46:10.0985 0x2d38 amdkmdag - ok
21:46:11.0045 0x2d38 [ B8AE73945B29A4B8ABCADCB20C36EFBA, 65FCE35D6F6081B1AEC41DC38AC215582942F6849DEE3B5EEF517DEAF99BDA32 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
21:46:11.0076 0x2d38 amdkmdap - ok
21:46:11.0087 0x2d38 [ EF4680F07516F6D61F6E0BA1D34B3A3A, C367B323B26CF56AA6260E41129AE5F2DC97CFD0A9D984D9D5C051BE61ACD247 ] amdkmpfd C:\Windows\system32\DRIVERS\amdkmpfd.sys
21:46:11.0101 0x2d38 amdkmpfd - ok
21:46:11.0105 0x2d38 [ 1E56388B3FE0D031C44144EB8C4D6217, E88CA76FD47BA0EB427D59CB9BE040DE133D89D4E62D03A8D622624531D27487 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
21:46:11.0119 0x2d38 AmdPPM - ok
21:46:11.0125 0x2d38 [ D4121AE6D0C0E7E13AA221AA57EF2D49, 626F43C099BD197BE56648C367B711143C2BCCE96496BBDEF19F391D52FA01D0 ] amdsata C:\Windows\system32\drivers\amdsata.sys
21:46:11.0139 0x2d38 amdsata - ok
21:46:11.0147 0x2d38 [ F67F933E79241ED32FF46A4F29B5120B, D6EF539058F159CC4DD14CA9B1FD924998FEAC9D325C823C7A2DD21FEF1DC1A8 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
21:46:11.0164 0x2d38 amdsbs - ok
21:46:11.0179 0x2d38 [ 540DAF1CEA6094886D72126FD7C33048, 296578572A93F5B74E1AD443E000B79DC99D1CBD25082E02704800F886A3065F ] amdxata C:\Windows\system32\drivers\amdxata.sys
21:46:11.0191 0x2d38 amdxata - ok
21:46:11.0239 0x2d38 [ 4D8EBB1749651A5BAF59EB89878B2EE4, EE1DE79F078D60978219EEECB29520D6BC035D69A3D5C86C232BA1B92F55577D ] AnyDVD C:\Windows\system32\Drivers\AnyDVD.sys
21:46:11.0252 0x2d38 AnyDVD - ok
21:46:11.0382 0x2d38 [ 02C7FFB7791AC5B0A2A5EBA5E01F18CA, FE07FC0417F7BC7A5F36A14FC717C17EA12236C400D51A0B3165CF604AEFFFBF ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
21:46:11.0404 0x2d38 ApfiltrService - ok
21:46:11.0466 0x2d38 [ 39E327BC1E1FB314E1C3960B68A25DF5, 1C508FB786C7CC16A8C90312EC184A137D3C54B1E9AD3D8D072E40D2AFCF1C24 ] ApHidMonitorService C:\Program Files\DellTPad\HidMonitorSvc.exe
21:46:11.0475 0x2d38 ApHidMonitorService - ok
21:46:11.0482 0x2d38 [ 89A69C3F2F319B43379399547526D952, 8ABDB4B8E106F96EBBA0D4D04C4F432296516E107E7BA5644ED2E50CF9BB491A ] AppID C:\Windows\system32\drivers\appid.sys
21:46:12.0057 0x2d38 AppID - ok
21:46:12.0074 0x2d38 [ 0BC381A15355A3982216F7172F545DE1, C33AF13CB218F7BF52E967452573DF2ADD20A95C6BF99229794FEF07C4BBE725 ] AppIDSvc C:\Windows\System32\appidsvc.dll
21:46:12.0119 0x2d38 AppIDSvc - ok
21:46:12.0159 0x2d38 [ 9D2A2369AB4B08A4905FE72DB104498F, D6FA1705018BABABFA2362E05691A0D6408D14DE7B76129B16D0A1DAD6378E58 ] Appinfo C:\Windows\System32\appinfo.dll
21:46:12.0184 0x2d38 Appinfo - ok
21:46:12.0251 0x2d38 [ 4ABA3E75A76195A3E38ED2766C962899, E2001ACD44DA270B8289DA362D26416676301773AB22616C211F31CF2E7869AA ] AppMgmt C:\Windows\System32\appmgmts.dll
21:46:12.0281 0x2d38 AppMgmt - ok
21:46:12.0293 0x2d38 [ C484F8CEB1717C540242531DB7845C4E, C507CE26716EB923B864ED85E8FA0B24591E2784A2F4F0E78AEED7E9953311F6 ] arc C:\Windows\system32\drivers\arc.sys
21:46:12.0309 0x2d38 arc - ok
21:46:12.0316 0x2d38 [ 019AF6924AEFE7839F61C830227FE79C, 5926B9DDFC9198043CDD6EA0B384C83B001EC225A8125628C4A45A3E6C42C72A ] arcsas C:\Windows\system32\drivers\arcsas.sys
21:46:12.0333 0x2d38 arcsas - ok
21:46:12.0395 0x2d38 [ F15AB80B867D3332D5DDFB0A05B9CE04, 5A16577106246AB5DCC04FE0A0B00B7C5702557B75F958721E4C00383AB99809 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
21:46:12.0414 0x2d38 aspnet_state - ok
21:46:12.0433 0x2d38 [ 769765CE2CC62867468CEA93969B2242, 0D8F19D49869DF93A3876B4C2E249D12E83F9CE11DAE8917D368E292043D4D26 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
21:46:12.0484 0x2d38 AsyncMac - ok
21:46:12.0508 0x2d38 [ 02062C0B390B7729EDC9E69C680A6F3C, 0261683C6DC2706DCE491A1CDC954AC9C9E649376EC30760BB4E225E18DC5273 ] atapi C:\Windows\system32\drivers\atapi.sys
21:46:12.0522 0x2d38 atapi - ok
21:46:12.0582 0x2d38 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
21:46:12.0639 0x2d38 AudioEndpointBuilder - ok
21:46:12.0666 0x2d38 [ DE3E38431B00C2EA247C53675DCF01A0, 8965192096C94203A1F16689DCDA45FE0EDF3A6FB75B70FC378C2008E8E71C9B ] AudioSrv C:\Windows\System32\Audiosrv.dll
21:46:12.0704 0x2d38 AudioSrv - ok
21:46:12.0727 0x2d38 [ 54FE1CAFA3B3029B282E6A05EA672031, E972B8A22322FF06903A1E3AB20585E02A21C3A6EA9A75C172231494A08D14D1 ] Avgdiska C:\Windows\system32\DRIVERS\avgdiska.sys
21:46:12.0744 0x2d38 Avgdiska - ok
21:46:12.0938 0x2d38 [ 225B28E9303D375314C744AE181DF95F, 6BC8F19F6B4D901661022CD8F4EA90A8F1895B6B3BD1225B3708E2CBDCAB8D50 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
21:46:13.0080 0x2d38 AVGIDSAgent - ok
21:46:13.0185 0x2d38 [ A3124AC9C0AF30ABD000A7CB5779C101, 1719EE6986FC29EE4EA383B2DAF4CAF9C1E70A1F547F75F8D51EDA027D3E5236 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
21:46:13.0211 0x2d38 AVGIDSDriver - ok
21:46:13.0268 0x2d38 [ 68070AEEE757ACC6EC5BC291B1E8EA1A, 8A4902CE6F4696F33CD6CF98F96FDA7895B99A676916F3137CF34192AF3C25A4 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
21:46:13.0295 0x2d38 AVGIDSHA - ok
21:46:13.0330 0x2d38 [ 7C9E8FD2BFCE60BDF9B5944C0BE47C87, 0F51507BAECDEF7B6F553066621A03832FF070EC6837A8E304AABA1227F779BF ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
21:46:13.0363 0x2d38 Avgldx64 - ok
21:46:13.0419 0x2d38 [ 734DCC05A7F327FDCE43A18BA011FD4E, E5245314E60D86911A6A9FC1FE4A0C0D0284D972CE642C28B9B1A43D1553AFA5 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
21:46:13.0451 0x2d38 Avgloga - ok
21:46:13.0504 0x2d38 [ B4D589C734D796B5B76E0A0E5DA50397, CACAB2C0D01583CEB55C62334A4E9BB46A2E399BE9B7EDC988AEC785DF1FCC1C ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
21:46:13.0524 0x2d38 Avgmfx64 - ok
21:46:13.0570 0x2d38 [ 3CE824D46BA1871713ABF147E6BAD556, B4D8AFC388BE06D6E3C5CDC865F80FF101E731E1D2B221FFC6C1E28487E1B3CD ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
21:46:13.0587 0x2d38 Avgrkx64 - ok
21:46:13.0611 0x2d38 [ 0BB7ECAC81554D83A66A0B9F961BB9D0, BBCE86FE8980E06F5A92E8636D6D3F2FD7B6EF7DB999BBEB0E68A5FCB220EDC9 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
21:46:13.0639 0x2d38 Avgtdia - ok
21:46:13.0660 0x2d38 [ 2B38C7E964FA19A298D04CA177FF8B6F, B233B6AD03217AD72A8F4253FDCF182E6007B5D28178F38BDCACBC16BD69D0CB ] avgwd C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
21:46:13.0690 0x2d38 avgwd - ok
21:46:13.0782 0x2d38 [ A6BF31A71B409DFA8CAC83159E1E2AFF, CBB83F73FFD3C3FB4F96605067739F8F7A4A40B2B05417FA49E575E95628753F ] AxInstSV C:\Windows\System32\AxInstSV.dll
21:46:13.0832 0x2d38 AxInstSV - ok
21:46:13.0869 0x2d38 [ 3E5B191307609F7514148C6832BB0842, DE011CB7AA4A2405FAF21575182E0793A1D83DFFC44E9A7864D59F3D51D8D580 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
21:46:13.0896 0x2d38 b06bdrv - ok
21:46:13.0919 0x2d38 [ B5ACE6968304A3900EEB1EBFD9622DF2, 1DAA118D8CA3F97B34DF3D3CDA1C78EAB2ED225699FEABE89D331AE0CB7679FA ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
21:46:13.0976 0x2d38 b57nd60a - ok
21:46:14.0020 0x2d38 [ FDE360167101B4E45A96F939F388AEB0, 8D1457E866BBD645C4B9710DFBFF93405CC1193BF9AE42326F2382500B713B82 ] BDESVC C:\Windows\System32\bdesvc.dll
21:46:14.0050 0x2d38 BDESVC - ok
21:46:14.0063 0x2d38 [ 16A47CE2DECC9B099349A5F840654746, 77C008AEDB07FAC66413841D65C952DDB56FE7DCA5E9EF9C8F4130336B838024 ] Beep C:\Windows\system32\drivers\Beep.sys
21:46:14.0101 0x2d38 Beep - ok
21:46:14.0145 0x2d38 [ 82974D6A2FD19445CC5171FC378668A4, 075D25F47C0D2277E40AF8615571DAA5EB16B1824563632A9A7EC62505C29A4A ] BFE C:\Windows\System32\bfe.dll
21:46:14.0187 0x2d38 BFE - ok
21:46:14.0256 0x2d38 [ 1EA7969E3271CBC59E1730697DC74682, D511A34D63A6E0E6E7D1879068E2CD3D87ABEAF4936B2EA8CDDAD9F79D60FA04 ] BITS C:\Windows\system32\qmgr.dll
21:46:14.0342 0x2d38 BITS - ok
21:46:14.0348 0x2d38 [ 61583EE3C3A17003C4ACD0475646B4D3, 17E4BECC309C450E7E44F59A9C0BBC24D21BDC66DFBA65B8F198A00BB47A9811 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
21:46:14.0363 0x2d38 blbdrive - ok
21:46:14.0479 0x2d38 [ FEFF60CA0FBC86A043495FA79581CEA9, E8C4762AB9168C59DE6BABF6CEF5D02918D79F255FA86E7EA4324384C91733D0 ] Bluetooth Device Monitor C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:46:14.0514 0x2d38 Bluetooth Device Monitor - ok
21:46:14.0648 0x2d38 [ F6234C4C494D411DEE452483C866EFC8, 9F12A93D9DDF2D436900447B64855549866B8E895128B1A9BE9717ED77F722F7 ] Bluetooth Media Service C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:46:14.0694 0x2d38 Bluetooth Media Service - ok
21:46:14.0749 0x2d38 [ 075D93A7094E1BCBDE3A2D8EBA803745, 9E141EB26358D5B526D30A224DBF4EBE00EFAA19A78A22881AAF5E51C20DBED6 ] Bluetooth OBEX Service C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:46:14.0784 0x2d38 Bluetooth OBEX Service - ok
21:46:14.0828 0x2d38 [ 5AB58C337AC65837FE404462AD6265AB, F7E145F5D8DB1017D5B7B9D5380100F170FE5CC2050B5F7346A521B7B72D2166 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
21:46:14.0851 0x2d38 Bonjour Service - ok
21:46:14.0867 0x2d38 [ 6C02A83164F5CC0A262F4199F0871CF5, AD4632A6A203CB40970D848315D8ADB9C898349E20D8DF4107C2AE2703A2CF28 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
21:46:14.0897 0x2d38 bowser - ok
21:46:14.0905 0x2d38 [ F09EEE9EDC320B5E1501F749FDE686C8, 66691114C42E12F4CC6DC4078D4D2FA4029759ACDAF1B59D17383487180E84E3 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
21:46:14.0923 0x2d38 BrFiltLo - ok
21:46:14.0930 0x2d38 [ B114D3098E9BDB8BEA8B053685831BE6, 0ED23C1897F35FA00B9C2848DE4ED200E18688AA7825674888054BBC3A3EB92C ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
21:46:14.0950 0x2d38 BrFiltUp - ok
21:46:14.0973 0x2d38 [ 5C2F352A4E961D72518261257AAE204B, 9EE1001E1D46A414A7A86FE1DBBE232203E26F54D9EF43ED31ED8EACD4D09853 ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
21:46:15.0055 0x2d38 BridgeMP - ok
21:46:15.0118 0x2d38 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694, 40011138869F5496A3E78D38C9900B466B6F3877526AC22952DCD528173F4645 ] Browser C:\Windows\System32\browser.dll
21:46:15.0178 0x2d38 Browser - ok
21:46:15.0214 0x2d38 [ 43BEA8D483BF1870F018E2D02E06A5BD, 4E6F5A5FD8C796A110B0DC9FF29E31EA78C04518FC1C840EF61BABD58AB10272 ] Brserid C:\Windows\System32\Drivers\Brserid.sys
21:46:15.0243 0x2d38 Brserid - ok
21:46:15.0260 0x2d38 [ A6ECA2151B08A09CACECA35C07F05B42, E2875BB7768ABAF38C3377007AA0A3C281503474D1831E396FB6599721586B0C ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
21:46:15.0281 0x2d38 BrSerWdm - ok
21:46:15.0300 0x2d38 [ B79968002C277E869CF38BD22CD61524, 50631836502237AF4893ECDCEA43B9031C3DE97433F594D46AF7C3C77F331983 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
21:46:15.0337 0x2d38 BrUsbMdm - ok
21:46:15.0342 0x2d38 [ A87528880231C54E75EA7A44943B38BF, 4C8BBB29FDA76A96840AA47A8613C15D4466F9273A13941C19507008629709C9 ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
21:46:15.0366 0x2d38 BrUsbSer - ok
21:46:15.0384 0x2d38 [ CF98190A94F62E405C8CB255018B2315, E1B2540023C4FE9FD588E4B6AE6347DFA565EB3898F21E5360882BF3E8B5E781 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
21:46:15.0413 0x2d38 BthEnum - ok
21:46:15.0428 0x2d38 [ 9DA669F11D1F894AB4EB69BF546A42E8, B498B8B6CEF957B73179D1ADAF084BBB57BB3735D810F9BE2C7B1D58A4FD25A4 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
21:46:15.0452 0x2d38 BTHMODEM - ok
21:46:15.0466 0x2d38 [ 02DD601B708DD0667E1331FA8518E9FF, 7DE6CC4DBB621CD03B01D9CE6CF66EAFE31D39030A391562CD0E278E1D70ADE1 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
21:46:15.0523 0x2d38 BthPan - ok
21:46:15.0583 0x2d38 [ 738D0E9272F59EB7A1449C3EC118E6C4, FE3D32C2A5E4DC21376A0F89C0B2EE024ECF1A3FB99213CC9BBC986ADF7AF080 ] BTHPORT C:\Windows\system32\Drivers\BTHport.sys
21:46:15.0618 0x2d38 BTHPORT - ok
21:46:15.0686 0x2d38 [ 95F9C2976059462CBBF227F7AAB10DE9, 2797AE919FF7606B070FB039CECDB0707CD2131DCAC09C5DF14F443D881C9F34 ] bthserv C:\Windows\system32\bthserv.dll
21:46:15.0738 0x2d38 bthserv - ok
21:46:15.0753 0x2d38 [ F188B7394D81010767B6DF3178519A37, 576304E92FD94908F093A6AB5F4D328F25829BE32EC3CA0D29EBFDF5DE83539B ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
21:46:15.0772 0x2d38 BTHUSB - ok
21:46:15.0797 0x2d38 [ 4E10213D463B3AC9D003980398A16F01, F04CC0693006E5A8336A358F1E31C239EB3CED5D4487CD1F95F75C43A6BAFEC4 ] btmaux C:\Windows\system32\DRIVERS\btmaux.sys
21:46:15.0811 0x2d38 btmaux - ok
21:46:15.0880 0x2d38 [ C446E06887B7064B204E7778C4A4D192, DB3F26C76D0380FAB4F324D9E0E3DF790B294A1FB9B271004130E50E8F7E69F1 ] btmhsf C:\Windows\system32\DRIVERS\btmhsf.sys
21:46:15.0941 0x2d38 btmhsf - ok
21:46:15.0995 0x2d38 catchme - ok
21:46:16.0032 0x2d38 [ B8BD2BB284668C84865658C77574381A, 6C55BA288B626DF172FDFEA0BD7027FAEBA1F44EF20AB55160D7C7DC6E717D65 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
21:46:16.0165 0x2d38 cdfs - ok
21:46:16.0184 0x2d38 [ F036CE71586E93D94DAB220D7BDF4416, BD07AAD9E20CEAF9FC84E4977C55EA2C45604A2C682AC70B9B9A2199B6713D5B ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
21:46:16.0205 0x2d38 cdrom - ok
21:46:16.0249 0x2d38 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] CertPropSvc C:\Windows\System32\certprop.dll
21:46:16.0300 0x2d38 CertPropSvc - ok
21:46:16.0305 0x2d38 [ D7CD5C4E1B71FA62050515314CFB52CF, 513B5A849899F379F0BC6AB3A8A05C3493C2393C95F036612B96EC6E252E1C64 ] circlass C:\Windows\system32\drivers\circlass.sys
21:46:16.0327 0x2d38 circlass - ok
21:46:16.0353 0x2d38 [ FE1EC06F2253F691FE36217C592A0206, B9F122DB5E665ECDF29A5CB8BB6B531236F31A54A95769D6C5C1924C87FE70CE ] CLFS C:\Windows\system32\CLFS.sys
21:46:16.0379 0x2d38 CLFS - ok
21:46:16.0464 0x2d38 [ F13EC8A783E0CB0D6DC26A3CA848B7B8, 0809E3B71709F1343086EEB6C820543C1A7119E74EEF8AC1AEE1F81093ABEC66 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:46:16.0482 0x2d38 clr_optimization_v2.0.50727_32 - ok
21:46:16.0520 0x2d38 [ B4D73F04E9BC076F7CDAC4327DF636BB, 1ADED20D5A0D0A76E2F85CB778FD06BAB814868D35F8532E17D67045FF4770C2 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:46:16.0551 0x2d38 clr_optimization_v2.0.50727_64 - ok
21:46:16.0765 0x2d38 [ F5AB4D2E36625F355E81539239765107, 48E6AD65EEFD6C54F938F5753EF58377CDA77ADBB41CD8635F0040D61EFB92A4 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:46:16.0780 0x2d38 clr_optimization_v4.0.30319_32 - ok
21:46:16.0814 0x2d38 [ 9ACBE5EC13C2CC95833BFB7636CA8B1A, 6224DA9FB335D2A8374C60B8DEA539DD3A0E43230DB888B137B71A56EC57D6AF ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:46:16.0828 0x2d38 clr_optimization_v4.0.30319_64 - ok
21:46:16.0885 0x2d38 [ 0840155D0BDDF1190F84A663C284BD33, 696039FA63CFEB33487FAA8FD7BBDB220141E9C6E529355D768DFC87999A9C3A ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
21:46:16.0899 0x2d38 CmBatt - ok
21:46:16.0918 0x2d38 [ E19D3F095812725D88F9001985B94EDD, 46243C5CCC4981CAC6FA6452FFCEC33329BF172448F1852D52592C9342E0E18B ] cmdide C:\Windows\system32\drivers\cmdide.sys
21:46:16.0929 0x2d38 cmdide - ok
21:46:16.0993 0x2d38 [ E45CDE1C8340DFEDF1D6724263F39E5B, 8B8091D0A8FF08170F34DA01A4201DAE7C3D026226BC77B5C2EC67657C670168 ] CNG C:\Windows\system32\Drivers\cng.sys
21:46:17.0020 0x2d38 CNG - ok
21:46:17.0040 0x2d38 [ 102DE219C3F61415F964C88E9085AD14, CD74CB703381F1382C32CF892FF2F908F4C9412E1BC77234F8FEA5D4666E1BF1 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
21:46:17.0051 0x2d38 Compbatt - ok
21:46:17.0058 0x2d38 [ 03EDB043586CCEBA243D689BDDA370A8, 0E4523AA332E242D5C2C61C5717DBA5AB6E42DADB5A7E512505FC2B6CC224959 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
21:46:17.0089 0x2d38 CompositeBus - ok
21:46:17.0092 0x2d38 COMSysApp - ok
21:46:17.0734 0x2d38 [ 9B91E372C494ED0E2CEC9A6478605A5D, 0B806C84B231A5586DA36180AD1D81E1CDC3CA7585954E139E9535F3DCF2F3E0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
21:46:17.0777 0x2d38 cphs - ok
21:46:17.0868 0x2d38 cpuz134 - ok
21:46:17.0876 0x2d38 [ 1C827878A998C18847245FE1F34EE597, 41EF7443D8B2733AA35CAC64B4F5F74FAC8BB0DA7D3936B69EC38E2DC3972E60 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
21:46:17.0886 0x2d38 crcdisk - ok
21:46:17.0991 0x2d38 [ 5A0A034F89061A8336CD54111CC381DB, A8AB4528C006131CD366714EBEC190270A04D625C2F733954F253AFC6A3A605A ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
21:46:18.0037 0x2d38 Credential Vault Host Control Service - ok
21:46:18.0051 0x2d38 [ 9B578ED25F4F3E91DD71353F24578D57, 46BFAC2383101718D8A51AF4988308599F60F12C02626A1185B991A3EBC3A54E ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
21:46:18.0062 0x2d38 Credential Vault Host Storage - ok
21:46:18.0098 0x2d38 [ C82FFA9188ECB7818449643E55DD7C5D, AE79F9A71BF174DD4F7E823B7849DAB6CE90CEABC994DB924B61E4DBA73CB2D2 ] CredFltL C:\Windows\system32\DRIVERS\CredFltL.sys
21:46:18.0111 0x2d38 CredFltL - ok
21:46:18.0140 0x2d38 [ 19D511CC455C19DE1ADF60E6C39C85B6, 2A05DD5EF3D0BEC2C9F4EA186E0E2D0F7BE0BF6A473D51194B09D33773AC7FAA ] CryptSvc C:\Windows\system32\cryptsvc.dll
21:46:18.0182 0x2d38 CryptSvc - ok
21:46:18.0214 0x2d38 [ 54DA3DFD29ED9F1619B6F53F3CE55E49, 9177C6907A983296BF188892A894B668A09FFA058FD56B50FE12940D54B0FA5E ] CSC C:\Windows\system32\drivers\csc.sys
21:46:18.0261 0x2d38 CSC - ok
21:46:18.0305 0x2d38 [ 3AB183AB4D2C79DCF459CD2C1266B043, 72B0187EBA9DC74E61EC5CB3DC24058DDB768843E865801894AAEAA211610C56 ] CscService C:\Windows\System32\cscsvc.dll
21:46:18.0351 0x2d38 CscService - ok
21:46:18.0358 0x2d38 [ F85BC7EDA17B871BC0898438319787AF, B982063BD4097765953DF277B81E04F7775F27F95DE3DFB5D7D9498594CBD08C ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
21:46:18.0371 0x2d38 cvusbdrv - ok
21:46:18.0394 0x2d38 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] DcomLaunch C:\Windows\system32\rpcss.dll
21:46:18.0476 0x2d38 DcomLaunch - ok
21:46:18.0518 0x2d38 [ B56714DED87E29377F1EE930691DADA2, B3C3BC4F546A786A93823C1471D560BF678A9C95237065E3B99B2B80E6C28131 ] DDDriver C:\Windows\system32\drivers\DDDriver64Dcsa.sys
21:46:18.0530 0x2d38 DDDriver - ok
21:46:18.0575 0x2d38 [ 3CEC7631A84943677AA8FA8EE5B6B43D, 32061DAC9ED6C1EBA3B367B18D0E965AEEC2DF635DCF794EC39D086D32503AC5 ] defragsvc C:\Windows\System32\defragsvc.dll
21:46:18.0636 0x2d38 defragsvc - ok
21:46:18.0697 0x2d38 [ AB33E055B5941276B78C754B8A3A7CFA, EEA4AC0964086919207CC3AE7D80F4381BA22CA8E5F3FF460256D77D2086C48E ] Dell Foundation Services C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
21:46:18.0722 0x2d38 Dell Foundation Services - ok
21:46:18.0726 0x2d38 Dell.CommandPowerManager.Service - ok
21:46:18.0852 0x2d38 [ 08A2D0B5E1F4CB9E449DB2FA5A253A66, C40F5EFA617C3EDFEC363F2ABB154093DF565E2F7B52D749D42C29D108C1AC88 ] DellDataVault C:\Program Files\Dell\DellDataVault\DellDataVault.exe
21:46:19.0003 0x2d38 DellDataVault - ok
21:46:19.0033 0x2d38 [ ECBC33C3106FDA2B4B2DBFBAC2EA87B7, 9CE15F4899B415556D96239B86D97AF77DB22EFD1CF5F441B7178C2CA85D34D9 ] DellDataVaultWiz C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
21:46:19.0052 0x2d38 DellDataVaultWiz - ok
21:46:19.0064 0x2d38 [ EA26A4A4EFF6F5677C8745D274E23913, 32B9CB58B34E23126E18CFB5AA75AEC2EF1D5A8A7ACBCBEF4B3ACCB20FD1B8C4 ] DellDigitalDelivery c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
21:46:19.0081 0x2d38 DellDigitalDelivery - ok
21:46:19.0158 0x2d38 [ 5461CF7CDE4EB6D912721FA73B1B98B1, 43FCDF3D92AACC050B8400867D291191DDC7FA391F30C313FDF918AEAAE2E6B2 ] DellMgmtAgent C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
21:46:19.0178 0x2d38 DellMgmtAgent - ok
21:46:19.0183 0x2d38 [ 7E9271E255162E725DB929F1487F5EE7, AB781AF9435EE98D5141E7D57B659465E2CD614ED5EFAAC06CC61FA366D062EC ] DellMgmtLoader C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
21:46:19.0194 0x2d38 DellMgmtLoader - ok
21:46:19.0204 0x2d38 [ 95CFA0A0A4DA659A4B172C0DC8978539, 59FB9997117C534D4645923DBFD06B8FD77A2342921127667893752D5C24ED9F ] DellMgmtServer C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
21:46:19.0215 0x2d38 DellMgmtServer - ok
21:46:19.0226 0x2d38 [ 66C87079CFCB61B650086802693114E0, B1EE411DF69BB98D5D9FA2D88C4C9FE1E4877FD8BBF572C3F444C90576ED0724 ] DellProf C:\Windows\system32\drivers\DellProf.sys
21:46:19.0239 0x2d38 DellProf - ok
21:46:19.0259 0x2d38 [ 9BB2EF44EAA163B29C4A4587887A0FE4, 03667BC3EA5003F4236929C10F23D8F108AFCB29DB5559E751FB26DFB318636F ] DfsC C:\Windows\system32\Drivers\dfsc.sys
21:46:19.0324 0x2d38 DfsC - ok
21:46:19.0378 0x2d38 [ 43D808F5D9E1A18E5EEB5EBC83969E4E, C10D1155D71EABE4ED44C656A8F13078A8A4E850C4A8FBB92D52D173430972B8 ] Dhcp C:\Windows\system32\dhcpcore.dll
21:46:19.0416 0x2d38 Dhcp - ok
21:46:19.0435 0x2d38 [ 13096B05847EC78F0977F2C0F79E9AB3, 1E44981B684F3E56F5D2439BB7FA78BD1BC876BB2265AE089AEC68F241B05B26 ] discache C:\Windows\system32\drivers\discache.sys
21:46:19.0486 0x2d38 discache - ok
21:46:19.0532 0x2d38 [ 9819EEE8B5EA3784EC4AF3B137A5244C, 571BC886E87C888DA96282E381A746D273B58B9074E84D4CA91275E26056D427 ] Disk C:\Windows\system32\drivers\disk.sys
21:46:19.0585 0x2d38 Disk - ok
21:46:19.0606 0x2d38 [ EA30E307C7597CD63FD80789381AA7EE, 0E9A9A3ECD1263BB70295BE2A2D1D215B22740EC4EECB2EBA0B03B70AED3AB9C ] DLABMFSE C:\Windows\system32\Drivers\DLABMFSE.SYS
21:46:19.0615 0x2d38 DLABMFSE - ok
21:46:19.0631 0x2d38 [ 1D393BA0B3E3CD9C104CB38FF72FBE95, EDAD19EBD00511E0CDFE70FCC981A7A6FABFFE167897DEC1444E1EFF6119029A ] DLABOIOE C:\Windows\system32\Drivers\DLABOIOE.SYS
21:46:19.0640 0x2d38 DLABOIOE - ok
21:46:19.0657 0x2d38 [ 2575C3CA7C51B9D14A3ABFC622C9E6C7, 1731C33FDAB7424A35F934B98B451427054A0FA779EB1B9160A0E812AEED3F0A ] DLACDBHE C:\Windows\system32\Drivers\DLACDBHE.SYS
21:46:19.0667 0x2d38 DLACDBHE - ok
21:46:19.0680 0x2d38 [ 5DDF633063FF1FEE3DC0237080067E4A, D3DAE4931B4EAD2D778D6DBAA30571134DADC185280EF20825C21D53AC13D37C ] DLADResE C:\Windows\system32\Drivers\DLADResE.SYS
21:46:19.0689 0x2d38 DLADResE - ok
21:46:19.0702 0x2d38 [ 431F127D564ABADE3AC737B4575C6B9C, 182C7D80A6FC07EABACA7FC0AFC62A64C136D2D7DB11958CAE675BA442B58F91 ] DLAIFS_E C:\Windows\system32\Drivers\DLAIFS_E.SYS
21:46:19.0713 0x2d38 DLAIFS_E - ok
21:46:19.0738 0x2d38 [ EC379D9C31DD6597CFDF97DB44C3B370, 7F5A9704FBEB712A5E9A086E20343DA9ED14C1746D79C388CFF84CBA7B6D7754 ] DLAOPIOE C:\Windows\system32\Drivers\DLAOPIOE.SYS
21:46:19.0748 0x2d38 DLAOPIOE - ok
21:46:19.0759 0x2d38 [ 4F64A963E4213FC83943B8D6E6C4C5C6, FBCC1B7FAEA93D92477FBED10154A014B3526742ECE2205D524747B2F2E7A4A3 ] DLAPoolE C:\Windows\system32\Drivers\DLAPoolE.SYS
21:46:19.0767 0x2d38 DLAPoolE - ok
21:46:19.0775 0x2d38 [ 6D818721DD4A5E86683CC4BC5FD447FB, F65983642986D29700627843E9820DD673045B95044CE7FFE123AAC24D7A17B1 ] DLARTL_E C:\Windows\system32\Drivers\DLARTL_E.SYS
21:46:19.0784 0x2d38 DLARTL_E - ok
21:46:19.0791 0x2d38 [ 3ADEF2CF78438F74035F5D1248204124, 69F5B9B1A395407472D717B9729A37C2C7E99AAF75BB2F02501E88718BEE408C ] DLAUDFAE C:\Windows\system32\Drivers\DLAUDFAE.SYS
21:46:19.0803 0x2d38 DLAUDFAE - ok
21:46:19.0860 0x2d38 [ ADF79D03473E320788EC0F2CFF3091D4, 09078CB9F5A0450584DF4920F72E19EFEF303C48673168BF34BD19687CD752D3 ] DLAUDF_E C:\Windows\system32\Drivers\DLAUDF_E.SYS
21:46:19.0872 0x2d38 DLAUDF_E - ok
21:46:19.0901 0x2d38 [ 5DB085A8A6600BE6401F2B24EECB5415, 5FC5C7C1B4DB7BF6EFD0992E91DB41FD047E90D1ABA0B8F868CB72557F88FB13 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
21:46:19.0932 0x2d38 dmvsc - ok
21:46:19.0954 0x2d38 [ 16835866AAA693C7D7FCEBA8FFF706E4, 15891558F7C1F2BB57A98769601D447ED0D952354A8BB347312D034DC03E0242 ] Dnscache C:\Windows\System32\dnsrslvr.dll
21:46:19.0987 0x2d38 Dnscache - ok
21:46:20.0018 0x2d38 [ B1FB3DDCA0FDF408750D5843591AFBC6, AB6AD9C5E7BA2E3646D0115B67C4800D1CB43B4B12716397657C7ADEEE807304 ] dot3svc C:\Windows\System32\dot3svc.dll
21:46:20.0071 0x2d38 dot3svc - ok
21:46:20.0135 0x2d38 [ 4B235DC5019D66670E5A53284CA6CCBC, 3573FD68128E298E78B01F50DD33B93C46D05C84AC2654E6F8496C6A73774EE3 ] DpHost C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
21:46:20.0154 0x2d38 DpHost - ok
21:46:20.0176 0x2d38 [ B26F4F737E8F9DF4F31AF6CF31D05820, 394BBBED4EC7FAD4110F62A43BFE0801D4AC56FFAC6C741C69407B26402311C7 ] DPS C:\Windows\system32\dps.dll
21:46:20.0222 0x2d38 DPS - ok
21:46:20.0240 0x2d38 [ 9B19F34400D24DF84C858A421C205754, 967AF267B4124BADA8F507CEBF25F2192D146A4D63BE71B45BFC03C5DA7F21A7 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
21:46:20.0292 0x2d38 drmkaud - ok
21:46:20.0309 0x2d38 [ 0E0C5B8768CFB27A513FE8528A291EF9, 6FE26740D63C1289E90A1593A0337DBDF1E2F96F851BDCBA11425CE2E9026B61 ] DRVECDB C:\Windows\system32\Drivers\DRVECDB.SYS
21:46:20.0321 0x2d38 DRVECDB - ok
21:46:20.0337 0x2d38 [ FBF2605C90BD04C3B625A67961EEABB6, E42363221D3124AC46B5CB9971DEB614F0651EB0A534816F6DBBD94D8AE74F4E ] DRVEDDM C:\Windows\system32\Drivers\DRVEDDM.SYS
21:46:20.0346 0x2d38 DRVEDDM - ok
21:46:20.0459 0x2d38 [ 87CE5C8965E101CCCED1F4675557E868, 077D98F0F130B2FC710208BA34016EF2B2506EE2BD71740B228145E34A3046F1 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
21:46:20.0491 0x2d38 DXGKrnl - ok
21:46:20.0553 0x2d38 [ C47C212490AE1C2AB4A34A40C39485B4, 1B739D8F5BA344F14C78B547ABE281EEE13916D976A7E97B39A9E779D198B9E3 ] e1dexpress C:\Windows\system32\DRIVERS\e1d62x64.sys
21:46:20.0576 0x2d38 e1dexpress - ok
21:46:20.0600 0x2d38 [ E2DDA8726DA9CB5B2C4000C9018A9633, 0C967DBC3636A76A696997192A158AA92A1AF19F01E3C66D5BF91818A8FAEA76 ] EapHost C:\Windows\System32\eapsvc.dll
21:46:20.0637 0x2d38 EapHost - ok
21:46:20.0758 0x2d38 [ DC5D737F51BE844D8C82C695EB17372F, 6D4022D9A46EDE89CEF0FAEADCC94C903234DFC460C0180D24FF9E38E8853017 ] ebdrv C:\Windows\system32\drivers\evbda.sys
21:46:20.0923 0x2d38 ebdrv - ok
21:46:20.0938 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] EFS C:\Windows\System32\lsass.exe
21:46:20.0970 0x2d38 EFS - ok
21:46:21.0052 0x2d38 [ C4002B6B41975F057D98C439030CEA07, 3D2484FBB832EFB90504DD406ED1CF3065139B1FE1646471811F3A5679EF75F1 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
21:46:21.0116 0x2d38 ehRecvr - ok
21:46:21.0124 0x2d38 [ 4705E8EF9934482C5BB488CE28AFC681, 359E9EC5693CE0BE89082E1D5D8F5C5439A5B985010FF0CB45C11E3CFE30637D ] ehSched C:\Windows\ehome\ehsched.exe
21:46:21.0145 0x2d38 ehSched - ok
21:46:21.0170 0x2d38 [ BDD265EEB37DF5953A547FE412E2472F, 17EB4FD54D62207937F8CA7454837DBF1EEC867AEDAF201FC2E839A3ED357F4F ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
21:46:21.0183 0x2d38 ElbyCDIO - ok
21:46:21.0218 0x2d38 [ 0E5DA5369A0FCAEA12456DD852545184, 9A64AC5396F978C3B92794EDCE84DCA938E4662868250F8C18FA7C2C172233F8 ] elxstor C:\Windows\system32\drivers\elxstor.sys
21:46:21.0251 0x2d38 elxstor - ok
21:46:21.0284 0x2d38 [ 8470CEC3C8BB1418687AD3ADED13845D, 107F8F36AB7D3BF8E15EF6EC1BC6A95FE33827B3F281C3B481A5AE8A962EADAC ] Emc.Captiva.WebCaptureService C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
21:46:21.0296 0x2d38 Emc.Captiva.WebCaptureService - ok
21:46:21.0306 0x2d38 [ 34A3C54752046E79A126E15C51DB409B, 7D5B5E150C7C73666F99CBAFF759029716C86F16B927E0078D77F8A696616D75 ] ErrDev C:\Windows\system32\drivers\errdev.sys
21:46:21.0341 0x2d38 ErrDev - ok
21:46:21.0372 0x2d38 [ 4166F82BE4D24938977DD1746BE9B8A0, 24121751B7306225AD1C808442D7B030DEF377E9316AA0A3C5C7460E87317881 ] EventSystem C:\Windows\system32\es.dll
21:46:21.0448 0x2d38 EventSystem - ok
21:46:21.0498 0x2d38 [ BF220856C02DF9AB74786BE92246A0E1, 9F35F4A08967634206B965BF94469380C0ACCF8A6C973E90ED85ECECF284CE34 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
21:46:21.0532 0x2d38 EvtEng - ok
21:46:21.0543 0x2d38 [ A510C654EC00C1E9BDD91EEB3A59823B, 76CD277730F7B08D375770CD373D786160F34D1481AF0536BA1A5D2727E255F5 ] exfat C:\Windows\system32\drivers\exfat.sys
21:46:21.0602 0x2d38 exfat - ok
21:46:21.0628 0x2d38 [ 0ADC83218B66A6DB380C330836F3E36D, 798D6F83B5DBCC1656595E0A96CF12087FCCBE19D1982890D0CE5F629B328B29 ] fastfat C:\Windows\system32\drivers\fastfat.sys
21:46:21.0684 0x2d38 fastfat - ok
21:46:21.0732 0x2d38 [ DBEFD454F8318A0EF691FDD2EAAB44EB, 7F52AE222FF28503B6FC4A5852BD0CAEAF187BE69AF4B577D3DE474C24366099 ] Fax C:\Windows\system32\fxssvc.exe
21:46:21.0778 0x2d38 Fax - ok
21:46:21.0792 0x2d38 [ D765D19CD8EF61F650C384F62FAC00AB, 9F0A483A043D3BA873232AD3BA5F7BF9173832550A27AF3E8BD433905BD2A0EE ] fdc C:\Windows\system32\drivers\fdc.sys
21:46:21.0824 0x2d38 fdc - ok
21:46:21.0828 0x2d38 [ 0438CAB2E03F4FB61455A7956026FE86, 6D4DDC2973DB25CE0C7646BC85EFBCC004EBE35EA683F62162AE317C6F1D8DFE ] fdPHost C:\Windows\system32\fdPHost.dll
21:46:21.0888 0x2d38 fdPHost - ok
21:46:21.0894 0x2d38 [ 802496CB59A30349F9A6DD22D6947644, 52D59D3D628D5661F83F090F33F744F6916E0CC1F76E5A33983E06EB66AE19F8 ] FDResPub C:\Windows\system32\fdrespub.dll
21:46:21.0944 0x2d38 FDResPub - ok
21:46:21.0950 0x2d38 [ 655661BE46B5F5F3FD454E2C3095B930, 549C8E2A2A37757E560D55FFA6BFDD838205F17E40561E67F0124C934272CD1A ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
21:46:21.0965 0x2d38 FileInfo - ok
21:46:21.0979 0x2d38 [ 5F671AB5BC87EEA04EC38A6CD5962A47, 6B61D3363FF3F9C439BD51102C284972EAE96ACC0683B9DC7E12D25D0ADC51B6 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
21:46:22.0029 0x2d38 Filetrace - ok
21:46:22.0044 0x2d38 [ C172A0F53008EAEB8EA33FE10E177AF5, 9175A95B323696D1B35C9EFEB7790DD64E6EE0B7021E6C18E2F81009B169D77B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
21:46:22.0062 0x2d38 flpydisk - ok
21:46:22.0085 0x2d38 [ DA6B67270FD9DB3697B20FCE94950741, F621A4462C9F2904063578C427FAF22D7D66AE9967605C11C798099817CE5331 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
21:46:22.0107 0x2d38 FltMgr - ok
21:46:22.0164 0x2d38 [ C4C183E6551084039EC862DA1C945E3D, 0874A2ACDD24D64965AA9A76E9C818E216880AE4C9A2E07ED932EE404585CEE6 ] FontCache C:\Windows\system32\FntCache.dll
21:46:22.0235 0x2d38 FontCache - ok
21:46:22.0257 0x2d38 [ A8B7F3818AB65695E3A0BB3279F6DCE6, 89FCF10F599767E67A1E011753E34DA44EAA311F105DBF69549009ED932A60F0 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:46:22.0271 0x2d38 FontCache3.0.0.0 - ok
21:46:22.0279 0x2d38 [ D43703496149971890703B4B1B723EAC, F06397B2EDCA61629249D2EF1CBB7827A8BEAB8488246BD85EF6AE1363C0DA6E ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
21:46:22.0295 0x2d38 FsDepends - ok
21:46:22.0309 0x2d38 [ 6BD9295CC032DD3077C671FCCF579A7B, 83622FBB0CB923798E7E584BF53CAAF75B8C016E3FF7F0FA35880FF34D1DFE33 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
21:46:22.0323 0x2d38 Fs_Rec - ok
21:46:22.0363 0x2d38 [ 8F6322049018354F45F05A2FD2D4E5E0, 73BF0FB4EBD7887E992DDEBB79E906958D6678F8D1107E8C368F5A0514D80359 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
21:46:22.0387 0x2d38 fvevol - ok
21:46:22.0411 0x2d38 [ 8C778D335C9D272CFD3298AB02ABE3B6, 85F0B13926B0F693FA9E70AA58DE47100E4B6F893772EBE4300C37D9A36E6005 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
21:46:22.0423 0x2d38 gagp30kx - ok
21:46:22.0513 0x2d38 [ 12CD74D8F037AE10E03C2415EFF59EF5, EDE7187DC57010119A46730B63EAF1548E3BDC170D375568880478AB36340726 ] Garmin Core Update Service C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
21:46:22.0533 0x2d38 Garmin Core Update Service - ok
21:46:22.0627 0x2d38 [ 277BBC7E1AA1EE957F573A10ECA7EF3A, 2EE60B924E583E847CC24E78B401EF95C69DB777A5B74E1EC963E18D47B94D24 ] gpsvc C:\Windows\System32\gpsvc.dll
21:46:22.0678 0x2d38 gpsvc - ok
21:46:22.0733 0x2d38 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:22.0759 0x2d38 gupdate - ok
21:46:22.0767 0x2d38 [ 506708142BC63DABA64F2D3AD1DCD5BF, 9C36A08D9E7932FF4DA7B5F24E6B42C92F28685B8ABE964C870E8D7670FD531A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
21:46:22.0778 0x2d38 gupdatem - ok
21:46:22.0783 0x2d38 [ F2523EF6460FC42405B12248338AB2F0, B2F3DE8DE1F512D871BC2BC2E8D0E33AB03335BFBC07627C5F88B65024928E19 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
21:46:22.0798 0x2d38 hcw85cir - ok
21:46:22.0857 0x2d38 [ 975761C778E33CD22498059B91E7373A, 8304E15FBE6876BE57263A03621365DA8C88005EAC532A770303C06799D915D9 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
21:46:22.0882 0x2d38 HdAudAddService - ok
21:46:22.0937 0x2d38 [ 97BFED39B6B79EB12CDDBFEED51F56BB, 3CF981D668FB2381E52AF2E51E296C6CFB47B0D62249645278479D0111A47955 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
21:46:22.0953 0x2d38 HDAudBus - ok
21:46:22.0965 0x2d38 [ 78E86380454A7B10A5EB255DC44A355F, 11F3ED7ACFFA3024B9BD504F81AC39F5B4CED5A8A425E8BADF7132EFEDB9BD64 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
21:46:22.0991 0x2d38 HidBatt - ok
21:46:23.0008 0x2d38 [ 7FD2A313F7AFE5C4DAB14798C48DD104, 94CBFD4506CBDE4162CEB3367BAB042D19ACA6785954DC0B554D4164B9FCD0D4 ] HidBth C:\Windows\system32\drivers\hidbth.sys
21:46:23.0024 0x2d38 HidBth - ok
21:46:23.0042 0x2d38 [ 0A77D29F311B88CFAE3B13F9C1A73825, 8615DC6CEFB591505CE16E054A71A4F371B827DDFD5E980777AB4233DCFDA01D ] HidIr C:\Windows\system32\drivers\hidir.sys
21:46:23.0057 0x2d38 HidIr - ok
21:46:23.0107 0x2d38 [ BD9EB3958F213F96B97B1D897DEE006D, 4D01CBF898B528B3A4E5A683DF2177300AFABD7D4CB51F1A7891B1B545499631 ] hidserv C:\Windows\System32\hidserv.dll
21:46:23.0141 0x2d38 hidserv - ok
21:46:23.0178 0x2d38 [ 9592090A7E2B61CD582B612B6DF70536, FD11D5E02C32D658B28FCC35688AB66CCB5D3A0A0D74C82AE0F0B6C67B568A0F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
21:46:23.0219 0x2d38 HidUsb - ok
21:46:23.0244 0x2d38 [ 387E72E739E15E3D37907A86D9FF98E2, 9935BE2E58788E79328293AF2F202CB0F6042441B176F75ACC5AEA93C8E05531 ] hkmsvc C:\Windows\system32\kmsvc.dll
21:46:23.0307 0x2d38 hkmsvc - ok
21:46:23.0339 0x2d38 [ EFDFB3DD38A4376F93E7985173813ABD, 70402FA73A5A2A8BB557AAC8F531E373077D28DE5F40A1F3F14B940BE01CD2E1 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
21:46:23.0384 0x2d38 HomeGroupListener - ok
21:46:23.0412 0x2d38 [ 908ACB1F594274965A53926B10C81E89, 7D34A742AC486294D82676F8465A3EF26C8AC3317C32B63F62031CB007CFC208 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
21:46:23.0436 0x2d38 HomeGroupProvider - ok
21:46:23.0442 0x2d38 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC, E9E6A1665740CFBC2DD321010007EF42ABA2102AEB9772EE8AA3354664B1E205 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
21:46:23.0454 0x2d38 HpSAMD - ok
21:46:23.0485 0x2d38 [ 0EA7DE1ACB728DD5A369FD742D6EEE28, 21C489412EB33A12B22290EB701C19BA57006E8702E76F730954F0784DDE9779 ] HTTP C:\Windows\system32\drivers\HTTP.sys
21:46:23.0545 0x2d38 HTTP - ok
21:46:23.0560 0x2d38 [ A5462BD6884960C9DC85ED49D34FF392, 53E65841AF5B06A2844D0BB6FC4DD3923A323FFA0E4BFC89B3B5CAFB592A3D53 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
21:46:23.0569 0x2d38 hwpolicy - ok
21:46:23.0608 0x2d38 [ FA55C73D4AFFA7EE23AC4BE53B4592D3, 65CDDC62B89A60E942C5642C9D8B539EFB69DA8069B4A2E54978154B314531CD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
21:46:23.0647 0x2d38 i8042prt - ok
21:46:23.0690 0x2d38 [ 9EBE1AE8B3DA91D06BE1971EB37F7DA0, 55B0E66139C966AF0D4955B44363123198C559968C864DA85F6610CF1C844E8D ] iaStorA C:\Windows\system32\drivers\iaStorA.sys
21:46:23.0727 0x2d38 iaStorA - ok
21:46:23.0746 0x2d38 [ D524B034148F14C60F1CA66D267EE56A, 18045270C5CA718501285EE05EDED8B0EF998A881ACF19D9602F91A2A30E40AB ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:46:23.0758 0x2d38 IAStorDataMgrSvc - ok
21:46:23.0776 0x2d38 [ C018747131B4E90E9267BA5B31EB43A7, 0FA045B63500D6AA98CADD72BA8052BD2631387FD1270A9FD5A77EB7A7A14536 ] iaStorF C:\Windows\system32\drivers\iaStorF.sys
21:46:23.0789 0x2d38 iaStorF - ok
21:46:23.0818 0x2d38 [ AAAF44DB3BD0B9D1FB6969B23ECC8366, 805AA4A9464002D1AB3832E4106B2AAA1331F4281367E75956062AAE99699385 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
21:46:23.0846 0x2d38 iaStorV - ok
21:46:23.0891 0x2d38 [ C42FA2C2CB77604E94530E0A8560FA99, BA84B88C1D3951E4D10D9A783090B72261FD9825F8003DDD01716D4E0A8EED09 ] iBtSiva C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
21:46:23.0907 0x2d38 iBtSiva - ok
21:46:23.0918 0x2d38 [ 0316165998C74A0C109D5943F0027925, 91093906A100DD3FDC635AF8274910DB4BCEA10D6A003702786246D208CC4BBB ] ibtusb C:\Windows\system32\DRIVERS\ibtusb.sys
21:46:23.0937 0x2d38 ibtusb - ok
21:46:24.0028 0x2d38 [ C98A5B9D932430AD8EEBD3EF73756EF7, DF7E1D391A0F3345AD61154363922C27BD557DEEACE395A6A8A8A16BFD1BB9A8 ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:46:24.0091 0x2d38 idsvc - ok
21:46:24.0096 0x2d38 IEEtwCollectorService - ok
21:46:24.0316 0x2d38 [ 623DB9620F552B480690AD882AFACED1, F44039122CF6001CB40A4032D3C108D9A83F06FC700A5B47D83EF605F83C9D2F ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
21:46:24.0720 0x2d38 igfx - ok
21:46:24.0764 0x2d38 [ 8283E1A55FF84ECAA4371890C6B83778, 2F932E554691877AEEA269A527ED451A205DBEDC1BB344A1AA3AE03F2D22FC70 ] igfxCUIService1.0.0.0 C:\Windows\system32\igfxCUIService.exe
21:46:24.0788 0x2d38 igfxCUIService1.0.0.0 - ok
21:46:24.0826 0x2d38 [ 5C18831C61933628F5BB0EA2675B9D21, 5CD9DE2F8C0256623A417B5C55BF55BB2562BD7AB2C3C83BB3D9886C2FBDA4E4 ] iirsp C:\Windows\system32\drivers\iirsp.sys
21:46:24.0841 0x2d38 iirsp - ok
21:46:24.0904 0x2d38 [ 344789398EC3EE5A4E00C52B31847946, 3DA5F08E4B46F4E63456AA588D49E39A6A09A97D0509880C00F327623DB6122D ] IKEEXT C:\Windows\System32\ikeext.dll
21:46:24.0963 0x2d38 IKEEXT - ok
21:46:24.0997 0x2d38 [ 314285071F7117263BD246E35C17FD82, 12E135DAB9D717D697026800C97FB58A64C0C37ACE715C2805A411A5384CB55A ] intaud_WaveExtensible C:\Windows\system32\drivers\intelaud.sys
21:46:25.0030 0x2d38 intaud_WaveExtensible - ok
21:46:25.0126 0x2d38 [ D2B9E3E977B57E783D48A6593A5BD000, C159BAAB4A54AD8F7719719A66458B2BA3F96635B71486475077F82C4549C544 ] IntcAzAudAddService C:\Windows\system32\drivers\RTDVHD64.sys
21:46:25.0224 0x2d38 IntcAzAudAddService - ok
21:46:25.0292 0x2d38 [ 890144FA6AB42F2B54EE633BF96A019A, 8741904C66170BA11C78D31681E3759537C0BF2338538678BC64234DB8FDE93F ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
21:46:25.0311 0x2d38 IntcDAud - ok
21:46:25.0432 0x2d38 [ 4C17F57E43645E75800E9E84787E34E5, 6A1531D97462BA3B3DBDAD472AF15B717C958AA8C5CE2373DE0B2A41C35BE33E ] Intel(R) Capability Licensing Service TCP IP Interface C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
21:46:25.0491 0x2d38 Intel(R) Capability Licensing Service TCP IP Interface - ok
21:46:25.0524 0x2d38 [ 98D8094CC724D751E8EC3B2B3446FAA3, DC88496C0D92B4BCCD71467DE3C5D346DF9B5A27BAE703FF53168A284D2F64A5 ] Intel(R) PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe
21:46:25.0576 0x2d38 Intel(R) PROSet Monitoring Service - ok
21:46:25.0627 0x2d38 [ F00F20E70C6EC3AA366910083A0518AA, E2F3E9FFD82C802C8BAC309893A3664ACF16A279959C0FDECCA64C3D3C60FD22 ] intelide C:\Windows\system32\drivers\intelide.sys
21:46:25.0638 0x2d38 intelide - ok
21:46:25.0682 0x2d38 [ ADA036632C664CAA754079041CF1F8C1, F2386CC09AC6DE4C54189154F7D91C1DB7AA120B13FAE8BA5B579ACF99FCC610 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
21:46:25.0702 0x2d38 intelppm - ok
21:46:25.0745 0x2d38 [ 2D680A69BBBAA7D7F0469D7B0CD7EE91, 653740ECFE873EE6FB11AE944A9C20B37A53EDC1B03F78F552CF430B68086827 ] InvProtectDrv C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
21:46:25.0755 0x2d38 InvProtectDrv - ok
21:46:25.0831 0x2d38 [ 9CD310FBD9B81D1CF15E51BB6DE4A549, 59002A12AB346B89CCA8A87C7CAF0ACFE29DCB56AE7733C3928AA054E68B5408 ] InvProtectSvc C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
21:46:25.0921 0x2d38 InvProtectSvc - ok
21:46:25.0948 0x2d38 [ 098A91C54546A3B878DAD6A7E90A455B, 044CCE2A0DF56EBE1EFD99B4F6F0A5B9EE12498CA358CF4B2E3A1CFD872823AA ] IPBusEnum C:\Windows\system32\ipbusenum.dll
21:46:26.0001 0x2d38 IPBusEnum - ok
21:46:26.0011 0x2d38 [ C9F0E1BD74365A8771590E9008D22AB6, 728BC5A6AAE499FDC50EB01577AF16D83C2A9F3B09936DD2A89C01E074BA8E51 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:46:26.0063 0x2d38 IpFilterDriver - ok
21:46:26.0087 0x2d38 [ 08C2957BB30058E663720C5606885653, E13EDF6701512E2A9977A531454932CA5023087CB50E1D2F416B8BCDD92B67BE ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
21:46:26.0146 0x2d38 iphlpsvc - ok
21:46:26.0162 0x2d38 [ 0FC1AEA580957AA8817B8F305D18CA3A, 7161E4DE91AAFC3FA8BF24FAE4636390C2627DB931505247C0D52C75A31473D9 ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
21:46:26.0176 0x2d38 IPMIDRV - ok
21:46:26.0182 0x2d38 [ AF9B39A7E7B6CAA203B3862582E9F2D0, 67128BE7EADBE6BD0205B050F96E268948E8660C4BAB259FB0BE03935153D04E ] IPNAT C:\Windows\system32\drivers\ipnat.sys
21:46:26.0220 0x2d38 IPNAT - ok
21:46:26.0234 0x2d38 [ 3ABF5E7213EB28966D55D58B515D5CE9, A352BCC5B6B9A28805B15CAFB235676F1FAFF0D2394F88C03089EB157D6188AE ] IRENUM C:\Windows\system32\drivers\irenum.sys
21:46:26.0256 0x2d38 IRENUM - ok
21:46:26.0260 0x2d38 [ 2F7B28DC3E1183E5EB418DF55C204F38, D40410A760965925D6F10959B2043F7BD4F68EAFCF5E743AF11AD860BD136548 ] isapnp C:\Windows\system32\drivers\isapnp.sys
21:46:26.0269 0x2d38 isapnp - ok
21:46:26.0298 0x2d38 [ 96BB922A0981BC7432C8CF52B5410FE6, 236C05509B1040059B15021CBBDBDAF3B9C0F00910142BE5887B2C7561BAAFBA ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
21:46:26.0314 0x2d38 iScsiPrt - ok
21:46:26.0351 0x2d38 [ 5C9B001D8970C2DA36254A916F3DA8F7, 625AC5C3DFAE52BD34EC3F93742D1D2C229785E4F0F3484CFB7B8728A1C830DF ] iumsvc C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
21:46:26.0364 0x2d38 iumsvc - ok
21:46:26.0375 0x2d38 [ 83E5C169258459BC8D069C08106E6779, 1D5441EA2779CFC5A93A1372A7C34CD968A75D58A71107858468A1640721F47E ] iusb3hcs C:\Windows\system32\DRIVERS\iusb3hcs.sys
21:46:26.0384 0x2d38 iusb3hcs - ok
21:46:26.0440 0x2d38 [ A858FEA618433EA053858F4C63A411EA, A194E8C07332847ABC09CC55ABB3D4AA9FEC29F053A3025FCAC7841AFE5F21F2 ] iusb3hub C:\Windows\system32\DRIVERS\iusb3hub.sys
21:46:26.0465 0x2d38 iusb3hub - ok
21:46:26.0553 0x2d38 [ C77F6D488C5F4A7AB4357895BD6EC1FF, EED9B5A71E2C58E15482F36218815E9D9C091F9CEC43D1FD9E90BCAD6A8DB216 ] iusb3xhc C:\Windows\system32\DRIVERS\iusb3xhc.sys
21:46:26.0591 0x2d38 iusb3xhc - ok
21:46:26.0609 0x2d38 [ 4487AD9C070D3973FE28AB4406555FC6, 77D8DE3036613618D44D7E5E47C9C754B8F0FF294D9DD778C92A7AFDA8F778FC ] iwdbus C:\Windows\system32\DRIVERS\iwdbus.sys
21:46:26.0622 0x2d38 iwdbus - ok
21:46:26.0672 0x2d38 [ 0B93A01F786F37A4B1EDE84E639FFF10, 8747109A2FA2B80C8C5F5B6D2372C1B0DA4F4BF9DC1D551195ADF0715C260223 ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
21:46:26.0689 0x2d38 jhi_service - ok
21:46:26.0708 0x2d38 [ BC02336F1CBA7DCC7D1213BB588A68A5, 450C5BAD54CCE2AFCDFF1B6E7F8E1A8446D9D3255DF9D36C29A8F848048AAD93 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
21:46:26.0724 0x2d38 kbdclass - ok
21:46:26.0747 0x2d38 [ 0705EFF5B42A9DB58548EEC3B26BB484, 86C6824ED7ED6FA8F306DB6319A0FD688AA91295AE571262F9D8E96A32225E99 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
21:46:26.0766 0x2d38 kbdhid - ok
21:46:26.0774 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] KeyIso C:\Windows\system32\lsass.exe
21:46:26.0790 0x2d38 KeyIso - ok
21:46:26.0801 0x2d38 [ C60C6B9A2E50B0404F6789C62B428C03, 0DFFAACBA038FB3D994049E7BBC8E0C63CB8B4A68C4AB770AD995B66B017C25B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
21:46:26.0818 0x2d38 KSecDD - ok
21:46:26.0862 0x2d38 [ 78D152A9FD5747FF6AA89C79F0346F62, 69138077E84E5324751E3C8B80D05BE58EDF03CEC84F69B734537F10F6998F3B ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
21:46:26.0880 0x2d38 KSecPkg - ok
21:46:26.0903 0x2d38 [ 6869281E78CB31A43E969F06B57347C4, 866A23E69B32A78D378D6CB3B3DA3695FFDFF0FEC3C9F68C8C3F988DF417044B ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
21:46:26.0952 0x2d38 ksthunk - ok
21:46:27.0036 0x2d38 [ 6AB66E16AA859232F64DEB66887A8C9C, 5F2B579BEA8098A2994B0DECECDAE7B396E7B5DC5F09645737B9F28BEEA77FFF ] KtmRm C:\Windows\system32\msdtckrm.dll
21:46:27.0100 0x2d38 KtmRm - ok
21:46:27.0130 0x2d38 [ D9F42719019740BAA6D1C6D536CBDAA6, 8757599D0AE5302C4CE50861BEBA3A8DD14D7B0DBD916FD5404133688CDFCC40 ] LanmanServer C:\Windows\System32\srvsvc.dll
21:46:27.0188 0x2d38 LanmanServer - ok
21:46:27.0211 0x2d38 [ 851A1382EED3E3A7476DB004F4EE3E1A, B1C67F47DD594D092E6E258F01DF5E7150227CE3131A908A244DEE9F8A1FABF9 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
21:46:27.0273 0x2d38 LanmanWorkstation - ok
21:46:27.0294 0x2d38 [ 1538831CF8AD2979A04C423779465827, E1729B0CC4CEEE494A0B8817A8E98FF232E3A32FB023566EF0BC71A090262C0C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
21:46:27.0358 0x2d38 lltdio - ok
21:46:27.0385 0x2d38 [ C1185803384AB3FEED115F79F109427F, 0414FE73532DCAB17E906438A14711E928CECCD5F579255410C62984DD652700 ] lltdsvc C:\Windows\System32\lltdsvc.dll
21:46:27.0453 0x2d38 lltdsvc - ok
21:46:27.0464 0x2d38 [ F993A32249B66C9D622EA5592A8B76B8, EE64672A990C6145DC5601E2B8CDBE089272A72732F59AF9865DCBA8B1717E70 ] lmhosts C:\Windows\System32\lmhsvc.dll
21:46:27.0521 0x2d38 lmhosts - ok
21:46:27.0578 0x2d38 [ C31139E0907170E2A3FA8D19DCC23D35, C504E93D2018E9E487A428483C646C67B4ECE122560CF0FA49A1626E1509EEAE ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
21:46:27.0605 0x2d38 LMS - ok
21:46:27.0621 0x2d38 [ 1A93E54EB0ECE102495A51266DCDB6A6, DB6AA86AA36C3A7988BE96E87B5D3251BE7617C54EE8F894D9DC2E267FE3255B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
21:46:27.0638 0x2d38 LSI_FC - ok
21:46:27.0672 0x2d38 [ 1047184A9FDC8BDBFF857175875EE810, F2251EDB7736A26D388A0C5CC2FE5FB9C5E109CBB1E3800993554CB21D81AE4B ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
21:46:27.0703 0x2d38 LSI_SAS - ok
21:46:27.0714 0x2d38 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93, 88D5740A4E9CC3FA80FA18035DAB441BDC5A039622D666BFDAA525CC9686BD06 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
21:46:27.0730 0x2d38 LSI_SAS2 - ok
21:46:27.0749 0x2d38 [ 0504EACAFF0D3C8AED161C4B0D369D4A, 4D272237C189646F5C80822FD3CBA7C2728E482E2DAAF7A09C8AEF811C89C54D ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
21:46:27.0780 0x2d38 LSI_SCSI - ok
21:46:27.0799 0x2d38 [ 43D0F98E1D56CCDDB0D5254CFF7B356E, 5BA498183B5C4996C694CB0A9A6B66CE6C7A460F6C91BEB9F305486FCC3B7B22 ] luafv C:\Windows\system32\drivers\luafv.sys
21:46:27.0864 0x2d38 luafv - ok
21:46:27.0899 0x2d38 [ 0BE09CD858ABF9DF6ED259D57A1A1663, 2FD28889B93C8E801F74C1D0769673A461671E0189D0A22C94509E3F0EEB7428 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
21:46:27.0934 0x2d38 Mcx2Svc - ok
21:46:27.0962 0x2d38 [ 7CF1B716372B89568AE4C0FE769F5869, 0D70A7A594BCFBB26D7249C0F4B0AF9EF874F2318B3FDCE44648CC61279594ED ] MDM C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
21:46:27.0981 0x2d38 MDM - detected UnsignedFile.Multi.Generic ( 1 )
21:46:30.0685 0x2d38 Detect skipped due to KSN trusted
21:46:30.0685 0x2d38 MDM - ok
21:46:30.0722 0x2d38 [ A55805F747C6EDB6A9080D7C633BD0F4, 2DA0E83BF3C8ADEF6F551B6CC1C0A3F6149CDBE6EC60413BA1767C4DE425A728 ] megasas C:\Windows\system32\drivers\megasas.sys
21:46:30.0755 0x2d38 megasas - ok
21:46:30.0775 0x2d38 [ BAF74CE0072480C3B6B7C13B2A94D6B3, 85CBB4949C090A904464F79713A3418338753D20D7FB811E68F287FDAC1DD834 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
21:46:30.0799 0x2d38 MegaSR - ok
21:46:30.0830 0x2d38 [ 8751062F2F7EC78DE92D778A08099DDE, F10BE771FF9E02A51CF3A167BB967167DE4F66647D7F1508CB27D8FDD8623700 ] MEIx64 C:\Windows\system32\DRIVERS\TeeDriverx64.sys
21:46:30.0848 0x2d38 MEIx64 - ok
21:46:30.0867 0x2d38 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] MMCSS C:\Windows\system32\mmcss.dll
21:46:30.0926 0x2d38 MMCSS - ok
21:46:30.0942 0x2d38 [ 800BA92F7010378B09F9ED9270F07137, 94F9AF9E1BE80AE6AC39A2A74EF9FAB115DCAACC011D07DFA8D6A1DDC8A93342 ] Modem C:\Windows\system32\drivers\modem.sys
21:46:31.0006 0x2d38 Modem - ok
21:46:31.0025 0x2d38 [ B03D591DC7DA45ECE20B3B467E6AADAA, 701FB0CAD8138C58507BE28845D3E24CE269A040737C29885944A0D851238732 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
21:46:31.0041 0x2d38 monitor - ok
21:46:31.0056 0x2d38 [ 7D27EA49F3C1F687D357E77A470AEA99, 7FE7CAF95959F127C6D932C01D539C06D80273C49A09761F6E8331C05B1A7EE7 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
21:46:31.0067 0x2d38 mouclass - ok
21:46:31.0095 0x2d38 [ D3BF052C40B0C4166D9FD86A4288C1E6, 5E65264354CD94E844BF1838CA1B8E49080EFA34605A32CF2F6A47A2B97FC183 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
21:46:31.0122 0x2d38 mouhid - ok
21:46:31.0154 0x2d38 [ 32E7A3D591D671A6DF2DB515A5CBE0FA, 47CED0B9067AE8BF5EEF60B17ADEE5906BEDCC56E4CB460B7BFBC12BB9A69E63 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
21:46:31.0167 0x2d38 mountmgr - ok
21:46:31.0231 0x2d38 [ 345477F02C308B7480702767218C86A2, 98AFB5CF35BD82BA44B8F52CBC5FA3760506ADD7892C2AA1A77E8DF71FC8523F ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:46:31.0245 0x2d38 MozillaMaintenance - ok
21:46:31.0267 0x2d38 [ A44B420D30BD56E145D6A2BC8768EC58, B1E4DCA5A1008FA7A0492DC091FB2B820406AE13FD3D44F124E89B1037AF09B8 ] mpio C:\Windows\system32\drivers\mpio.sys
21:46:31.0282 0x2d38 mpio - ok
21:46:31.0291 0x2d38 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F, 5A3FA2F110029CB4CC4384998EDB59203FDD65EC45E01B897FB684F8956EAD20 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
21:46:31.0333 0x2d38 mpsdrv - ok
21:46:31.0364 0x2d38 [ 54FFC9C8898113ACE189D4AA7199D2C1, 65F585C87F3F710FD5793FDFA96B740AD8D4317B0C120F4435CCF777300EA4F2 ] MpsSvc C:\Windows\system32\mpssvc.dll
21:46:31.0422 0x2d38 MpsSvc - ok
21:46:31.0487 0x2d38 [ AE3334958D8F631FF14A0AEB3D7EFB3A, F5FD6B61F896104C20DFC43FEE2FCE6930B73F78DF876BD19A333EABB9139C6D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
21:46:31.0541 0x2d38 MRxDAV - ok
21:46:31.0549 0x2d38 [ A5D9106A73DC88564C825D317CAC68AC, 0457B2AEA4E05A91D0E43F317894A614434D8CEBE35020785387F307E231FBE4 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
21:46:31.0581 0x2d38 mrxsmb - ok
21:46:31.0613 0x2d38 [ D711B3C1D5F42C0C2415687BE09FC163, 9B3013AC60BD2D0FF52086658BA5FF486ADE15954A552D7DD590580E8BAE3EFF ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:46:31.0650 0x2d38 mrxsmb10 - ok
21:46:31.0689 0x2d38 [ 9423E9D355C8D303E76B8CFBD8A5C30C, 220B33F120C2DD937FE4D5664F4B581DC0ACF78D62EB56B7720888F67B9644CC ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:46:31.0704 0x2d38 mrxsmb20 - ok
21:46:31.0745 0x2d38 [ C25F0BAFA182CBCA2DD3C851C2E75796, 643E158A0948DF331807AEAA391F23960362E46C0A0CF6D22A99020EAE7B10F8 ] msahci C:\Windows\system32\drivers\msahci.sys
21:46:31.0756 0x2d38 msahci - ok
21:46:31.0798 0x2d38 [ DB801A638D011B9633829EB6F663C900, B34FD33A215ACCF2905F4B7D061686CDB1CB9C652147AF56AE14686C1F6E3C74 ] msdsm C:\Windows\system32\drivers\msdsm.sys
21:46:31.0861 0x2d38 msdsm - ok
21:46:31.0887 0x2d38 [ DE0ECE52236CFA3ED2DBFC03F28253A8, 2FBBEC4CACB5161F68D7C2935852A5888945CA0F107CF8A1C01F4528CE407DE3 ] MSDTC C:\Windows\System32\msdtc.exe
21:46:31.0903 0x2d38 MSDTC - ok
21:46:31.0942 0x2d38 [ AA3FB40E17CE1388FA1BEDAB50EA8F96, 69F93E15536644C8FD679A20190CFE577F4985D3B1B4A4AA250A168615AE1E99 ] Msfs C:\Windows\system32\drivers\Msfs.sys
21:46:31.0976 0x2d38 Msfs - ok
21:46:31.0989 0x2d38 [ F9D215A46A8B9753F61767FA72A20326, 6F76642B45E0A7EF6BCAB8B37D55CCE2EAA310ED07B76D43FCB88987C2174141 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
21:46:32.0025 0x2d38 mshidkmdf - ok
21:46:32.0040 0x2d38 [ D916874BBD4F8B07BFB7FA9B3CCAE29D, B229DA150713DEDBC4F05386C9D9DC3BC095A74F44F3081E88311AB73BC992A1 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
21:46:32.0049 0x2d38 msisadrv - ok
21:46:32.0067 0x2d38 [ 808E98FF49B155C522E6400953177B08, F873F5BFF0984C5165DF67E92874D3F6EB8D86F9B5AD17013A0091CA33A1A3D5 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
21:46:32.0105 0x2d38 MSiSCSI - ok
21:46:32.0109 0x2d38 msiserver - ok
21:46:32.0139 0x2d38 [ 49CCF2C4FEA34FFAD8B1B59D49439366, E5752EA57C7BDAD5F53E3BC441A415E909AC602CAE56234684FB8789A20396C7 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
21:46:32.0198 0x2d38 MSKSSRV - ok
21:46:32.0220 0x2d38 [ BDD71ACE35A232104DDD349EE70E1AB3, 27464A66868513BE6A01B75D7FC5B0D6B71842E4E20CE3F76B15C071A0618BBB ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
21:46:32.0297 0x2d38 MSPCLOCK - ok
21:46:32.0314 0x2d38 [ 4ED981241DB27C3383D72092B618A1D0, E12F121E641249DB3491141851B59E1496F4413EDF58E863388F1C229838DFCC ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
21:46:32.0364 0x2d38 MSPQM - ok
21:46:32.0398 0x2d38 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D, 64E3BC613EC4872B1B344CBF71EE15BE195592E3244C1EE099C6F8B95A40F133 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
21:46:32.0425 0x2d38 MsRPC - ok
21:46:32.0442 0x2d38 [ 0EED230E37515A0EAEE3C2E1BC97B288, B1D8F8A75006B6E99214CA36D27A8594EF8D952F315BEB201E9BAC9DE3E64D42 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
21:46:32.0456 0x2d38 mssmbios - ok
21:46:32.0483 0x2d38 [ 2E66F9ECB30B4221A318C92AC2250779, DF175E1AB6962303E57F26DAE5C5C1E40B8640333F3E352A64F6A5F1301586CD ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
21:46:32.0532 0x2d38 MSTEE - ok
21:46:32.0540 0x2d38 [ 7EA404308934E675BFFDE8EDF0757BCD, 306CD02D89CFCFE576242360ED5F9EEEDCAFC43CD43B7D2977AE960F9AEC3232 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
21:46:32.0559 0x2d38 MTConfig - ok
21:46:32.0573 0x2d38 [ F9A18612FD3526FE473C1BDA678D61C8, 32F7975B5BAA447917F832D9E3499B4B6D3E90D73F478375D0B70B36C524693A ] Mup C:\Windows\system32\Drivers\mup.sys
21:46:32.0587 0x2d38 Mup - ok
21:46:32.0627 0x2d38 [ 1EE90E273094252917843D111E898C94, D0D7D155E3CA022BC1F718327165E44F954A40B96259DEE5266C48ADCC8B4556 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
21:46:32.0649 0x2d38 MyWiFiDHCPDNS - ok
21:46:32.0754 0x2d38 [ 582AC6D9873E31DFA28A4547270862DD, BD540499F74E8F59A020D935D18E36A3A97C1A6EC59C8208436469A31B16B260 ] napagent C:\Windows\system32\qagentRT.dll
21:46:32.0837 0x2d38 napagent - ok
21:46:32.0854 0x2d38 [ 1EA3749C4114DB3E3161156FFFFA6B33, 54C2E77BCE1037711A11313AC25B8706109098C10A31AA03AEB7A185E97800D7 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
21:46:32.0892 0x2d38 NativeWifiP - ok
21:46:32.0986 0x2d38 [ 760E38053BF56E501D562B70AD796B88, F856E81A975D44F8684A6F2466549CEEDFAEB3950191698555A93A1206E0A42D ] NDIS C:\Windows\system32\drivers\ndis.sys
21:46:33.0034 0x2d38 NDIS - ok
21:46:33.0072 0x2d38 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC, D7E5446E83909AE25506BB98FBDD878A529C87963E3C1125C4ABAB25823572BC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
21:46:33.0122 0x2d38 NdisCap - ok
21:46:33.0127 0x2d38 [ 30639C932D9FEF22B31268FE25A1B6E5, 32873D95339600F6EEFA51847D12C563FF01F320DC59055B242FA2887C99F9D6 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
21:46:33.0179 0x2d38 NdisTapi - ok
21:46:33.0189 0x2d38 [ 136185F9FB2CC61E573E676AA5402356, BA3AD0A33416DA913B4242C6BE8C3E5812AD2B20BA6C11DD3094F2E8EB56E683 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
21:46:33.0238 0x2d38 Ndisuio - ok
21:46:33.0261 0x2d38 [ 53F7305169863F0A2BDDC49E116C2E11, 881E9346D3C02405B7850ADC37E720990712EC9C666A0CE96E252A487FD2CE77 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
21:46:33.0314 0x2d38 NdisWan - ok
21:46:33.0327 0x2d38 [ 015C0D8E0E0421B4CFD48CFFE2825879, 4242E2D42CCFC859B2C0275C5331798BC0BDA68E51CF4650B6E64B1332071023 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
21:46:33.0376 0x2d38 NDProxy - ok
21:46:33.0392 0x2d38 [ 86743D9F5D2B1048062B14B1D84501C4, DBF6D6A60AB774FCB0F464FF2D285A7521D0A24006687B243AB46B17D8032062 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
21:46:33.0442 0x2d38 NetBIOS - ok
21:46:33.0467 0x2d38 [ 09594D1089C523423B32A4229263F068, 7426A9B8BA27D3225928DDEFBD399650ABB90798212F56B7D12158AC22CCCE37 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
21:46:33.0533 0x2d38 NetBT - ok
21:46:33.0541 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] Netlogon C:\Windows\system32\lsass.exe
21:46:33.0558 0x2d38 Netlogon - ok
21:46:33.0581 0x2d38 [ 847D3AE376C0817161A14A82C8922A9E, 37AE692B3481323134125EF58F2C3CBC20177371AF2F5874F53DD32A827CB936 ] Netman C:\Windows\System32\netman.dll
21:46:33.0644 0x2d38 Netman - ok
21:46:33.0707 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0728 0x2d38 NetMsmqActivator - ok
21:46:33.0736 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0756 0x2d38 NetPipeActivator - ok
21:46:33.0788 0x2d38 [ 5F28111C648F1E24F7DBC87CDEB091B8, 2E8645285921EDB98BB2173E11E57459C888D52E80D85791D169C869DE8813B9 ] netprofm C:\Windows\System32\netprofm.dll
21:46:33.0855 0x2d38 netprofm - ok
21:46:33.0887 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0901 0x2d38 NetTcpActivator - ok
21:46:33.0907 0x2d38 [ E58808846B62041BFB05395E1CED6499, 5387F2CE6B494337725D2BF3EB563912E6EE33918F2872C5FE07BEDBB0F761EE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
21:46:33.0922 0x2d38 NetTcpPortSharing - ok
21:46:33.0961 0x2d38 [ 73CE12B8BDD747B0063CB0A7EF44CEA7, F570BB52BE460DBA6203698CC96FFD9674E1903D0E0F5C49375BE3F8D8E89582 ] netvsc C:\Windows\system32\DRIVERS\netvsc60.sys
21:46:33.0976 0x2d38 netvsc - ok
21:46:34.0098 0x2d38 [ C9D91D5E057D7A2C483DC838A7639C08, 405593E8195B61A05E83EDE85457D9BEFBBE332CC63C902B8548044429ED96D1 ] NETwNs64 C:\Windows\system32\DRIVERS\Netwsw02.sys
21:46:34.0197 0x2d38 NETwNs64 - ok
21:46:34.0238 0x2d38 [ 77889813BE4D166CDAB78DDBA990DA92, 2EF531AE502B943632EEC66A309A8BFCDD36120A5E1473F4AAF3C2393AD0E6A3 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
21:46:34.0264 0x2d38 nfrd960 - ok
21:46:34.0290 0x2d38 [ 8B301D474B478E9A92823BAB50A7BC49, 8181816035F41B1DABEC05E65E4F67BCD785F56760A61F1049E91BA39D42F01D ] NlaSvc C:\Windows\System32\nlasvc.dll
21:46:34.0319 0x2d38 NlaSvc - ok
21:46:34.0333 0x2d38 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7, D8957EF7060A69DBB3CD6B2C45B1E4143592AB8D018471E17AC04668157DC67F ] Npfs C:\Windows\system32\drivers\Npfs.sys
21:46:34.0369 0x2d38 Npfs - ok
21:46:34.0397 0x2d38 [ D54BFDF3E0C953F823B3D0BFE4732528, 497A1DCC5646EC22119273216DF10D5442D16F83E4363770F507518CF6EAA53A ] nsi C:\Windows\system32\nsisvc.dll
21:46:34.0431 0x2d38 nsi - ok
21:46:34.0450 0x2d38 [ E7F5AE18AF4168178A642A9247C63001, 133023B7E4BA8049C4CAED3282BDD25571D1CC25FAC3B820C7F981D292689D76 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
21:46:34.0519 0x2d38 nsiproxy - ok
21:46:34.0636 0x2d38 [ CC1BA0DDFC9628671DD769F368CCD92A, 72918A56C386599511A0024504118F5B369774E56E5E229B7EA341DFCC86FA50 ] nsmService C:\Program Files (x86)\NetSetMan\nsmservice.exe
21:46:34.0707 0x2d38 nsmService - ok
21:46:34.0821 0x2d38 [ 1A29A59A4C5BA6F8C85062A613B7E2B2, CC137F499A12C724D4166C2D85E9F447413419A0683DAC6F1A802B7F210C77F1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
21:46:34.0887 0x2d38 Ntfs - ok
21:46:34.0917 0x2d38 [ 9899284589F75FA8724FF3D16AED75C1, 181188599FD5D4DE33B97010D9E0CAEABAB9A3EF50712FE7F9AA0735CD0666D6 ] Null C:\Windows\system32\drivers\Null.sys
21:46:34.0953 0x2d38 Null - ok
21:46:34.0981 0x2d38 [ 0A92CB65770442ED0DC44834632F66AD, 581327F07A68DBD5CC749214BE5F1211FC2CE41C7A4F0656B680AFB51A35ACE7 ] nvraid C:\Windows\system32\drivers\nvraid.sys
21:46:35.0039 0x2d38 nvraid - ok
21:46:35.0155 0x2d38 [ DAB0E87525C10052BF65F06152F37E4A, AD9BFF0D5FD3FFB95C758B478E1F6A9FE45E7B37AEC71EB5070D292FEAAEDF37 ] nvstor C:\Windows\system32\drivers\nvstor.sys
21:46:35.0224 0x2d38 nvstor - ok
21:46:35.0255 0x2d38 [ 270D7CD42D6E3979F6DD0146650F0E05, 752489E54C9004EDCBE1F1F208FFD864DA5C83E59A2DDE6B3E0D63ECA996F76F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
21:46:35.0288 0x2d38 nv_agp - ok
21:46:35.0298 0x2d38 [ 59E028ED21D8C9F26DC9A5A110A90A9B, 8C2E825C372E962564A15922C259B9B83F3D3D720AD7489A2B0DEFF577AF3C2E ] O2FJ2RDR C:\Windows\system32\DRIVERS\O2FJ2w7x64.sys
21:46:35.0318 0x2d38 O2FJ2RDR - ok
21:46:35.0337 0x2d38 [ BBD0246FB5DCFF52C0AACC27212DDC55, AE148A89F1EF88735635C395BB8FCDEF1E3F4039F4C4CEFB8ED6AC056EB06C8B ] O2FLASH C:\Windows\system32\DRIVERS\o2flash.exe
21:46:35.0366 0x2d38 O2FLASH - ok
21:46:35.0375 0x2d38 [ 3589478E4B22CE21B41FA1BFC0B8B8A0, AD2469FC753FE552CB809FF405A9AB23E7561292FE89117E3B3B62057EFF0203 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
21:46:35.0395 0x2d38 ohci1394 - ok
21:46:35.0430 0x2d38 [ 317B6041D94352D2AD4A6381AEBF91B5, 7251AC5A0827DFC6E60D76EF7C0FE9429E530B715FC32DC01BC4FFC5E36B7819 ] OneTouch 4.0 Monitor C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
21:46:35.0444 0x2d38 OneTouch 4.0 Monitor - detected UnsignedFile.Multi.Generic ( 1 )
21:46:38.0108 0x2d38 Detect skipped due to KSN trusted
21:46:38.0108 0x2d38 OneTouch 4.0 Monitor - ok
21:46:38.0145 0x2d38 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
21:46:38.0188 0x2d38 p2pimsvc - ok
21:46:38.0232 0x2d38 [ 927463ECB02179F88E4B9A17568C63C3, FEFD3447692C277D59EEC7BF218552C8BB6B8C98C26E973675549628408B94CE ] p2psvc C:\Windows\system32\p2psvc.dll
21:46:38.0265 0x2d38 p2psvc - ok
21:46:38.0284 0x2d38 [ 0086431C29C35BE1DBC43F52CC273887, 0D116D49EF9ABB57DA005764F25E692622210627FC2048F06A989B12FA8D0A80 ] Parport C:\Windows\system32\DRIVERS\parport.sys
21:46:38.0327 0x2d38 Parport - ok
21:46:38.0340 0x2d38 [ E9766131EEADE40A27DC27D2D68FBA9C, 63C295EC96DBD25F1A8B908295CCB86B54F2A77A02AAA11E5D9160C2C1A492B6 ] partmgr C:\Windows\system32\drivers\partmgr.sys
21:46:38.0355 0x2d38 partmgr - ok
21:46:38.0377 0x2d38 [ 3AEAA8B561E63452C655DC0584922257, 04C072969B58657602EB0C21CEDF24FCEE14E61B90A0F758F93925EF2C9FC32D ] PcaSvc C:\Windows\System32\pcasvc.dll
21:46:38.0408 0x2d38 PcaSvc - ok
21:46:38.0441 0x2d38 [ 94575C0571D1462A0F70BDE6BD6EE6B3, 7139BAC653EA94A3DD3821CAB35FC5E22F4CCA5ACC2BAABDAA27E4C3C8B27FC9 ] pci C:\Windows\system32\drivers\pci.sys
21:46:38.0460 0x2d38 pci - ok
21:46:38.0474 0x2d38 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA, F2A7CC645B96946CC65BF60E14E70DC09C848D27C7943CE5DEA0C01A6B863480 ] pciide C:\Windows\system32\drivers\pciide.sys
21:46:38.0488 0x2d38 pciide - ok
21:46:38.0509 0x2d38 [ B2E81D4E87CE48589F98CB8C05B01F2F, 6763BEE7270A4873B3E131BFB92313E2750FCBD0AD73C23D1C4F98F7DF73DE14 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
21:46:38.0531 0x2d38 pcmcia - ok
21:46:38.0547 0x2d38 [ D6B9C2E1A11A3A4B26A182FFEF18F603, BBA5FE08B1DDD6243118E11358FD61B10E850F090F061711C3CB207CE5FBBD36 ] pcw C:\Windows\system32\drivers\pcw.sys
21:46:38.0562 0x2d38 pcw - ok
21:46:38.0632 0x2d38 [ D95602C43F2E13C052F431934EAB886E, F73389E308FEEFC6B427E6EFAC25BAADF812EC8FE2F077B861A3B2EB7ACABAC2 ] PDFProFiltSrv C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
21:46:38.0652 0x2d38 PDFProFiltSrv - ok
21:46:38.0710 0x2d38 [ 9DCBBB8A684834FDACE769F3A63E6C3C, 2C8E3A1A558F87F04FB1B1ABDEA49D02904AE854429EE734D0143DA3333693B0 ] PDFProFiltSrvPP C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
21:46:38.0741 0x2d38 PDFProFiltSrvPP - ok
21:46:38.0780 0x2d38 [ 68769C3356B3BE5D1C732C97B9A80D6E, FB2D61145980A2899D1B7729184C54070315B0E63C9A22400A76CCD39E00029C ] PEAUTH C:\Windows\system32\drivers\peauth.sys
21:46:38.0864 0x2d38 PEAUTH - ok
21:46:39.0008 0x2d38 [ B9B0A4299DD2D76A4243F75FD54DC680, BBF62E9628131FA396EB08D63B76D2D5FBDD61339E92B759125A066470D1C039 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
21:46:39.0119 0x2d38 PeerDistSvc - ok
21:46:39.0487 0x2d38 [ E495E408C93141E8FC72DC0C6046DDFA, 489B957DADA0DC128A09468F1AD082DCC657E86053208EA06A12937BE86FB919 ] PerfHost C:\Windows\SysWow64\perfhost.exe
21:46:39.0506 0x2d38 PerfHost - ok
21:46:39.0579 0x2d38 [ C7CF6A6E137463219E1259E3F0F0DD6C, 08D7244F52AA17DD669AA6F77C291DAC88E7B2D1887DE422509C1F83EC85F3DD ] pla C:\Windows\system32\pla.dll
21:46:39.0670 0x2d38 pla - ok
21:46:39.0713 0x2d38 [ 25FBDEF06C4D92815B353F6E792C8129, 57D9764AE6BCE33B242C399CDFC10DD405975BD6411CA8C75FBCD06EEB8442A9 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
21:46:39.0750 0x2d38 PlugPlay - ok
21:46:39.0774 0x2d38 [ 7195581CEC9BB7D12ABE54036ACC2E38, 9C4E5D6EA984148F2663DC529083408B2248DFF6DAAC85D9195F80A722782315 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
21:46:39.0787 0x2d38 PNRPAutoReg - ok
21:46:39.0830 0x2d38 [ 3EAC4455472CC2C97107B5291E0DCAFE, E51F373F2DBEAEE516B42BAE8C1B5BB68D00B881323E842CB6EDEC0A183CFFC3 ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
21:46:39.0849 0x2d38 PNRPsvc - ok
21:46:39.0854 0x2d38 [ 37F907F88745FEFBC8985E926A72A92E, 41923E3D5FC3E5312A83673A72D58D6C9D40BD86AAC89F369B3D0CC7DEFA328D ] POADrvr C:\Windows\system32\drivers\POADrvr.sys
21:46:39.0863 0x2d38 POADrvr - ok
21:46:39.0928 0x2d38 [ 13A51556FCBA718D6E37679021F7036C, 0716044E47D37D251398F50B6ADD4F9F5E94CECCE9ED94733C1E8BF8CEE10E59 ] poaService C:\Program Files\Dell\PPO\poaService.exe
21:46:39.0958 0x2d38 poaService - ok
21:46:39.0968 0x2d38 [ 73D82EEC1C64E35C1C8B571A259C2C2E, 04F739665C941295F77EEB935F0C1CA4274BAE98B327800530964E546CE2647F ] PoaSMSrv C:\Program Files\Dell\PPO\poaSmSrv.exe
21:46:39.0985 0x2d38 PoaSMSrv - ok
21:46:40.0005 0x2d38 [ 307CA87D5D021478C4B9BF9DDEF8501E, 9A9C25CB06F32F5B5E78B989BC8DCE74BB5D577ADBED19B9CC330CC9CB5D8227 ] poaTaServ C:\Program Files\Dell\PPO\poaTaServ.exe
21:46:40.0031 0x2d38 poaTaServ - ok
21:46:40.0133 0x2d38 [ 4F15D75ADF6156BF56ECED6D4A55C389, 2ADA3EA69A5D7EC2A4D2DD89178DB94EAFDDF95F07B0070D654D9F7A5C12A044 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
21:46:40.0190 0x2d38 PolicyAgent - ok
21:46:40.0210 0x2d38 [ A2CCA4FB273E6050F17A0A416CFF2FCD, C42BA18DF0C8E3F7358669A784E51E4DC7A4112096345EA699EDC95F561E0255 ] Power C:\Windows\system32\umpo.dll
21:46:40.0379 0x2d38 Power - ok
21:46:40.0402 0x2d38 [ F92A2C41117A11A00BE01CA01A7FCDE9, 38ADC6052696D110CA5F393BC586791920663F5DA66934C2A824DDA9CD89C763 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
21:46:40.0452 0x2d38 PptpMiniport - ok
21:46:40.0478 0x2d38 [ 0D922E23C041EFB1C3FAC2A6F943C9BF, 855418A6A58DCAFB181A1A68613B3E203AFB0A9B3D9D26D0C521F9F613B4EAD5 ] Processor C:\Windows\system32\drivers\processr.sys
21:46:40.0510 0x2d38 Processor - ok
21:46:40.0539 0x2d38 [ B6A58491307B4CADA572583D863DC602, 5C44936605E52C9533E4CE22F18FAB8211475877F71EFD88DA4D02FD608C90A3 ] ProfSvc C:\Windows\system32\profsvc.dll
21:46:40.0568 0x2d38 ProfSvc - ok
21:46:40.0576 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] ProtectedStorage C:\Windows\system32\lsass.exe
21:46:40.0592 0x2d38 ProtectedStorage - ok
21:46:40.0611 0x2d38 [ 0557CF5A2556BD58E26384169D72438D, F6F83A616B1F1C6C0DF6D2EC2513E6C23FD4FAA6D36518B8676C619AB74957B4 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
21:46:40.0647 0x2d38 Psched - ok
21:46:40.0656 0x2d38 [ 05F46042208E515B9C240AAFC54E7AA2, 267526D72F76F79CCAA3FD63366C8AEB2346465BBA9BB43006FDC13CABB5352D ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
21:46:40.0665 0x2d38 PxHlpa64 - ok
21:46:40.0718 0x2d38 [ A53A15A11EBFD21077463EE2C7AFEEF0, 6002B012A75045DEA62640A864A8721EADE2F8B65BEB5F5BA76D8CD819774489 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
21:46:40.0788 0x2d38 ql2300 - ok
21:46:40.0810 0x2d38 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8, FB6ABAB741CED66A79E31A45111649F2FA3E26CEE77209B5296F789F6F7D08DE ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
21:46:40.0841 0x2d38 ql40xx - ok
21:46:40.0868 0x2d38 [ 906191634E99AEA92C4816150BDA3732, A0305436384104C3B559F9C73902DA19B96B518413379E397C5CDAB0B2B9418F ] QWAVE C:\Windows\system32\qwave.dll
21:46:40.0903 0x2d38 QWAVE - ok
21:46:40.0917 0x2d38 [ 76707BB36430888D9CE9D705398ADB6C, 35C1D1D05F98AC29A33D3781F497A0B40A3CB9CDF25FE1F28F574E40DDF70535 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
21:46:40.0947 0x2d38 QWAVEdrv - ok
21:46:40.0961 0x2d38 [ 5A0DA8AD5762FA2D91678A8A01311704, 8A64EB5DBAB7048A9E42A21CEB62CCD5B007A80C199892D7F8C69B48E8A255EF ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
21:46:41.0016 0x2d38 RasAcd - ok
21:46:41.0043 0x2d38 [ 7ECFF9B22276B73F43A99A15A6094E90, 62C70DA127F48F796F8897BBFA23AB6EB080CC923F0F091DFA384A93F5C90CA1 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
21:46:41.0122 0x2d38 RasAgileVpn - ok
21:46:41.0147 0x2d38 [ 8F26510C5383B8DBE976DE1CD00FC8C7, 60E618C010E8A723960636415573FA17EA0BBEF79647196B3BC0B8DEE680E090 ] RasAuto C:\Windows\System32\rasauto.dll
21:46:41.0201 0x2d38 RasAuto - ok
21:46:41.0230 0x2d38 [ 471815800AE33E6F1C32FB1B97C490CA, 27307265F743DE3A3A3EC1B2C472A3D85FDD0AEC458E0B1177593141EE072698 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
21:46:41.0295 0x2d38 Rasl2tp - ok
21:46:41.0331 0x2d38 [ EE867A0870FC9E4972BA9EAAD35651E2, 1B848D81705081FD2E18AC762DA7F51455657DAF860BF363DC15925A148BCADA ] RasMan C:\Windows\System32\rasmans.dll
21:46:41.0393 0x2d38 RasMan - ok
21:46:41.0404 0x2d38 [ 855C9B1CD4756C5E9A2AA58A15F58C25, A514F8A9C304D54BDA8DC60F5A64259B057EC83A1CAAF6D2B58CFD55E9561F72 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
21:46:41.0463 0x2d38 RasPppoe - ok
21:46:41.0477 0x2d38 [ E8B1E447B008D07FF47D016C2B0EEECB, FEC789F82B912F3E14E49524D40FEAA4373B221156F14045E645D7C37859258C ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
21:46:41.0556 0x2d38 RasSstp - ok
21:46:41.0581 0x2d38 [ 77F665941019A1594D887A74F301FA2F, 1FDC6F6853400190C086042933F157814D915C54F26793CAD36CD2607D8810DA ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
21:46:41.0645 0x2d38 rdbss - ok
21:46:41.0658 0x2d38 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D, 1DF3501BBFFB56C3ECC39DBCC4287D3302216C2208CE22428B8C4967E5DE9D17 ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
21:46:41.0679 0x2d38 rdpbus - ok
21:46:41.0699 0x2d38 [ CEA6CC257FC9B7715F1C2B4849286D24, A78144D18352EA802C39D9D42921CF97A3E0211766B2169B6755C6FC2D77A804 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
21:46:41.0749 0x2d38 RDPCDD - ok
21:46:41.0783 0x2d38 [ 1B6163C503398B23FF8B939C67747683, 339A5AA7970FF34FAAB213B655860C5B0DEC5F983A4A11A088017D849F320ACE ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
21:46:41.0806 0x2d38 RDPDR - ok
21:46:41.0811 0x2d38 [ BB5971A4F00659529A5C44831AF22365, 9AAA5C0D448E821FD85589505D99DF7749715A046BBD211F139E4E652ADDE41F ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
21:46:41.0859 0x2d38 RDPENCDD - ok
21:46:41.0866 0x2d38 [ 216F3FA57533D98E1F74DED70113177A, 60C126A1409D1E9C39F1C9E95F70115BF4AF07780AB499F6E10A612540F173F4 ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
21:46:41.0914 0x2d38 RDPREFMP - ok
21:46:42.0039 0x2d38 [ 313F68E1A3E6345A4F47A36B07062F34, B8318A0AE06BDE278931CA52F960B9FE226FD9894B076858DDB755AE26E1E66F ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
21:46:42.0084 0x2d38 RdpVideoMiniport - ok
21:46:42.0117 0x2d38 [ FE571E088C2D83619D2D48D4E961BF41, 88C5A2FCB1D0E528657842E39963471A6E42FCA3FCDF37955AEC8258AB4C48EA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
21:46:42.0142 0x2d38 RDPWD - ok
21:46:42.0171 0x2d38 [ 34ED295FA0121C241BFEF24764FC4520, AAEE5F00CAA763A5BA51CF56BD7262C03409CD72BD5601490E3EC3FFF929BB5F ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
21:46:42.0192 0x2d38 rdyboost - ok
21:46:42.0228 0x2d38 [ 37F021CF7D670D305C1687781173069E, 286D6D04B0A9C4399086BE8DDA5126CDE462EE3B9F5B40A65CD9CD2B7C160886 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
21:46:42.0244 0x2d38 RegSrvc - ok
21:46:42.0272 0x2d38 [ 254FB7A22D74E5511C73A3F6D802F192, 3D0FB5840364200DE394F8CC28DA0E334C2B5FA8FF28A41656EE72287F3D3836 ] RemoteAccess C:\Windows\System32\mprdim.dll
21:46:42.0325 0x2d38 RemoteAccess - ok
21:46:42.0351 0x2d38 [ E4D94F24081440B5FC5AA556C7C62702, 147CAA03568DC480F9506E30B84891AB7E433B5EBC05F34FF10F72B00E1C6B22 ] RemoteRegistry C:\Windows\system32\regsvc.dll
21:46:42.0409 0x2d38 RemoteRegistry - ok
21:46:42.0450 0x2d38 [ 3DD798846E2C28102B922C56E71B7932, 30B111615D74CB2213997A5C08DD9C8613ADE441D9423CC1C49A753D13CE524D ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
21:46:42.0488 0x2d38 RFCOMM - ok
21:46:42.0505 0x2d38 [ E4DC58CF7B3EA515AE917FF0D402A7BB, 665B5CD9FE905B0EE3F59A7B1A94760F5393EBEE729877D8584349754C2867E8 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
21:46:42.0540 0x2d38 RpcEptMapper - ok
21:46:42.0554 0x2d38 [ D5BA242D4CF8E384DB90E6A8ED850B8C, CB4CB2608B5E31B55FB1A2CF4051E6D08A0C2A5FB231B2116F95938D7577334E ] RpcLocator C:\Windows\system32\locator.exe
21:46:42.0566 0x2d38 RpcLocator - ok
21:46:42.0585 0x2d38 [ 5C627D1B1138676C0A7AB2C2C190D123, C5003F2C912C5CA990E634818D3B4FD72F871900AF2948BD6C4D6400B354B401 ] RpcSs C:\Windows\system32\rpcss.dll
21:46:42.0628 0x2d38 RpcSs - ok
21:46:42.0634 0x2d38 [ DDC86E4F8E7456261E637E3552E804FF, D250C69CCC75F2D88E7E624FCC51300E75637333317D53908CCA7E0F117173DD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
21:46:42.0672 0x2d38 rspndr - ok
21:46:42.0702 0x2d38 [ 6158659D8A14CE144CF2634B881399D6, 39A8C92DD1103E8CAE0EB39D58308FBE8CE1EC3B7455A2F1A783BF519D086830 ] RtkAudioService C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
21:46:42.0717 0x2d38 RtkAudioService - ok
21:46:42.0732 0x2d38 [ 751D4D5E2218E5046B0873FBA4933B2D, FC074263156581BA733AA6DC7B3ABF6614A592DB6D842D5E91D089FCAF89B0DD ] RWAR3HV_0002_0 C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
21:46:42.0757 0x2d38 RWAR3HV_0002_0 - ok
21:46:42.0811 0x2d38 [ 8A83A9B9572CAF7D2308FBD2B8534C92, 595E432C465DCAE0EF3ED9DFB3F9FB02670CAC94DF6DDA704C8DCC9C914CC95B ] RWAR3Monitor C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
21:46:42.0823 0x2d38 RWAR3Monitor - detected UnsignedFile.Multi.Generic ( 1 )
21:46:47.0195 0x2d38 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - warning
21:46:49.0733 0x2d38 [ E60C0A09F997826C7627B244195AB581, E8630ED74B38B98BF584E353D992C1311BC36AB7F20A1BB66C9CD65CE1E46F8D ] s3cap C:\Windows\system32\drivers\vms3cap.sys
21:46:49.0759 0x2d38 s3cap - ok
21:46:49.0773 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] SamSs C:\Windows\system32\lsass.exe
21:46:49.0790 0x2d38 SamSs - ok
21:46:49.0830 0x2d38 [ FD0501CF895DB359B79C5FFB577A39CA, 8171D09618ABEF23A7B1B73063F7568946EA31139A088095E33BD1D2DEBA37D2 ] SboxDrv C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
21:46:49.0847 0x2d38 SboxDrv - ok
21:46:49.0857 0x2d38 [ 3B4A593ACF267986E17CE46B4BB23B63, F63294E12B3BF6DAD33180FD9858AA85039B8E45C3A47B780B8659BBA1DC8432 ] SboxSvc C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
21:46:49.0873 0x2d38 SboxSvc - ok
21:46:49.0896 0x2d38 [ AC03AF3329579FFFB455AA2DAABBE22B, 7AD3B62ADFEC166F9E256F9FF8BAA0568B2ED7308142BF8F5269E6EAA5E0A656 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
21:46:49.0928 0x2d38 sbp2port - ok
21:46:49.0951 0x2d38 [ 9B7395789E3791A3B6D000FE6F8B131E, E5F067F3F212BF5481668BE1779CBEF053F511F8967589BE2E865ACB9A620024 ] SCardSvr C:\Windows\System32\SCardSvr.dll
21:46:50.0015 0x2d38 SCardSvr - ok
21:46:50.0028 0x2d38 [ 253F38D0D7074C02FF8DEB9836C97D2B, CB5CAFCB8628BB22877F74ACF1DED0BBAED8F4573A74DA7FE94BBBA584889116 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
21:46:50.0076 0x2d38 scfilter - ok
21:46:50.0133 0x2d38 [ 262F6592C3299C005FD6BEC90FC4463A, 54095E37F0B6CC677A3E9BDD40F4647C713273D197DB341063AA7F342A60C4A7 ] Schedule C:\Windows\system32\schedsvc.dll
21:46:50.0220 0x2d38 Schedule - ok
21:46:50.0244 0x2d38 [ F17D1D393BBC69C5322FBFAFACA28C7F, 62A1A92B3C52ADFD0B808D7F69DD50238B5F202421F1786F7EAEAA63F274B3E8 ] SCPolicySvc C:\Windows\System32\certprop.dll
21:46:50.0294 0x2d38 SCPolicySvc - ok
21:46:50.0348 0x2d38 [ 111E0EBC0AD79CB0FA014B907B231CF0, B7D43D156C2524938503CF8E99C4D1F7A5C55E16C0368F57F4CD23C6D833B38F ] sdbus C:\Windows\system32\drivers\sdbus.sys
21:46:50.0399 0x2d38 sdbus - ok
21:46:50.0435 0x2d38 [ 6EA4234DC55346E0709560FE7C2C1972, 64011E044C16E2F92689E5F7E4666A075E27BBFA61F3264E5D51CE1656C1D5B8 ] SDRSVC C:\Windows\System32\SDRSVC.dll
21:46:50.0472 0x2d38 SDRSVC - ok
21:46:50.0482 0x2d38 [ 3EA8A16169C26AFBEB544E0E48421186, 34BBB0459C96B3DE94CCB0D73461562935C583D7BF93828DA4E20A6BC9B7301D ] secdrv C:\Windows\system32\drivers\secdrv.sys
21:46:50.0531 0x2d38 secdrv - ok
21:46:50.0537 0x2d38 [ BC617A4E1B4FA8DF523A061739A0BD87, 10C4057F6B321EB5237FF619747B74F5401BC17D15A8C7060829E8204A2297F9 ] seclogon C:\Windows\system32\seclogon.dll
21:46:50.0590 0x2d38 seclogon - ok
21:46:50.0646 0x2d38 [ D11FD9191B3DB268AA985143A7AD43FB, 31A62F21D5714D648D35028CD3056DB7017BD809E042C1BBA9F7E297E0058253 ] SEDFilter C:\Windows\system32\DRIVERS\SEDFilter.sys
21:46:50.0660 0x2d38 SEDFilter - ok
21:46:50.0669 0x2d38 [ C32AB8FA018EF34C0F113BD501436D21, E0EB8E80B51E45CA7EB061E705DA0BC07878759418A8519AE6E12326FE79E7C7 ] SENS C:\Windows\system32\sens.dll
21:46:50.0731 0x2d38 SENS - ok
21:46:50.0760 0x2d38 [ 0336CFFAFAAB87A11541F1CF1594B2B2, 8B8A6A33E78A12FB05E29B2E2775850626574AFD2EF88748D65E690A07B10B8D ] SensrSvc C:\Windows\system32\sensrsvc.dll
21:46:50.0785 0x2d38 SensrSvc - ok
21:46:50.0816 0x2d38 [ CB624C0035412AF0DEBEC78C41F5CA1B, A4D937F11E06CAE914347CA1362F4C98EC5EE0C0C80321E360EA1ABD6726F8D4 ] Serenum C:\Windows\system32\drivers\serenum.sys
21:46:50.0833 0x2d38 Serenum - ok
21:46:50.0859 0x2d38 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6, 8F9776FB84C5D11068EAF1FF1D1A46466C655D64D256A8B1E31DC0C23B5DD22D ] Serial C:\Windows\system32\drivers\serial.sys
21:46:50.0906 0x2d38 Serial - ok
21:46:50.0939 0x2d38 [ 1C545A7D0691CC4A027396535691C3E3, 065C30BE598FF4DC55C37E0BBE0CEDF10A370AE2BF5404B42EBBB867A3FFED6D ] sermouse C:\Windows\system32\drivers\sermouse.sys
21:46:51.0038 0x2d38 sermouse - ok
21:46:51.0062 0x2d38 [ 0B6231BF38174A1628C4AC812CC75804, E569BF1F7F5689E2E917FA6516DB53388A5B8B1C6699DEE030147E853218811D ] SessionEnv C:\Windows\system32\sessenv.dll
21:46:51.0098 0x2d38 SessionEnv - ok
21:46:51.0127 0x2d38 [ A554811BCD09279536440C964AE35BBF, DA8F893722F803E189D7D4D6C6232ED34505B63A64ED3A0132A5BB7A2BABDE55 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
21:46:51.0161 0x2d38 sffdisk - ok
21:46:51.0177 0x2d38 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF, B81EF5D26AEB572CAB590F7AD7CA8C89F296420089EF5E6148E972F2DBCA1042 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
21:46:51.0200 0x2d38 sffp_mmc - ok
21:46:51.0214 0x2d38 [ DD85B78243A19B59F0637DCF284DA63C, 6730D4F2BAE7E24615746ACC41B42D01DB6068D6504982008ADA1890DE900197 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
21:46:51.0248 0x2d38 sffp_sd - ok
21:46:51.0258 0x2d38 [ A9D601643A1647211A1EE2EC4E433FF4, 7AC60B4AB48D4BBF1F9681C12EC2A75C72E6E12D30FABC564A24394310E9A5F9 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
21:46:51.0289 0x2d38 sfloppy - ok
21:46:51.0436 0x2d38 [ B9C662D8A5DEC62F37EFC0ADD4A1E14C, EAC25DCFC8ED24AA4B8C90DAAF9BF517C4728AD4B1D849EC4F96C33AE1283C30 ] SftService C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
21:46:51.0521 0x2d38 SftService - ok
21:46:51.0549 0x2d38 [ B95F6501A2F8B2E78C697FEC401970CE, 758B73A32902299A313348CE7EC189B20EB4CB398D0180E4EE24B84DAD55F291 ] SharedAccess C:\Windows\System32\ipnathlp.dll
21:46:51.0604 0x2d38 SharedAccess - ok
21:46:51.0697 0x2d38 [ AAF932B4011D14052955D4B212A4DA8D, 2A3BFD0FA9569288E91AE3E72CA1EC39E1450D01E6473CE51157E0F138257923 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
21:46:51.0766 0x2d38 ShellHWDetection - ok
21:46:51.0816 0x2d38 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1, 89CA9F516E42A6B905474D738CDA2C121020A07DBD4E66CFE569DD77D79D7820 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
21:46:51.0845 0x2d38 SiSRaid2 - ok
21:46:51.0888 0x2d38 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4, 87B85C66DF7EB6FDB8A2341D05FAA5261FF68A90CCFC63F0E4A03824F1E33E5E ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
21:46:51.0899 0x2d38 SiSRaid4 - ok
21:46:51.0919 0x2d38 [ 548260A7B8654E024DC30BF8A7C5BAA4, 4A7E58331D7765A12F53DC2371739DC9A463940B13E16157CE10DB80E958D740 ] Smb C:\Windows\system32\DRIVERS\smb.sys
21:46:51.0974 0x2d38 Smb - ok
21:46:51.0997 0x2d38 [ 6313F223E817CC09AA41811DAA7F541D, D787061043BEEDB9386B048CB9E680E6A88A1CBAE9BD4A8C0209155BFB76C630 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
21:46:52.0018 0x2d38 SNMPTRAP - ok
21:46:52.0034 0x2d38 [ B9E31E5CACDFE584F34F730A677803F9, 21A5130BD00089C609522A372018A719F8E37103D2DD22C59EACB393BE35A063 ] spldr C:\Windows\system32\drivers\spldr.sys
21:46:52.0043 0x2d38 spldr - ok
21:46:52.0073 0x2d38 [ 85DAA09A98C9286D4EA2BA8D0E644377, F9C324E2EF81193FE831C7EECC44A100CA06F82FA731BF555D9EA4D91DA13329 ] Spooler C:\Windows\System32\spoolsv.exe
21:46:52.0101 0x2d38 Spooler - ok
21:46:52.0300 0x2d38 [ E17E0188BB90FAE42D83E98707EFA59C, FC075F7B39E86CC8EF6DA4E339FE946917E319C347AC70FB0C50AAF36F97E27F ] sppsvc C:\Windows\system32\sppsvc.exe
21:46:52.0669 0x2d38 sppsvc - ok
21:46:52.0699 0x2d38 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45, 36D48B23B8243BE5229707375FCD11C2DCAC96983199345365F065A0CBF33314 ] sppuinotify C:\Windows\system32\sppuinotify.dll
21:46:52.0764 0x2d38 sppuinotify - ok
21:46:52.0784 0x2d38 [ 441FBA48BFF01FDB9D5969EBC1838F0B, 306128F1AD489F87161A089D1BDC1542A4CB742D91A0C12A7CD1863FDB8932C0 ] srv C:\Windows\system32\DRIVERS\srv.sys
21:46:52.0828 0x2d38 srv - ok
21:46:52.0847 0x2d38 [ B4ADEBBF5E3677CCE9651E0F01F7CC28, 726DB2283113AB2A9681E8E9F61132303D6D86E9CD034C40EE4A8C9DB29E87F7 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
21:46:52.0877 0x2d38 srv2 - ok
21:46:52.0900 0x2d38 [ 27E461F0BE5BFF5FC737328F749538C3, AFA4704ED8FFC1A0BAB40DFB81D3AE3F3D933A3C9BF54DDAF39FF9AF3646D9E6 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
21:46:52.0921 0x2d38 srvnet - ok
21:46:52.0936 0x2d38 [ 51B52FBD583CDE8AA9BA62B8B4298F33, 2E2403F8AA39E79D1281CA006B51B43139C32A5FDD64BD34DAA4B935338BD740 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
21:46:52.0988 0x2d38 SSDPSRV - ok
21:46:52.0993 0x2d38 [ 0211AB46B73A2623B86C1CFCB30579AB, 7CC9BA2DF7B9EA6BB17EE342898EDD7F54703B93B6DED6A819E83A7EE9F938B4 ] SSPORT C:\Windows\system32\Drivers\SSPORT.sys
21:46:53.0009 0x2d38 SSPORT - ok
21:46:53.0022 0x2d38 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB, D21CDBC4C2AA0DB5B4455D5108B0CAF4282A2E664B9035708F212CC094569D9D ] SstpSvc C:\Windows\system32\sstpsvc.dll
21:46:53.0076 0x2d38 SstpSvc - ok
21:46:53.0109 0x2d38 [ E4EA2412FB1B8AEE33667A9CC6D456A4, E553D07BBD98CB026033D7D10D859795682D1BFCB9D33D494177B2E747EA5064 ] stdcfltn C:\Windows\system32\DRIVERS\stdcfltn.sys
21:46:53.0124 0x2d38 stdcfltn - ok
21:46:53.0144 0x2d38 [ F3817967ED533D08327DC73BC4D5542A, 1B204454408A690C0A86447F3E4AA9E7C58A9CFB567C94C17C21920BA648B4D5 ] stexstor C:\Windows\system32\drivers\stexstor.sys
21:46:53.0160 0x2d38 stexstor - ok
21:46:53.0179 0x2d38 [ DECACB6921DED1A38642642685D77DAC, 1633711CE973F818EBCCCA28538772431167C33ECDD44D1E846A9436598B52DC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
21:46:53.0209 0x2d38 StillCam - ok
21:46:53.0250 0x2d38 [ 8DD52E8E6128F4B2DA92CE27402871C1, 1101C38BE8FC383B5F2F9FA402F9652B23B88A764DE2B584DFE62B88B11DEF92 ] stisvc C:\Windows\System32\wiaservc.dll
21:46:53.0297 0x2d38 stisvc - ok
21:46:53.0317 0x2d38 [ DE3E7A2345EBAA3CE8E6957DFB55FB15, DEFA772F7B08ADE3FCC4FDEDE14FD388E32E7395F44E67E3DAB2CD26E417D5C9 ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
21:46:53.0353 0x2d38 stllssvr - detected UnsignedFile.Multi.Generic ( 1 )
21:46:56.0076 0x2d38 Detect skipped due to KSN trusted
21:46:56.0076 0x2d38 stllssvr - ok
21:46:56.0103 0x2d38 [ C40841817EF57D491F22EB103DA587CC, 5FAA2DE43BADC16A898C0C290C44C41E4411D919A95FE8C6FF45EA7A34495079 ] StorSvc C:\Windows\system32\storsvc.dll
21:46:56.0135 0x2d38 StorSvc - ok
21:46:56.0150 0x2d38 [ D34E4943D5AC096C8EDEEBFD80D76E23, 1DD7F6F97060B5F763A04ACA1F75E59DAB09EF824FD09B83FC3C192837D006DE ] storvsc C:\Windows\system32\drivers\storvsc.sys
21:46:56.0164 0x2d38 storvsc - ok
21:46:56.0176 0x2d38 [ AB1C3402A04C4594D9A778574E87C4B2, 46D20F5432B9A8ED5FAEDC75838AD86548585C1BA86E160AB9C5F893FB11815C ] ST_ACCEL C:\Windows\system32\DRIVERS\ST_Accel.sys
21:46:56.0190 0x2d38 ST_ACCEL - ok
21:46:56.0208 0x2d38 [ D01EC09B6711A5F8E7E6564A4D0FBC90, 3CB922291DBADC92B46B9E28CCB6810CD8CCDA3E74518EC9522B58B998E1F969 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
21:46:56.0221 0x2d38 swenum - ok
21:46:56.0306 0x2d38 [ E08E46FDD841B7184194011CA1955A0B, 9C3725BB1F08F92744C980A22ED5C874007D3B5863C7E1F140F50061052AC418 ] swprv C:\Windows\System32\swprv.dll
21:46:56.0379 0x2d38 swprv - ok
21:46:56.0410 0x2d38 [ 4CDD7DF58730D23BA9CB5829A6E2ECEA, 89A2A1604C2BF985894000F51D9D376B32F1327197866850B5BF8640272DE828 ] SynthVid C:\Windows\system32\DRIVERS\VMBusVideoM.sys
21:46:56.0425 0x2d38 SynthVid - ok
21:46:56.0506 0x2d38 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D, 3C13217548BE61F2BDB8BD41F77345CDDA1F97BF0AE17241C335B9807EB3DBB8 ] SysMain C:\Windows\system32\sysmain.dll
21:46:56.0597 0x2d38 SysMain - ok
21:46:56.0611 0x2d38 [ E3C61FD7B7C2557E1F1B0B4CEC713585, 01F0E116606D185BF93B540868075BFB1A398197F6AABD994983DBFF56B3A8A0 ] TabletInputService C:\Windows\System32\TabSvc.dll
21:46:56.0661 0x2d38 TabletInputService - ok
21:46:56.0681 0x2d38 [ 40F0849F65D13EE87B9A9AE3C1DD6823, E251A7EF3D0FD2973AF33A62FC457A7E8D5E8694208F811F52455F7C2426121F ] TapiSrv C:\Windows\System32\tapisrv.dll
21:46:56.0727 0x2d38 TapiSrv - ok
21:46:56.0758 0x2d38 [ 1BE03AC720F4D302EA01D40F588162F6, AB644862BF1D2E824FD846180DEC4E2C0FAFCC517451486DE5A92E5E78A952E4 ] TBS C:\Windows\System32\tbssvc.dll
21:46:56.0794 0x2d38 TBS - ok
21:46:57.0064 0x2d38 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
21:46:57.0159 0x2d38 Tcpip - ok
21:46:57.0328 0x2d38 [ 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E, F05C0C4CA3DD234AD5D60CF1EF763C9A1D9EC3C157E180C2D75CC07E6B02A611 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
21:46:57.0382 0x2d38 TCPIP6 - ok
21:46:57.0390 0x2d38 [ 1B16D0BD9841794A6E0CDE0CEF744ABC, 7EB8BA97339199EEE7F2B09DA2DA6279DA64A510D4598D42CF86415D67CD674C ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
21:46:57.0402 0x2d38 tcpipreg - ok
21:46:57.0476 0x2d38 [ 3371D21011695B16333A3934340C4E7C, 7416F9BBFC1BA9D875EA7D1C7A0D912FC6977B49A865D67E3F9C4E18A965082D ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
21:46:57.0488 0x2d38 TDPIPE - ok
21:46:57.0509 0x2d38 [ 51C5ECEB1CDEE2468A1748BE550CFBC8, 4E8F83877330B421F7B5D8393D34BC44C6450E69209DAA95B29CB298166A5DF9 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
21:46:57.0538 0x2d38 TDTCP - ok
21:46:57.0562 0x2d38 [ 70988118145F5F10EF24720B97F35F65, F80C806417A68047FFB3D63214BC4AE5445315219AC594E043293006B704A63D ] tdx C:\Windows\system32\DRIVERS\tdx.sys
21:46:57.0591 0x2d38 tdx - ok
21:46:57.0620 0x2d38 [ 561E7E1F06895D78DE991E01DD0FB6E5, 83BFA50A528762EC52A011302AC3874636FB7E26628CD7ACFBF2BDC9FAA8110D ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
21:46:57.0631 0x2d38 TermDD - ok
21:46:57.0706 0x2d38 [ 008CD4EBFABCF78D0F19B3778492648C, 9050490EEE0AD86E73F0A82D83E4FC29DF84F6B6FDB389AE135FD712B5F425BE ] TermService C:\Windows\System32\termsrv.dll
21:46:57.0739 0x2d38 TermService - ok
21:46:57.0790 0x2d38 [ E7E9574AA220D0DB4F6A0CD82B9FB48A, 6130D5D85B8B58FBA25BBCA3EC7B78F8F93DFA5DD89D09268E5BEB57F0240C53 ] TgbIke Starter C:\Windows\SysWOW64\TgbStarter.exe
21:46:57.0807 0x2d38 TgbIke Starter - ok
21:46:57.0817 0x2d38 [ C8FBA733B218B3BB60F0E7775154C2A4, 89964A09FB66A648A90E1B69263D2D182FA948FA0C6AB45B73235B4ADF81ACC0 ] TGBMPEnum C:\Windows\system32\DRIVERS\TGBMPEnum.sys
21:46:57.0828 0x2d38 TGBMPEnum - ok
21:46:57.0869 0x2d38 [ 54B6948D19DB5CD870E9B4B2B145DA9A, 344D7D4843D71D97734F901E8A4E7056DA11D7C9E690242A4105BB5B6404CC8E ] TGBVPNVirtM C:\Windows\system32\DRIVERS\TGBVPNVirtM.sys
21:46:57.0900 0x2d38 TGBVPNVirtM - ok
21:46:57.0919 0x2d38 [ F0344071948D1A1FA732231785A0664C, DB9886C2C858FAF45AEA15F8E42860343F73EB8685C53EC2E8CCC10586CB0832 ] Themes C:\Windows\system32\themeservice.dll
21:46:57.0954 0x2d38 Themes - ok
21:46:57.0995 0x2d38 [ E40E80D0304A73E8D269F7141D77250B, 0DB4AC13A264F19A84DC0BCED54E8E404014CC09C993B172002B1561EC7E265A ] THREADORDER C:\Windows\system32\mmcss.dll
21:46:58.0047 0x2d38 THREADORDER - ok
21:46:58.0062 0x2d38 [ 7E7AFD841694F6AC397E99D75CEAD49D, DE87F203FD8E6BDCCFCA1860A85F283301A365846FB703D9BB86278D8AC96B07 ] TrkWks C:\Windows\System32\trkwks.dll
21:46:58.0132 0x2d38 TrkWks - ok
21:46:58.0180 0x2d38 [ 773212B2AAA24C1E31F10246B15B276C, F2EF85F5ABA307976D9C649D710B408952089458DDE97D4DEF321DF14E46A046 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
21:46:58.0235 0x2d38 TrustedInstaller - ok
21:46:58.0257 0x2d38 [ E232A3B43A894BB327FC161529BD9ED1, F2673DA8C920F21ACCECC25F7C59A05822E5E577D47F126EDF9C94FEB4B30C5F ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
21:46:58.0284 0x2d38 tssecsrv - ok
21:46:58.0346 0x2d38 [ E9981ECE8D894CEF7038FD1D040EB426, DCDDCE933CAECE8180A3447199B07F2F0413704EEC1A09606EE357901A84A7CF ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
21:46:58.0397 0x2d38 TsUsbFlt - ok
21:46:58.0416 0x2d38 [ AD64450A4ABE076F5CB34CC08EEACB07, B5C386635441A19178E7FEEE299BA430C8D72F9110866C13A216B12A1080AD12 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
21:46:58.0432 0x2d38 TsUsbGD - ok
21:46:58.0465 0x2d38 [ 3566A8DAAFA27AF944F5D705EAA64894, AE9D8B648DA08AF667B9456C3FE315489859C157510A258559F18238F2CC92B8 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
21:46:58.0538 0x2d38 tunnel - ok
21:46:58.0560 0x2d38 [ B4DD609BD7E282BFC683CEC7EAAAAD67, EF131DB6F6411CAD36A989A421AF93F89DD61601AC524D2FF11C10FF6E3E9123 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
21:46:58.0575 0x2d38 uagp35 - ok
21:46:58.0606 0x2d38 [ FF4232A1A64012BAA1FD97C7B67DF593, D8591B4EB056899C7B604E4DD852D82D4D9809F508ABCED4A03E1BE6D5D456E3 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
21:46:58.0669 0x2d38 udfs - ok
21:46:58.0684 0x2d38 [ 3CBDEC8D06B9968ABA702EBA076364A1, B8DAB8AA804FC23021BFEBD7AE4D40FBE648D6C6BA21CC008E26D1C084972F9B ] UI0Detect C:\Windows\system32\UI0Detect.exe
21:46:58.0704 0x2d38 UI0Detect - ok
21:46:58.0718 0x2d38 [ 4BFE1BC28391222894CBF1E7D0E42320, 5918B1ED2030600DF77BDACF1C808DF6EADDD8BF3E7003AF1D72050D8B102B3A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
21:46:58.0734 0x2d38 uliagpkx - ok
21:46:58.0740 0x2d38 [ DC54A574663A895C8763AF0FA1FF7561, 09A3F3597E91CBEB2F38E96E75134312B60CAE5574B2AD4606C2D3E992AEDDFE ] umbus C:\Windows\system32\DRIVERS\umbus.sys
21:46:58.0757 0x2d38 umbus - ok
21:46:58.0769 0x2d38 [ B2E8E8CB557B156DA5493BBDDCC1474D, F547509A08C0679ACB843E20C9C0CF51BED1B06530BBC529DFB0944504564A43 ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
21:46:58.0785 0x2d38 UmPass - ok
21:46:58.0812 0x2d38 [ A293DCD756D04D8492A750D03B9A297C, 203600ED0B7F8BA4C6D6F4ED810F4DF5AB70928B06EC4131C5D8ADF628444ED1 ] UmRdpService C:\Windows\System32\umrdp.dll
21:46:58.0836 0x2d38 UmRdpService - ok
21:46:58.0863 0x2d38 [ D47EC6A8E81633DD18D2436B19BAF6DE, 0FB461E2D5E0B75BB5958F6362F4880BFA4C36AD930542609BCAF574941AA7AE ] upnphost C:\Windows\System32\upnphost.dll
21:46:58.0927 0x2d38 upnphost - ok
21:46:58.0965 0x2d38 [ 73E350C9099837826A08792D3E96E189, D4C07C70E8140FFCB5F98EF377B7851D8CA01E1C2FAE9852FF3286E8C8337180 ] usb3Hub C:\Windows\system32\DRIVERS\usb3Hub.sys
21:46:58.0984 0x2d38 usb3Hub - ok
21:46:59.0004 0x2d38 [ 724DABDE1A9C48C6E5FE0F9F7E583940, 6B5FB81D0D6096CB827AC32DD5EE7C92F1E2EEFD54EC9E047EC6AF50610B4885 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
21:46:59.0049 0x2d38 usbccgp - ok
21:46:59.0070 0x2d38 [ 80B0F7D5CCF86CEB5D402EAAF61FEC31, 140C62116A425DEAD25FE8D82DE283BC92C482A9F643658D512F9F67061F28AD ] usbcir C:\Windows\system32\drivers\usbcir.sys
21:46:59.0097 0x2d38 usbcir - ok
21:46:59.0107 0x2d38 [ CA11C28D69925E356CC27749CC41C3E1, E0AEB9EA23E7EFB982C1548508583B16A89A5568750EA23A313C8AC40CCB84C5 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
21:46:59.0125 0x2d38 usbehci - ok
21:46:59.0151 0x2d38 [ 8FA7BAF75209D59E7302BCF0308C52A7, 00F5F7442BBD25E7455ECDE5AE5D40C60E878BAF53A7D535DB59EE2C3F027245 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
21:46:59.0195 0x2d38 usbhub - ok
21:46:59.0221 0x2d38 [ BB33E6D8006EDD67CAB91E9417417710, 16CC4A00FB1793C7B723F6A99A39725C87A71C2958CFA0916A55BB084973C96F ] usbohci C:\Windows\system32\drivers\usbohci.sys
21:46:59.0236 0x2d38 usbohci - ok
21:46:59.0291 0x2d38 [ 73188F58FB384E75C4063D29413CEE3D, B485463933306036B1D490722CB1674DC85670753D79FA0EF7EBCA7BBAAD9F7C ] usbprint C:\Windows\system32\drivers\usbprint.sys
21:46:59.0312 0x2d38 usbprint - ok
21:46:59.0338 0x2d38 [ 9661DA76B4531B2DA272ECCE25A8AF24, FEA93254A21E71A7EB8AD35FCCAD2C1E41F7329EC33B1734F5B41307A34D8637 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
21:46:59.0355 0x2d38 usbscan - ok
21:46:59.0370 0x2d38 [ FED648B01349A3C8395A5169DB5FB7D6, DC4D7594C24ADD076927B9347F1B50B91CF03A4ABDB284248D5711D9C19DEB96 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:46:59.0389 0x2d38 USBSTOR - ok
21:46:59.0420 0x2d38 [ 8565793CAF1EF768DB669BE0C3C71EDF, 8FD8904C5C0F2BFC66A17EE51E2E50C4BB11B77A18F51F4893D079B2F37F6B21 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
21:46:59.0436 0x2d38 usbuhci - ok
21:46:59.0453 0x2d38 [ 1F775DA4CF1A3A1834207E975A72E9D7, 6D3DE5BD3EF3A76E997E5BAF900C51D25308F5A9682D1F62017F577A24095B90 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
21:46:59.0484 0x2d38 usbvideo - ok
21:46:59.0490 0x2d38 [ EDBB23CBCF2CDF727D64FF9B51A6070E, 7202484C8E1BFB2AFD64D8C81668F3EDE0E3BF5EB27572877A0A7B337AE5AE42 ] UxSms C:\Windows\System32\uxsms.dll
21:46:59.0542 0x2d38 UxSms - ok
21:46:59.0559 0x2d38 [ E0105F3B5B1C4B0F5B3D788A13504EC6, 16C094BC098E4606239C8A54F2E4B92BABB68215CCB43C161661B1A664A0C7A0 ] VaultSvc C:\Windows\system32\lsass.exe
21:46:59.0573 0x2d38 VaultSvc - ok
21:46:59.0590 0x2d38 [ C5C876CCFC083FF3B128F933823E87BD, 6FE0FBB6C3207E09300E0789E2168F76668D87C317FE9F263E733827ADCFBE0D ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
21:46:59.0602 0x2d38 vdrvroot - ok
21:46:59.0629 0x2d38 [ 8D6B481601D01A456E75C3210F1830BE, A2CEF483F4231367138EEF7E67FD5BE5364FC0780C44CA1368E36CE4AA3D0633 ] vds C:\Windows\System32\vds.exe
21:46:59.0677 0x2d38 vds - ok
21:46:59.0686 0x2d38 [ DA4DA3F5E02943C2DC8C6ED875DE68DD, EDE604536DB78C512D68C92B26DA77C8811AC109D1F0A473673F0A82D15A2838 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
21:46:59.0707 0x2d38 vga - ok
21:46:59.0711 0x2d38 [ 53E92A310193CB3C03BEA963DE7D9CFC, 45898604375B42EB1246C17A22D91C2440F11C746FF6459AD38027C1BC2E3125 ] VgaSave C:\Windows\System32\drivers\vga.sys
21:46:59.0749 0x2d38 VgaSave - ok
21:46:59.0839 0x2d38 [ 2CE2DF28C83AEAF30084E1B1EB253CBB, D1946816A1CB89F825CBEA58F94A4C9D0CE7249355CD3915563F54054EE564BF ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
21:46:59.0904 0x2d38 vhdmp - ok
21:46:59.0941 0x2d38 [ E5689D93FFE4E5D66C0178761240DD54, 6D35CED80681B12AAF63BFA0DA1C386E71D3838839B68A686990AA8031949D27 ] viaide C:\Windows\system32\drivers\viaide.sys
21:46:59.0952 0x2d38 viaide - ok
21:46:59.0987 0x2d38 [ 7DE90B48F210D29649380545DB45A187, 09522F84285D62B961868DA98C40B82E746CA4D24A9780905673A2349D6B07F4 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
21:47:00.0052 0x2d38 VMBusHID - ok
21:47:00.0094 0x2d38 [ D2AAFD421940F640B407AEFAAEBD91B0, 31EF342A60AF04F4108759A71F8FB7B8C8819216CF3D16A95B2BA0E33A8A9161 ] volmgr C:\Windows\system32\drivers\volmgr.sys
21:47:00.0126 0x2d38 volmgr - ok
21:47:00.0160 0x2d38 [ A255814907C89BE58B79EF2F189B843B, 463DB771851352185B6AC323BD93B9084D47291E53C1F7B628B65D6918B2E28F ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
21:47:00.0178 0x2d38 volmgrx - ok
21:47:00.0218 0x2d38 [ DF8126BD41180351A093A3AD2FC8903B, AEFF4AA89CDDAAAD43CDE17C6B6EB2A397A0AC1651CBD51B889161EC2BC6527A ] volsnap C:\Windows\system32\drivers\volsnap.sys
21:47:00.0234 0x2d38 volsnap - ok
21:47:00.0291 0x2d38 [ 5E2016EA6EBACA03C04FEAC5F330D997, 53106EB877459FE55A459111F7AB0EE320BB3B4C954D3DB6FA1642396001F2AC ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
21:47:00.0308 0x2d38 vsmraid - ok
21:47:00.0443 0x2d38 [ B60BA0BC31B0CB414593E169F6F21CC2, 47B801E623254CF0202B3591CB5C019CABFB52F123C7D47E29D19B32F1F2B915 ] VSS C:\Windows\system32\vssvc.exe
21:47:00.0552 0x2d38 VSS - ok
21:47:00.0579 0x2d38 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1, 3254523C85C70EBA2DBAC05DB2DBA89EDF8E9195F390F7C21F96458FB6B2E3D7 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
21:47:00.0600 0x2d38 vwifibus - ok
21:47:00.0616 0x2d38 [ 6A3D66263414FF0D6FA754C646612F3F, 30F6BA594B0D3B94113064015A16D97811CD989DF1715CCE21CEAB9894C1B4FB ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
21:47:00.0639 0x2d38 vwififlt - ok
21:47:00.0646 0x2d38 [ 6A638FC4BFDDC4D9B186C28C91BD1A01, 5521F1DC515586777EC4837E0AEAA3E613CC178AF1074031C4D0D0C695A93168 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
21:47:00.0666 0x2d38 vwifimp - ok
21:47:00.0705 0x2d38 [ 1C9D80CC3849B3788048078C26486E1A, 34A89F31E53F6B6C209B286F580CC2257AE6D057E4E20741F241C9C167947962 ] W32Time C:\Windows\system32\w32time.dll
21:47:00.0770 0x2d38 W32Time - ok
21:47:00.0792 0x2d38 [ 4E9440F4F152A7B944CB1663D3935A3E, 8FE04EBD3BC612EE943A21A3E56F37E5C9B578CDACA6044048181DAD81816D53 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
21:47:00.0818 0x2d38 WacomPen - ok
21:47:00.0858 0x2d38 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
21:47:00.0909 0x2d38 WANARP - ok
21:47:00.0915 0x2d38 [ 356AFD78A6ED4457169241AC3965230C, CE4D1EE3525C10AC658B20776C3E444DE44874C837713DC5311386EDFCB18399 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
21:47:00.0964 0x2d38 Wanarpv6 - ok
21:47:01.0034 0x2d38 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C, 4150DAB33E8D61076F1D4767BCAFC9B4ECCCCBD58FD4FB3CFE5B8D27DCDCAB61 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
21:47:01.0095 0x2d38 WatAdminSvc - ok
21:47:01.0166 0x2d38 [ 78F4E7F5C56CB9716238EB57DA4B6A75, 46A4E78CE5F2A4B26F4E9C3FF04A99D9B727A82AC2E390A82A1611C3F6E0C9AF ] wbengine C:\Windows\system32\wbengine.exe
21:47:01.0241 0x2d38 wbengine - ok
21:47:01.0273 0x2d38 [ 4984E484B9184970AE8075FDA19650E8, 8B09FD98D925F85CD61119AA9778150ACAFB3441210436963A095A630F675722 ] wbfcvusbdrv C:\Windows\system32\Drivers\wbfcvusbdrv.sys
21:47:01.0285 0x2d38 wbfcvusbdrv - ok
21:47:01.0317 0x2d38 [ 3AA101E8EDAB2DB4131333F4325C76A3, 4F7BD3DA5E58B18BFF106CFF7B45E75FD13EE556D433C695BA23EC80827E49DE ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
21:47:01.0348 0x2d38 WbioSrvc - ok
21:47:01.0365 0x2d38 [ 7368A2AFD46E5A4481D1DE9D14848EDD, 8039C478FC2D9F095F5883A4FA47F9E6EDF57CC88A4AA74F07C88445F90DED57 ] wcncsvc C:\Windows\System32\wcncsvc.dll
21:47:01.0404 0x2d38 wcncsvc - ok
21:47:01.0415 0x2d38 [ 20F7441334B18CEE52027661DF4A6129, 7B8E0247234B740FED2BE9B833E9CE8DD7453340123AB43F6B495A7E6A27B0DD ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
21:47:01.0449 0x2d38 WcsPlugInService - ok
21:47:01.0466 0x2d38 [ 72889E16FF12BA0F235467D6091B17DC, F2FD0BBD075E33608D93F350D216F97442AB89ABD540513C2D568C78096E12A8 ] Wd C:\Windows\system32\drivers\wd.sys
21:47:01.0480 0x2d38 Wd - ok
21:47:01.0545 0x2d38 [ 502FA6BD01D9141D34C2FCA8F8726E3F, 078D88854404F989445725B3693F1B22B8C25F5DCCD9AD5B15AE0E6521FB04D7 ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
21:47:01.0600 0x2d38 WDBackup - ok
21:47:01.0697 0x2d38 [ A3D04EBF5227886029B4532F20D026F7, D90F7B9C176008675DA0B5FD7E4973CBC2A04172CEDF8FB7D3B3B4F27B5440D7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
21:47:01.0715 0x2d38 WDC_SAM - ok
21:47:01.0769 0x2d38 [ C50B1A397F35908EEA98C964E77A6A97, FBA623EE0C5A72836ED80C0ACA163461E9B1B601B99C35B9EEE36B07B7F0839E ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
21:47:01.0790 0x2d38 WDDriveService - ok
21:47:01.0846 0x2d38 [ E2C933EDBC389386EBE6D2BA953F43D8, AF1DEADD5F1267CCEBD226E8EEB971D1946EA6A5A9645A36F5D111F758AF2F07 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
21:47:01.0891 0x2d38 Wdf01000 - ok
21:47:01.0914 0x2d38 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiServiceHost C:\Windows\system32\wdi.dll
21:47:01.0947 0x2d38 WdiServiceHost - ok
21:47:01.0953 0x2d38 [ C6F7473B55510F0B93961DA03D8E3B38, 4BAB9274DED8F7AC4A52B8739F501323FFFA0367CAA24BFAFDB5523812E0CE39 ] WdiSystemHost C:\Windows\system32\wdi.dll
21:47:01.0972 0x2d38 WdiSystemHost - ok
21:47:01.0999 0x2d38 [ 0EB0E5D22B1760F2DBCE632F2DD7A54D, B8A4CC62F88768947FB0A161CF9564DB28FD9C1C037B5475DF192982DE035C22 ] WebClient C:\Windows\System32\webclnt.dll
21:47:02.0059 0x2d38 WebClient - ok
21:47:02.0092 0x2d38 [ CBA25A299ECDBAE3A2300B68598AABA3, 5AC6F75FBDA58CD9D17922AF2780A37B89067EB4A97EE792A644B238BE94490D ] Wecsvc C:\Windows\system32\wecsvc.dll
21:47:02.0118 0x2d38 Wecsvc - ok
21:47:02.0138 0x2d38 [ 7E591867422DC788B9E5BD337A669A08, 484E6BCCDF7ADCE9A1AACAD1BC7C7D7694B9E40FA90D94B14D80C607784F6C75 ] wercplsupport C:\Windows\System32\wercplsupport.dll
21:47:02.0194 0x2d38 wercplsupport - ok
21:47:02.0214 0x2d38 [ 6D137963730144698CBD10F202E9F251, A9F522A125158D94F540544CCD4DBF47B9DCE2EA878C33675AFE40F80E8F4979 ] WerSvc C:\Windows\System32\WerSvc.dll
21:47:02.0278 0x2d38 WerSvc - ok
21:47:02.0290 0x2d38 [ 611B23304BF067451A9FDEE01FBDD725, 0AF2734B978165FC6FD22B64862132CCE32528A21C698A49D176129446E099C8 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
21:47:02.0340 0x2d38 WfpLwf - ok
21:47:02.0363 0x2d38 [ 064E179AFF2E2819ED8C0B39AB42B6D5, AB892B1FAB35157339ACDE5AF60AA60CBE9B83EC5C61B575F2D05750F684741D ] WIBUKEY C:\Windows\system32\DRIVERS\WibuKey64.sys
21:47:02.0432 0x2d38 WIBUKEY - ok
21:47:02.0472 0x2d38 [ 9B33BD737B6620E5DCD4909EFF719216, B32CFC5992FB390C1192979A02A03A2E166B4788F6C10AB3052B33B028805A27 ] Wibukey2_64 C:\Windows\system32\drivers\wibukey2_64.sys
21:47:02.0548 0x2d38 Wibukey2_64 - ok
21:47:02.0571 0x2d38 [ 05ECAEC3E4529A7153B3136CEB49F0EC, 9995CB2CEC70A633EA33CBB0DEAD2BB28CB67132B41E9444BDAB9E75744C9A50 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
21:47:02.0583 0x2d38 WIMMount - ok
21:47:02.0612 0x2d38 WinDefend - ok
21:47:02.0822 0x2d38 [ 3853778242E374E49BDA5EAB72DD8E60, 26BC53AE79161297782743C1A2CC71B7D0FE8338C9763B88EB3F298EB8FA1882 ] WindowsVNT_R3 C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
21:47:02.0966 0x2d38 WindowsVNT_R3 - detected UnsignedFile.Multi.Generic ( 1 )
21:47:05.0483 0x2d38 Detect skipped due to KSN trusted
21:47:05.0483 0x2d38 WindowsVNT_R3 - ok
21:47:05.0486 0x2d38 WinHttpAutoProxySvc - ok
21:47:05.0581 0x2d38 [ 19B07E7E8915D701225DA41CB3877306, D6555E8D276DBB11358246E0FE215F76F1FB358791C76B88D82C2A66A42DA19F ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
21:47:05.0641 0x2d38 Winmgmt - ok
21:47:05.0779 0x2d38 [ D929ABD465A2DED963DA8B30946A8D5C, DE8DBFB01C11D2AE903CBD6A974D6F995E9813CE2D6484B7DA06EAE4C545842A ] WinRM C:\Windows\system32\WsmSvc.dll
21:47:05.0887 0x2d38 WinRM - ok
21:47:05.0918 0x2d38 [ FE88B288356E7B47B74B13372ADD906D, A16B166F6BB32EF9D2A142F27B9EC54CBC7B3AC915799783CF4C40E525BC9E03 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
21:47:05.0932 0x2d38 WinUsb - ok
21:47:05.0965 0x2d38 [ 4FADA86E62F18A1B2F42BA18AE24E6AA, CE1683386886BF34862681A46199EA7E7FB4232A186047DA7FBD8EC240AF6726 ] Wlansvc C:\Windows\System32\wlansvc.dll
21:47:06.0013 0x2d38 Wlansvc - ok
21:47:06.0059 0x2d38 [ F6FF8944478594D0E414D3F048F0D778, 6F75E0AE6127B33A92A88E59D4B048FD4C15F997807BE7BF0EFE76F95235B1D9 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
21:47:06.0097 0x2d38 WmiAcpi - ok
21:47:06.0130 0x2d38 [ 38B84C94C5A8AF291ADFEA478AE54F93, 1AC267AC73670BEA5F3785C9AD9DB146F8E993A862C843742B21FDB90D102B2A ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
21:47:06.0148 0x2d38 wmiApSrv - ok
21:47:06.0152 0x2d38 WMPNetworkSvc - ok
21:47:06.0157 0x2d38 [ 96C6E7100D724C69FCF9E7BF590D1DCA, 2E63C9B0893B4FC03B7A71BAEA6202D3D3DB1B52F3643467829B5A573FD7655B ] WPCSvc C:\Windows\System32\wpcsvc.dll
21:47:06.0170 0x2d38 WPCSvc - ok
21:47:06.0188 0x2d38 [ 93221146D4EBBF314C29B23CD6CC391D, C0750858A65BF51E210CD244C825C121D67E025CD2D2455139991AAC289A90FE ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
21:47:06.0253 0x2d38 WPDBusEnum - ok
21:47:06.0279 0x2d38 [ 6BCC1D7D2FD2453957C5479A32364E52, E48554D31FBDCF8F985C1C72524CAA9106F5B7CC2B79064F8F5E2562D517F090 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
21:47:06.0321 0x2d38 ws2ifsl - ok
21:47:06.0340 0x2d38 [ E8B1FE6669397D1772D8196DF0E57A9E, 39FE0819360719F756BD31A1884A0508A1E2371ACC723E25E005CBEC0A7B02FA ] wscsvc C:\Windows\system32\wscsvc.dll
21:47:06.0367 0x2d38 wscsvc - ok
21:47:06.0396 0x2d38 [ 8D918B1DB190A4D9B1753A66FA8C96E8, DB7D2714DC04D2D6999A207D7399A5647C8653E5A1AD80856A65C5B6065AEDFE ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
21:47:06.0442 0x2d38 WSDPrintDevice - ok
21:47:06.0454 0x2d38 [ 4A2A5C50DD1A63577D3ACA94269FBC7F, F75C1906D431CF871AD954218DF32A0F206E45FF49332DEF9F13C0A36A407047 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
21:47:06.0489 0x2d38 WSDScan - ok
21:47:06.0493 0x2d38 WSearch - ok
21:47:06.0608 0x2d38 [ 61FF576450CCC80564B850BC3FB6713A, B2843BC9E2F62D27DCF6787D063378926748CE75002BADA1873DCB5039883705 ] wuauserv C:\Windows\system32\wuaueng.dll
21:47:06.0721 0x2d38 wuauserv - ok
21:47:06.0737 0x2d38 [ AB886378EEB55C6C75B4F2D14B6C869F, D6C4602EB8F291DADEDF3CD211013D4AC752DDE7E799C2D8D74AA4F5477CAED6 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
21:47:06.0765 0x2d38 WudfPf - ok
21:47:06.0777 0x2d38 [ DDA4CAF29D8C0A297F886BFE561E6659, 94E5DD649B5D86FA1A7C7D30FCF9644D0EE048D312E626111458ADF66BFBE978 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
21:47:06.0799 0x2d38 WUDFRd - ok
21:47:06.0815 0x2d38 [ B20F051B03A966392364C83F009F7D17, 88ECEB55AE91F58F592B96EBC10B572747D5A2F9B7629E8F371761E4F7408A65 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
21:47:06.0834 0x2d38 wudfsvc - ok
21:47:06.0868 0x2d38 [ 04F82965C09CBDF646B487E145060301, 2CD8533EDBE24C3E42EB7550E20F8A2EB9E5E345B165DEF543163A6BC1FDD18B ] WwanSvc C:\Windows\System32\wwansvc.dll
21:47:06.0899 0x2d38 WwanSvc - ok
21:47:07.0067 0x2d38 [ 7F4350B20A49FE6F64F0EEE046972A1A, 2CEC6C2155DE3C02396673DDFE0811A6180A370937B6C764FC296ABC8E85462F ] YouTubeDownload_A3 C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
21:47:07.0231 0x2d38 YouTubeDownload_A3 - ok
21:47:07.0452 0x2d38 [ 8D809F4ECFE9E80723C49B427854068A, 4186B6C56BA70106A95D28371360C780F55FECA1A1C61966F091A07A390BA189 ] ZeroConfigService C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
21:47:07.0637 0x2d38 ZeroConfigService - ok
21:47:07.0693 0x2d38 ================ Scan global ===============================
21:47:07.0703 0x2d38 [ BA0CD8C393E8C9F83354106093832C7B, 18D8A4780A2BAA6CEF7FBBBDA0EF6BF2DADF146E1E578A618DD5859E8ADBF1A8 ] C:\Windows\system32\basesrv.dll
21:47:07.0718 0x2d38 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:47:07.0737 0x2d38 [ 88EDD0B34EED542745931E581AD21A32, DC2B93E1CEF5B0BCEE08D72669BB0F3AD0E8E6E75BDC08858407ED92F6FFA031 ] C:\Windows\system32\winsrv.dll
21:47:07.0752 0x2d38 [ D6160F9D869BA3AF0B787F971DB56368, 0033E6212DD8683E4EE611B290931FDB227B4795F0B17C309DC686C696790529 ] C:\Windows\system32\sxssrv.dll
21:47:07.0782 0x2d38 [ 24ACB7E5BE595468E3B9AA488B9B4FCB, 63541E3432FCE953F266AE553E7A394978D6EE3DB52388D885F668CF42C5E7E2 ] C:\Windows\system32\services.exe
21:47:07.0794 0x2d38 [ Global ] - ok
21:47:07.0794 0x2d38 ================ Scan MBR ==================================
21:47:07.0807 0x2d38 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:47:08.0216 0x2d38 \Device\Harddisk0\DR0 - ok
21:47:08.0217 0x2d38 ================ Scan VBR ==================================
21:47:08.0226 0x2d38 [ B65B3D19501FD0EE8911BC9E01BF9CE8 ] \Device\Harddisk0\DR0\Partition1
21:47:08.0280 0x2d38 \Device\Harddisk0\DR0\Partition1 - ok
21:47:08.0282 0x2d38 [ 99374DBF9D0ADB117381D1B67F5FC2CA ] \Device\Harddisk0\DR0\Partition2
21:47:08.0303 0x2d38 \Device\Harddisk0\DR0\Partition2 - ok
21:47:08.0303 0x2d38 ================ Scan generic autorun ======================
21:47:08.0338 0x2d38 [ FAF64638A42A32B449E7EB474064731A, 40462B51B3CAE21E5650525F90BAB5FCB6C1B44EA4C2DBB8AA0991A0F2EE7837 ] C:\Program Files\DellTPad\Apoint.exe
21:47:08.0370 0x2d38 Apoint - ok
21:47:08.0627 0x2d38 [ 7A3C577879C1D092453BFCF688C0B5F7, 8835F572C05FB50A9B59F78F3BBF708D4552C431C5FA9E313335114480E93F7C ] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
21:47:08.0877 0x2d38 RtHDVCpl - ok
21:47:08.0935 0x2d38 [ 1F52D0A814E34E36FBE3EB97A9CD1CD0, 610802343959C8EAFC415F64DF868C533FA010742D1EDC3E5D12F2CA90AC988B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:47:08.0974 0x2d38 RtHDVBg - ok
21:47:08.0995 0x2d38 [ 15C9F763CCFC9C1B8C269D94B30EF619, 00E2BD04736DBDE84AAD7C239CC30E9427468A33FF6954BE28D361481B09F48B ] C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
21:47:09.0009 0x2d38 WavesSvc - ok
21:47:09.0080 0x2d38 [ 1F52D0A814E34E36FBE3EB97A9CD1CD0, 610802343959C8EAFC415F64DF868C533FA010742D1EDC3E5D12F2CA90AC988B ] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
21:47:09.0122 0x2d38 RtHDVBg_PushButton - ok
21:47:09.0181 0x2d38 [ 9B779DD4C1C4B71599A8A42623C99B4A, 5361EC5F218777351C6B0C57AE5F6D1B0870158EDD04263C09BA15F6A48A2070 ] C:\Program Files\Dell\PPO\DellPoaEvents.exe
21:47:09.0198 0x2d38 DellPoaEvents - ok
21:47:09.0200 0x2d38 BTMTrayAgent - ok
21:47:09.0220 0x2d38 [ F14327BA386AAA2246585BFADD8FE8E8, 2804D7985B116C808942B4501362D4F4BAE4B540E9A6AC9B176B30DD448BA5AC ] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe
21:47:09.0230 0x2d38 IAStorIcon - detected UnsignedFile.Multi.Generic ( 1 )
21:47:11.0705 0x2d38 Detect skipped due to KSN trusted
21:47:11.0705 0x2d38 IAStorIcon - ok
21:47:11.0901 0x2d38 [ 86ABD61318AA20217A75F67023C5AAE5, ED188D96319B652E0EA57BBBCDD8FA29621329F0E0EA24F3B31FC27FFA58198E ] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
21:47:12.0078 0x2d38 IntelPROSet - ok
21:47:12.0140 0x2d38 [ F5A5DBADCD24BDF33BFDAA789E39C876, A0D931FA339CA1FB6198BF5DF327ECEB0881796FFF92BDE0F9FC2C233C46E83C ] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
21:47:12.0193 0x2d38 AdobeAAMUpdater-1.0 - ok
21:47:12.0233 0x2d38 [ 835D7CF56DA941D24F791AC25A31FED7, EE5C8C5D3BB5DCD8AA820D5A7696DF316FB73856B09680E72A5CE375BA5982A3 ] C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
21:47:12.0251 0x2d38 CSFTrayApp - ok
21:47:12.0592 0x2d38 [ 77E19B0303F2E2D2E1B8809C7602BACE, 767AFA45192F302F165AEBCA15677E51ACAE9244CE721C205A3DAE869E67C1B2 ] C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
21:47:12.0884 0x2d38 InvProtect - ok
21:47:12.0893 0x2d38 CANON P-215II SVC - ok
21:47:12.0909 0x2d38 [ 8643344BA3BC0FEA6095ED111F45C63D, 1DE57C380BB5EC767DB1905B43AD5E5278D798D23974C396A0CE76C9472E8927 ] C:\Program Files\BOINC\boinctray.exe
21:47:12.0938 0x2d38 boinctray - detected UnsignedFile.Multi.Generic ( 1 )
21:47:16.0174 0x2d38 Detect skipped due to KSN trusted
21:47:16.0174 0x2d38 boinctray - ok
21:47:16.0565 0x2d38 [ 5B4BBF7D0DC9C4D3C69B4C3D43EE9A9C, FB3AF6F73C29F524069378D40D5763CA83CE2486BC11B2F545B31B7561E4761B ] C:\Program Files\BOINC\boincmgr.exe
21:47:16.0886 0x2d38 boincmgr - detected UnsignedFile.Multi.Generic ( 1 )
21:47:19.0428 0x2d38 Detect skipped due to KSN trusted
21:47:19.0428 0x2d38 boincmgr - ok
21:47:19.0480 0x2d38 [ 5956CEBC6E2DF8BB255DE08901533985, 3F9362485F64FC50429297CA339ED5964FF0889B855307E2A944A08818434CE3 ] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
21:47:19.0502 0x2d38 USB3MON - ok
21:47:19.0838 0x2d38 [ 208000B15AE976369C2EF0A6626096D7, 4EE5DFB3C334365AC88DCC2F0513DDAE81BFA7520BAA77599B0B0B7F21454458 ] c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe
21:47:19.0886 0x2d38 StartCCC - ok
21:47:20.0076 0x2d38 [ 4281BF9B8FD5F888E0671EF389DC1C8F, 756FFE7584D00A52410E78AACAFE9FCEF6EA8278FB78E828A9A9350543932EC3 ] C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe
21:47:20.0176 0x2d38 Acrobat Assistant 8.0 - ok
21:47:20.0488 0x2d38 [ E84F189BE4353A47EBF063D8EA3C4B63, C9AD8FA3E0DE9860D3100E17F90F91C7CAD01730A98E8E12E5936B47EF23E546 ] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
21:47:20.0714 0x2d38 WD Quick View - ok
21:47:20.0969 0x2d38 [ 7D1414B4F90831CB09F3EABECD3B2390, 486A341EE7B604F012EA4EDE0B70FC4A1A8BA720A6A3E6747EA0819FD4CA1658 ] C:\Program Files (x86)\NetSetMan\netsetman.exe
21:47:21.0166 0x2d38 NetSetMan - ok
21:47:21.0213 0x2d38 [ FFA3D681B293C476675EAA78BE2B75FF, 4F1012215B593349367B80FB13B052532857CFCE841362FC1B585EDB4FBDDB83 ] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
21:47:21.0243 0x2d38 HydraVisionDesktopManager - detected UnsignedFile.Multi.Generic ( 1 )
21:47:24.0055 0x2d38 Detect skipped due to KSN trusted
21:47:24.0055 0x2d38 HydraVisionDesktopManager - ok
21:47:24.0136 0x2d38 [ E3BF29CED96790CDAAFA981FFDDF53A3, 76CB27EF7B27E5636EDA9D95229519B2A2870729A0BB694F1FD11CD602BAC4DC ] C:\Program Files\Windows Sidebar\sidebar.exe
21:47:24.0294 0x2d38 Sidebar - ok
21:47:24.0455 0x2d38 [ 43D083268A0919F3527A2837390BAF63, 58B62697B01B8C9396271A64424178691FA85D4625DAF2AC8DE7F06A64F64C2A ] C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
21:47:24.0498 0x2d38 ISUSPM - ok
21:47:24.0522 0x2d38 [ 49D80CFEA86E49CE0C405FC2CBEEB0B2, 48D224DACD0860D87786F1D744830E6BC62B11B3DE81169332A8CCA2DCA605E7 ] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe
21:47:24.0538 0x2d38 AnyDVD - ok
21:47:24.0592 0x2d38 [ EEA6332ADF062AC5B24535C098DF1F3C, 91969C7BEBEDA1CA5B49324A1A63CD309DBAD2CB9970B041665F98B0ADC779E6 ] C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
21:47:24.0625 0x2d38 GarminExpressTrayApp - ok
21:47:24.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:25.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:26.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:27.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:28.0627 0x2d38 Waiting for KSN requests completion. In queue: 9
21:47:29.0657 0x2d38 AV detected via SS2: AVG AntiVirus Free Edition 2015, C:\Program Files (x86)\AVG\AVG2015\avgwsc.exe ( 15.0.0.5645 ), 0x41000 ( enabled : updated )
21:47:29.0675 0x2d38 Win FW state via NFP2: enabled
21:47:32.0172 0x2d38 ============================================================
21:47:32.0172 0x2d38 Scan finished
21:47:32.0172 0x2d38 ============================================================
21:47:32.0181 0x0914 Detected object count: 1
21:47:32.0181 0x0914 Actual detected object count: 1
21:47:45.0049 0x0914 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - skipped by user
21:47:45.0050 0x0914 RWAR3Monitor ( UnsignedFile.Multi.Generic ) - User select action: Skip
By chance, did you run the instructions posted in post #24?
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
~~~~~
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png
Please click by the introduction screen on the Next button to continue.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png
Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png
When the update has finished, click on the Next button.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png
Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png
When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.
There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
jhrowehl
2015-02-26, 17:51
By chance, did you run the instructions posted in post #24?
No, somehow I missed that post... oops... I'll do that now.
Hope it sheds some light on something, so far it doesn't point to anything malware related.
jhrowehl
2015-02-26, 18:21
Hope it sheds some light on something, so far it doesn't point to anything malware related.
Got my fingers crossed!
The OTM log file appears below. I had AVG detection turned off, but at reboot it automatically activated and killed OTM. If there were registry entries to be deleted, they weren't.
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Henry
->Temp folder emptied: 10801127 bytes
->Temporary Internet Files folder emptied: 24549739 bytes
->FireFox cache emptied: 10149625 bytes
->Flash cache emptied: 758 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74233 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 912 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 43.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Henry
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
OTM by OldTimer - Version 3.1.21.0 log created on 02262015_110059
Files moved on Reboot...
C:\Users\Henry\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Henry\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\Invincea\InvProtectSvc.log scheduled to be moved on reboot.
File move failed. C:\Windows\SysWow64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
File move failed. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.
Registry entries deleted on Reboot...
jhrowehl
2015-02-26, 18:27
Logs from the first part of post #29...
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-02-2015 01
Ran by Henry (administrator) on ELSERVICE13 on 26-02-2015 11:22:33
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" -url "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\nsmservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
(Visioneer Inc.) C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\netsetman.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
() C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_854dedf9f74389b0\iexplore.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_7af943a7c2e2c7b5\iexplore.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_854dedf9f74389b0\iexplore.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
(Invincea, Inc.) C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [InvProtect] => C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe [6779592 2015-02-12] (Invincea, Inc.)
HKLM\...\Run: [CANON P-215II SVC] => rundll32.exe P215IISvc.dll,EntryPointUserMessage
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5562736 2014-07-22] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetSetMan] => C:\Program Files (x86)\NetSetMan\netsetman.exe [5414056 2014-06-03] (Ilja Herlein)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [1893224 2012-02-23] (TODO: <Company name>)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [P-215II CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe [2251056 2014-03-30] (Canon Electronics Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-02] (AMD)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [ISUSPM] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [218032 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-19] (SlySoft, Inc.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll (Invincea, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll (Invincea, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\pkmcdo.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668
FF Homepage: www.excite.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Garmin Communicator - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-26]
FF Extension: QuickJava - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-26]
FF Extension: Invincea Web Redirector - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\webredirector@invincea.com [2015-02-26]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-11-01]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-11-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
S4 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2542288 2014-08-13] (Dell Inc.)
S4 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [199888 2014-08-13] (Dell Inc.)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2150088 2015-02-12] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 nsmService; C:\Program Files (x86)\NetSetMan\nsmservice.exe [1277608 2014-06-02] (Ilja Herlein)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [232448 2014-09-30] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-19] (Nuance Communications, Inc.)
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 RWAR3HV_0002_0; C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE [430592 2013-08-14] (Visioneer Inc.)
R2 RWAR3Monitor; C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe [223744 2014-11-11] (Visioneer Inc.) [File not signed]
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174792 2015-02-12] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2012-03-21] (TheGreenBow)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2014-12-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [296312 2014-06-02] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{B72A21F9-6C42-44BF-BEBD-DD11EDF0E075}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
R3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation)
R3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2310488 2014-02-13] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [52232 2015-02-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183816 2015-02-12] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2012-03-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140976 2012-03-21] (TheGreenBow)
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-08-02] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [107008 2006-11-22] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2006-11-09] (WIBU-SYSTEMS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 11:22 - 2015-02-26 11:23 - 00035319 _____ () C:\Users\Henry\Desktop\FRST.txt
2015-02-26 11:00 - 2015-02-26 11:00 - 00000000 ____D () C:\_OTM
2015-02-26 10:59 - 2015-02-26 10:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-26 10:45 - 2015-02-26 10:45 - 00172032 _____ (SteelWerX) C:\Users\Henry\Desktop\flushflash.exe
2015-02-25 22:44 - 2015-02-25 22:44 - 00001115 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-25 22:44 - 2015-02-25 22:44 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\com.wd.WDMyCloud
2015-02-25 21:51 - 2015-02-25 21:51 - 00126606 _____ () C:\Users\Henry\Desktop\TDSS_Kill.txt
2015-02-25 21:43 - 2015-02-25 21:43 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Henry\Desktop\tdsskiller.exe
2015-02-25 09:15 - 2015-02-25 09:15 - 00030647 _____ () C:\Users\Henry\Desktop\ComboFix.txt
2015-02-25 09:12 - 2015-02-25 09:12 - 00030647 _____ () C:\ComboFix.txt
2015-02-25 08:58 - 2011-06-26 01:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-25 08:58 - 2010-11-07 12:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-25 08:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-25 08:58 - 2000-08-30 19:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-25 08:57 - 2015-02-25 09:12 - 00000000 ____D () C:\Qoobox
2015-02-25 08:57 - 2015-02-25 09:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-24 16:44 - 2015-02-24 16:44 - 05611903 ____R (Swearware) C:\Users\Henry\Desktop\ComboFix.exe
2015-02-22 14:52 - 2015-02-21 12:29 - 02347384 _____ (ESET) C:\Users\Henry\Desktop\esetsmartinstaller_enu.exe
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PCDr
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-22 12:07 - 2015-02-22 12:07 - 00001832 _____ () C:\Users\Henry\Desktop\JRT.txt
2015-02-22 12:01 - 2015-02-22 12:01 - 01388274 _____ (Thisisu) C:\Users\Henry\Desktop\JRT.exe
2015-02-22 11:43 - 2015-02-22 12:14 - 00000000 ____D () C:\AdwCleaner
2015-02-22 11:42 - 2015-02-22 11:42 - 02126848 _____ () C:\Users\Henry\Desktop\AdwCleaner.exe
2015-02-22 11:34 - 2015-02-26 11:22 - 00000000 ____D () C:\Users\Henry\Desktop\FRST-OlderVersion
2015-02-22 11:33 - 2015-02-23 16:20 - 00000955 _____ () C:\Users\Henry\Desktop\fixlist.txt
2015-02-21 11:06 - 2015-02-26 11:22 - 02087936 _____ (Farbar) C:\Users\Henry\Desktop\FRST64.exe
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-20 18:26 - 2015-02-20 18:26 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2015-02-19 20:29 - 2015-02-19 20:29 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-02-19 20:29 - 2015-02-19 20:29 - 00001850 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-02-16 16:26 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 16:26 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-15 14:01 - 2015-02-15 14:01 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-12 21:42 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:42 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:05 - 2015-02-25 14:48 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-11 11:05 - 2015-02-11 11:05 - 00003224 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-10 16:42 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:42 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 16:42 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:42 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 16:42 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 16:42 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 16:42 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 16:42 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 16:42 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 16:42 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 16:42 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 16:42 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:42 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 16:42 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:42 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:42 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:42 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 16:42 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 16:42 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 16:41 - 2015-02-16 16:55 - 00025260 _____ () C:\Windows\system32\ScanResults.xml
2015-02-10 16:41 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:41 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 16:41 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 16:41 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 16:41 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 16:41 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:41 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 16:41 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:41 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 16:41 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 16:41 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 16:41 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 16:41 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:41 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 16:41 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 16:41 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 16:41 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:41 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 16:41 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 16:41 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 16:41 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 16:41 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 16:41 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:41 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 16:41 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 16:41 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 16:40 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:34 - 2015-02-16 16:48 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-07 09:20 - 2015-02-07 09:20 - 00000000 ____D () C:\Users\Henry\AppData\Local\GARMIN_Corp
2015-02-03 22:09 - 2015-02-26 11:22 - 00000000 ____D () C:\FRST
2015-02-03 22:07 - 2015-02-03 22:07 - 00000000 ____D () C:\RegBackup
2015-01-27 17:02 - 2015-01-27 17:02 - 00001017 _____ () C:\Users\Henry\Desktop\AVIGenerator.lnk
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVIGenerator
2015-01-27 17:02 - 2015-01-27 17:02 - 00000000 ____D () C:\Program Files (x86)\AVIGenerator
2015-01-27 17:01 - 2015-01-27 17:04 - 00000000 ____D () C:\Users\Henry\VideoPlayer Picture
2015-01-27 17:01 - 2015-01-27 17:01 - 00001079 _____ () C:\Users\Public\Desktop\LorexPlayer11.exe.lnk
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\VideoPlayer
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lorex Player 11
2015-01-27 17:01 - 2015-01-27 17:01 - 00000000 ____D () C:\Program Files (x86)\Lorex
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-26 11:20 - 2014-11-15 13:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-26 11:18 - 2014-10-26 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-02-26 11:18 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-26 11:18 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-26 11:14 - 2014-10-26 16:38 - 01101754 _____ () C:\Windows\WindowsUpdate.log
2015-02-26 11:13 - 2014-10-26 17:06 - 00047299 _____ () C:\Windows\SysWOW64\Gms.log
2015-02-26 11:12 - 2014-11-01 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 11:12 - 2014-11-01 11:51 - 00131072 ___SH () C:\CredSED.dat
2015-02-26 11:11 - 2014-11-29 16:32 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-02-26 11:11 - 2014-11-15 13:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-26 11:11 - 2014-11-02 11:06 - 00000000 ____D () C:\ProgramData\BOINC
2015-02-26 11:10 - 2015-01-14 16:53 - 00003378 _____ () C:\Windows\PFRO.log
2015-02-26 11:10 - 2015-01-11 15:06 - 00006348 _____ () C:\Windows\setupact.log
2015-02-26 11:10 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-26 11:07 - 2014-11-02 00:12 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 10:35 - 2014-11-02 00:27 - 00000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2015-02-26 10:30 - 2014-11-02 00:27 - 00000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2015-02-26 10:28 - 2014-10-26 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-26 08:09 - 2014-11-02 00:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-02-25 23:06 - 2014-11-01 19:32 - 00000000 ____D () C:\Users\Henry\Documents\MyCloud
2015-02-25 22:44 - 2014-11-01 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-25 22:44 - 2014-11-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-25 22:33 - 2014-11-18 17:09 - 00000184 _____ () C:\Windows\setscan.ini
2015-02-25 22:33 - 2014-11-01 20:20 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\.oit
2015-02-25 19:55 - 2009-07-14 00:13 - 00798530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-25 17:23 - 2015-01-03 09:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-25 09:10 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-24 06:02 - 2014-11-03 16:33 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-02-23 16:39 - 2014-12-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox Update
2015-02-22 11:38 - 2014-11-11 21:48 - 00000008 __RSH () C:\Users\Henry\ntuser.pol
2015-02-22 11:38 - 2014-11-01 10:31 - 00000000 ____D () C:\Users\Henry
2015-02-22 11:35 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-20 18:26 - 2014-10-26 17:07 - 00001974 _____ () C:\Users\Public\Desktop\Protected Workspace.lnk
2015-02-20 18:26 - 2014-10-26 17:07 - 00000000 ____D () C:\Program Files (x86)\Invincea
2015-02-20 13:08 - 2014-11-14 22:26 - 00001063 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-02-19 22:17 - 2014-11-03 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-02-19 21:31 - 2014-11-01 12:58 - 00000000 ____D () C:\Users\Henry\Documents\Garmin Data
2015-02-19 20:40 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Henry\Documents\D
2015-02-19 20:30 - 2014-11-03 20:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-02-19 20:29 - 2014-11-03 20:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-02-19 20:29 - 2014-10-26 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-18 07:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-13 21:01 - 2014-11-01 19:09 - 00000000 ____D () C:\Users\Henry\Documents\Garmin
2015-02-13 20:50 - 2014-11-03 20:32 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GARMIN
2015-02-13 20:38 - 2014-11-03 20:35 - 00000000 ____D () C:\Users\Henry\AppData\Local\Garmin
2015-02-12 17:17 - 2009-07-13 23:45 - 00316800 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-12 17:16 - 2014-11-01 13:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\CrashDumps
2015-02-12 17:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 16:46 - 2014-11-01 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 16:41 - 2014-11-01 11:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-12 16:37 - 2014-11-02 12:58 - 00000000 ____D () C:\Program Files (x86)\NetSetMan
2015-02-11 13:17 - 2014-11-01 13:31 - 00000000 ____D () C:\Users\Henry\Documents\AGFM
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\Program Files\Dell
2015-02-09 21:22 - 2014-11-01 19:10 - 00000000 ____D () C:\Users\Henry\Documents\Humor
2015-02-09 05:38 - 2014-11-17 06:06 - 00000576 _____ () C:\wifi-debug.xml
2015-02-07 12:17 - 2014-11-01 20:09 - 00000000 ____D () C:\Users\Henry\Documents\Product Manuals
2015-02-05 16:21 - 2014-11-05 18:33 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2015-02-05 12:28 - 2014-10-26 16:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:28 - 2014-10-26 16:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:28 - 2014-10-26 16:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:15 - 2014-11-15 13:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:15 - 2014-11-15 13:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 09:27 - 2014-12-26 13:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 09:27 - 2014-12-04 22:11 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-04 09:27 - 2014-11-08 17:45 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-02-04 09:27 - 2014-11-03 20:39 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\IrfanView
2015-02-04 09:27 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GHISLER
2015-02-04 09:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 09:26 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-02-04 09:26 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
==================== Files in the root of some directories =======
2014-12-25 11:45 - 2015-01-19 21:59 - 0000263 _____ () C:\Users\Henry\AppData\Roaming\Binary Clock_Settings.ini
2014-11-02 00:27 - 2015-02-26 10:30 - 0000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2014-11-02 00:27 - 2015-02-26 10:35 - 0000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2014-11-05 20:40 - 2014-12-31 10:37 - 0072704 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 17:45 - 2014-11-01 17:45 - 0000093 _____ () C:\Users\Henry\AppData\Local\fusioncache.dat
2014-11-04 06:34 - 2014-12-28 23:19 - 0007597 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2014-11-12 21:31 - 2014-11-12 21:31 - 0000040 ___SH () C:\ProgramData\.zreglib
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 07:19
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-26 11:23:46
Running from C:\Users\Henry\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{BF728146-387A-B1FE-28F1-F25B5363D5EA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
BOINC (HKLM\...\{0DF28429-855F-4BDC-B264-058D2785965E}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Canon driver for P-215II (x64) (HKLM\...\{29365D7E-86E6-4828-AFE5-0BDBE73A39F6}) (Version: 1.0.5197 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Application (HKLM-x32\...\{2F5ED7FC-EB58-41C8-ACBD-094362D6DA4F}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Mail (HKLM-x32\...\{B6ADDC04-4138-490A-80B6-7D874008F281}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for PaperPort 14 (HKLM-x32\...\{1458CC10-F280-4D16-A791-B72893FC1DA1}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Presto! BizCard 6 (HKLM-x32\...\{8662E3EE-8811-4CDE-9B4C-2B75A3746DA8}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Printer (HKLM-x32\...\{BDFF5BF0-2949-450D-8030-E6892B0DB03C}) (Version: 1.0.5200 - Canon Electronics Inc.)
CmgMasterPrerequisites (x32 Version: 1.4.1.777 - Credant Technologies Inc.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{AB904BBA-B274-44E7-9FDD-E96E5D69F9D3}) (Version: 2.3.440.224 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (HKLM\...\{05FDD00D-1C45-44D1-AB3F-C24D45C39457}) (Version: 8.4.1.1717 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.1.777 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.1.777 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Data Vault (Version: 4.0.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell Precision Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 02.00.07 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.5.19821 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
DraftSight (HKLM-x32\...\{87A003CE-22FD-4952-9B0F-B98304A13427}) (Version: 8.1.398 - Dassault Systemes)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Learn Microsoft Visual Basic 6.0 Now (HKLM-x32\...\Learn Microsoft Visual Basic 6.0 Now) (Version: - )
Lorex Client 10 (HKLM-x32\...\Lorex Client) (Version: 10 - )
Lorex Player 11 (HKLM-x32\...\{CA8CEEE3-8F1B-4A27-80A4-A1A00A3AE3F5}) (Version: 1.2.14 - Lorex)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visio for Enterprise Architects SR-1 [English] (HKLM-x32\...\{90560409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.3313 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Learning Edition (HKLM-x32\...\Visual Basic 6.0 Learning Edition) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio .NET Enterprise Architect 2003 - English (HKLM-x32\...\Visual Studio .NET Enterprise Architect 2003 - English) (Version: - Microsoft)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Sunbird (0.9) (HKLM-x32\...\Mozilla Sunbird (0.9)) (Version: 0.9 (en-US) - Mozilla)
MSDN Library - April 2003 (HKLM-x32\...\{8F729180-4934-49B5-8DAF-9320F5AAEE95}) (Version: 7.40.3085 - Microsoft)
MSDN Library - Visual Studio 6.0 (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
NETGEAR VPN Client Lite (HKLM-x32\...\NETGEAR VPN Client Lite) (Version: - NETGEAR)
NetSetMan Pro 3.7.3 (HKLM-x32\...\NetSetMan_is1) (Version: 3.7.3 - Ilja Herlein)
Nuance OmniPage 18 (HKLM-x32\...\{10FD521E-11D1-4A08-A497-BB49B701C6D8}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{43A4BB54-C319-4207-8948-42E79E66F47F}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM\...\{D117E04F-3FF8-45E2-8C1A-3E173C3111FE}) (Version: 7.30.6212 - Nuance Communications, Inc.)
OneTouch 4 ScanSoft OmniPage 16.2 OCR Module (HKLM-x32\...\{F80376CE-BB27-4757-B2A1-F3873F7FC457}) (Version: 2.0.0 - Visioneer)
OneTouch 4.6 (HKLM-x32\...\{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}) (Version: 4.6.2014.9305 - Visioneer Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
P-215II CaptureOnTouch (HKLM-x32\...\{21FE8257-EF7A-46A9-B4A0-C50E4E55795E}) (Version: 3.0 - Canon Electronics Inc.)
P-215II UserManual (HKLM-x32\...\{AA1A23EF-80B0-4F98-A0A5-603D2441657B}) (Version: 1.05.0000 - Canon Electronics Inc.)
PLI Viewer (HKLM-x32\...\PLI Viewer_is1) (Version: - Henry Rowehl)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6023 - Realtek Semiconductor Corp.)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scansoft PDF Professional (x32 Version: - ) Hidden
Scope (HKLM-x32\...\{F4070264-6752-4B25-82CD-451356E80E3C}) (Version: 5.23.0.0 - )
Scope (x32 Version: 5.23.0.0 - GFM GmbH, Austria) Hidden
Scope (x32 Version: 5.6.3.0 - GFM GmbH, Austria) Hidden
SetIP (HKLM-x32\...\SetIP) (Version: 2.00.00.00 - Xerox Ltd.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
Ulead Photo Express 4.0 SE (HKLM-x32\...\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}) (Version: - )
Ulead VideoStudio 7 SE Basic (HKLM-x32\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
Visioneer Acuity Assets V1 (HKLM-x32\...\{8D4A39B4-5D75-462C-89A2-81C1D887B9B5}) (Version: 5.1.812.11295 - Visioneer)
Visioneer Acuity Assets V1 (HKLM-x32\...\{B18BA00A-8857-4A54-B1CF-82BBB33CBF96}) (Version: 5.1.1114.7042 - Visioneer Inc.)
Visioneer RoadWarrior 3 Driver (HKLM-x32\...\{518D2CF0-1451-4A51-B420-FA9C19ED9599}) (Version: 5.1.13.8153 - Visioneer Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{79966948-BECF-4CB1-A79F-E76C830A17D2}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{7AE43D6C-B3F1-448D-AD84-1CDC7AC6EBC7}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{1891b882-48f7-442d-98d0-c1ce533f25bd}) (Version: 2.4.6.3 - Western Digital Technologies, Inc.)
WIBU-KEY Setup (WIBU-KEY Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 5.20b of 2007-Apr-18 (Setup) - WIBU-SYSTEMS AG)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Xerox WorkCentre 3315 (HKLM-x32\...\Xerox WorkCentre 3315) (Version: - Xerox Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
21-02-2015 18:28:42 Windows Backup
25-02-2015 08:58:09 ComboFix created restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-11-23 09:56 - 2015-02-25 09:10 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01CDA079-E77B-421B-90B9-75C2DAAF2326} - System32\Tasks\{77EC7949-2166-4C99-A482-47664618375C} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {0E57CEDD-C6BA-479E-824F-9D9FB0182642} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {26894EDA-0EB2-4937-B448-CD4DF445DD75} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {28B4D76D-CFC1-4BAF-A663-74CC919672C3} - System32\Tasks\{B43AC92C-8F82-4E72-883E-4A0B25F47BF4} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {3C1EFCB7-E81C-4EAA-95D3-D8A1A6D12A6F} - System32\Tasks\{321E17FF-DD87-4263-80FD-AD992F7D62E1} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {403103E9-5857-43F7-A4A4-C9F3B1691BB6} - System32\Tasks\Dell\PPO SM Manual Update => C:\Program Files\Dell\PPO\DcsuWrap.exe [2014-08-15] (Dell Inc.)
Task: {4B573AF8-25FE-49CC-AD1C-6ABE3F9FB781} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {571D3241-AEDC-4FA5-95E4-FF50179E65E6} - System32\Tasks\NetSetMan => C:\Program Files (x86)\NetSetMan\netsetman.exe [2014-06-03] (Ilja Herlein)
Task: {68D5D6E6-27B2-46DC-A690-A49805D6FCF5} - System32\Tasks\{18C23A6D-5405-41EE-8CBF-019CDF144345} => C:\totalcmd\TOTALCMD.EXE [2012-08-03] (Ghisler Software GmbH)
Task: {6E5BD55F-4A0A-4D72-9B2B-551C35D8517C} - System32\Tasks\{E5774B80-584C-477F-BDD4-089CE253FC27} => pcalua.exe -a C:\Users\Henry\Documents\Downloads\Visioneer\HiddenDevices.exe -d C:\Users\Henry\Documents\Downloads\Visioneer
Task: {7BD388DD-3811-4416-BF3B-F40C41F0A149} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C04DBAF-00AC-4F7E-AA99-AB71337B4664} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {94179557-D46C-4493-A857-704EA6934870} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {A22AFACB-6E1C-43DB-9A40-4BA28C01CBF0} - System32\Tasks\{76300760-610E-4F6A-871B-95BDAA2C3F34} => D:\SETUP.EXE
Task: {A3910C73-9DED-42CC-86EB-38687AD85BC2} - System32\Tasks\{BB86F365-1D4E-482E-AC11-BF302E1FD6F7} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {BFF99A1F-B2E1-4E8B-8889-FB37398862B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C24C108D-795C-499C-B91C-B46713D3ABE2} - System32\Tasks\{F0E1B53D-B723-4DE0-BCFC-7E82834E305A} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {DE7DE3E1-7DDA-42B8-BDED-247F8E2BBEBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {E2244DBB-385A-4C62-B727-9E65B19AEB08} - System32\Tasks\{665DC180-863A-496B-857C-BC8F4F3B89FD} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {EC53F16E-BE76-4247-86BD-646CA3DAB8A5} - System32\Tasks\{62BE403F-5535-4C72-A461-AE9059E0B730} => D:\SETUP.EXE
Task: {F4D39289-4BC2-4A70-8FF9-12990900D3E3} - System32\Tasks\{9CF71E80-E39E-4CEA-9770-D5981D522BF6} => D:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-11 17:59 - 2014-09-11 17:59 - 00303968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2014-11-01 12:58 - 2011-07-28 11:55 - 00034304 _____ () C:\Windows\System32\sxr2mlm.dll
2014-11-01 12:58 - 2012-11-06 06:48 - 01214464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sxr2mdu.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00062816 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00079200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00036192 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00129376 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00666464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00879456 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00707424 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00353632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 01507680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00047968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\FVEProvider.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-26 17:08 - 2014-06-04 15:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2007-07-23 15:05 - 2007-07-23 15:05 - 00066544 _____ () C:\Program Files\Roxio\Drag-to-Disc\DLAAPI_W.DLL
2014-10-26 17:08 - 2014-06-04 15:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-11 17:59 - 2014-09-11 17:59 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-09-11 17:59 - 2014-09-11 17:59 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2015-02-12 18:19 - 2015-02-12 18:19 - 00615112 _____ () C:\Program Files (x86)\Invincea\Enterprise\X64\SqlliteICD.dll
2013-10-15 12:31 - 2013-10-15 12:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-09-29 19:51 - 2014-09-29 19:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2015-02-13 22:00 - 2015-02-13 22:00 - 03853824 _____ () C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
2014-10-26 17:08 - 2014-07-02 21:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2013-03-25 12:42 - 2013-03-25 12:42 - 00021824 _____ () C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\SSLSupport.dll
2014-08-13 08:27 - 2014-08-13 08:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-12-27 12:46 - 2014-12-27 12:46 - 00133120 _____ () C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
2014-04-10 14:30 - 2014-04-10 14:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-29 16:23 - 2014-04-29 16:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-26 17:08 - 2014-07-30 17:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-10-26 17:08 - 2012-11-25 23:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.222.220
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
ACTUser (S-1-5-21-1310488628-551009281-1505269296-1005 - Limited - Enabled)
Administrator (S-1-5-21-1310488628-551009281-1505269296-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1310488628-551009281-1505269296-1003 - Limited - Enabled)
Guest (S-1-5-21-1310488628-551009281-1505269296-501 - Limited - Enabled)
Henry (S-1-5-21-1310488628-551009281-1505269296-1000 - Administrator - Enabled) => C:\Users\Henry
HomeGroupUser$ (S-1-5-21-1310488628-551009281-1505269296-1011 - Limited - Enabled)
SQLDebugger (S-1-5-21-1310488628-551009281-1505269296-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Visioneer RoadWarrior 3
Description: Visioneer RoadWarrior 3
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Visioneer Incorporated
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/26/2015 11:14:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 11:13:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 11:10:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 11:05:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_WbioSrvc, version: 6.1.7600.16385, time stamp: 0x4a5bc3c1
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18409, time stamp: 0x5315a05a
Exception code: 0x80004004
Fault offset: 0x000000000000940d
Faulting process id: 0xaf0
Faulting application start time: 0xsvchost.exe_WbioSrvc0
Faulting application path: svchost.exe_WbioSrvc1
Faulting module path: svchost.exe_WbioSrvc2
Report Id: svchost.exe_WbioSrvc3
Error: (02/26/2015 11:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 11:03:47 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description: ATI EEU Client has failed to start
Error: (02/26/2015 10:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 10:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 10:40:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 09:54:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (02/26/2015 11:09:34 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/26/2015 11:05:12 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/26/2015 11:01:38 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/26/2015 11:00:59 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/26/2015 00:04:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/25/2015 09:41:16 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (02/25/2015 09:34:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (02/25/2015 08:21:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 2 time(s).
Error: (02/25/2015 08:20:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Biometric Service service terminated unexpectedly. It has done this 1 time(s).
Error: (02/25/2015 08:16:46 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
Microsoft Office Sessions:
=========================
Error: (02/26/2015 11:14:51 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 11:13:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 11:10:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 11:05:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_WbioSrvc6.1.7600.163854a5bc3c1KERNELBASE.dll6.1.7601.184095315a05a80004004000000000000940daf001d051ddd0c3f0cfC:\Windows\system32\svchost.exeC:\Windows\system32\KERNELBASE.dll3d6d4846-bdd1-11e4-963c-801934512fa1
Error: (02/26/2015 11:04:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/26/2015 11:03:47 AM) (Source: ATIeRecord) (EventID: 16386) (User: )
Description:
Error: (02/26/2015 10:44:32 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 10:42:18 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 10:40:34 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (02/26/2015 09:54:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
CodeIntegrity Errors:
===================================
Date: 2015-02-25 09:09:19.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-25 09:09:19.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-09 16:43:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:46:22.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:36:23.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:55:27.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:30:57.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:08:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:52:31.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:44:27.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 29%
Total physical RAM: 16289.21 MB
Available physical RAM: 11424.9 MB
Total Pagefile: 32576.6 MB
Available Pagefile: 26680.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:620.82 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
==================== End Of Log ============================
jhrowehl
2015-02-26, 18:43
MBAR just completed with no detections. Gave me a clean bill of health.
jhrowehl
2015-02-26, 21:33
I still have the rogue Iexplore processes coming up...
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
EmptyTemp:
Hosts:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~~``
Please download RogueKiller and save it to your desktop.
You can check here (http://support.microsoft.com/kb/827218) if you're not sure if your computer is 32-bit or 64-bit
Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe) to your desktop.
Quit all running programs.
For Windows XP, double-click to start.
For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
Read and accept the EULA (End User Licene Agreement)
Click Scan to scan the system.
When the scan completes Close the program > Don't Fix anything!
Don't run any other options, they're not all bad!!
Post back the report which should be located on your desktop.
~~~~~~~~~~~~~~~~~~~~~
Emsisoft Anti-Malware
Download and save the Emsisoft Anti-Malware (http://www.emsisoft.com/en/software/antimalware/download/) setup program to your desktop. The download is fairly large, so please be patient while it downloads.
Once the file has been downloaded, close all open programs.
Double-click on the EmsisoftAntiMalwareSetup.exe icon to start the program. If Windows Smart Screen issues an alert, please allow it to run anyway.
If the setup program displays an alert about safe mode, please click on the Yes button to continue. You should now see a dialog asking what language you would like to use. Please select the language you wish to use and press the OK button.
You will eventually get to a screen asking the mode that you wish to use Emsisoft Anti-Malware.
Click on the Freeware mode link:
http://www.bleepstatic.com/swr-guides/tools/emsisoft-anti-malware/install-license-type.jpg
You will now be at a screen asking if you wish to join Emsisoft's Anti-Malware network. Read the descriptions and uncheck the options that you wish to use. When you are ready click on the Next button.
Allow it to update the definitions. Please be patient as it may take a few minutes for the updates to finish downloading.
When the updates are completed, click on the Clean computer now button. Emsisoft Anti-Malware will start to load its scanning engine and then display a screen asking what type of scan you would like to perform.
Please select the Deep Scan option and then click on the Scan button. The Deep Scan option will take the longest time to scan your computer, but will also be the most thorough. As you are here to clean infections, it is worth the wait to make sure your computer is properly scanned. Please don't run any other program while it is scanning.
When the scan has finished, the program will display the scan results that shows what infections where found.
Click on the View Report link, and double click the text file to open it. Please copy and paste the contents of this text file into your next reply (this file can be found at C:\Users\Tim\Documents\Anti-Malware\Reports)
Click on the Quarantine Selected Objects button, which will remove the infections and place them in the program's quarantine. You will now be at the last screen of the Emsisoft Anti-Malware setup program, which you can close. If Emsisoft prompts you to reboot your computer to finish the clean up process, please allow it to do so.
fixlist.txt
RogueKiller log
Emsisoft Anti-Malware
jhrowehl
2015-02-27, 06:54
I followed all the steps in your last post. Only had one glitch... the EMSISoft package was a different version than the one in your post. There was no 'Freeware Mode' selection available. I had to install it, run it, then uninstall it when I was done.
Just as a quick note, the processes terminated by RogueKiller are BOINC (Berkley Open Infrastructure for Network Computing) projects that I contribute computer time to. I've been running BOINC projects for several years on all my computers - they're all known safe.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-26 17:51:00 Run:3
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-02-11 11:05 - 2015-02-11 11:05 - 00004036 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-02-04 09:27 - 2014-12-04 22:10 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
Task: {DC3082F6-F77F-460C-BABB-0256D4299225} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {1B687C82-5794-4AEF-9227-5C5F2A0BDE02} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:151
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:154
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:273
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:276
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3538
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3590
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:3691
AlternateDataStreams: C:\Windows\SysWOW64\MSIHANDLE:95
EmptyTemp:
Hosts:
End
*****************
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
C:\ProgramData\PC-Doctor for Windows => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC3082F6-F77F-460C-BABB-0256D4299225}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC3082F6-F77F-460C-BABB-0256D4299225}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDoctorBackgroundMonitorTask" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1B687C82-5794-4AEF-9227-5C5F2A0BDE02}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1B687C82-5794-4AEF-9227-5C5F2A0BDE02}" => Key deleted successfully.
C:\Windows\System32\Tasks\PCDEventLauncherTask => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PCDEventLauncherTask" => Key deleted successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":151" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":154" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":273" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":276" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3538" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3590" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":3691" ADS removed successfully.
C:\Windows\SysWOW64\MSIHANDLE => ":95" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 113.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:51:06 ====
RogueKiller V10.4.3.0 [Feb 23 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Henry [Administrator]
Mode : Scan -- Date : 02/26/2015 18:08:42
¤¤¤ Processes : 10 ¤¤¤
[Proc.Injected] Emc.Captiva.WebToolkitHost.exe(6448) -- C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe[7] -> Killed [TermProc]
[Suspicious.Path] InvProtectAgent64.exe(9076) -- C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe[7] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9724) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9732) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9748) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9768) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9784) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9804) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9816) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
[Suspicious.Path] sixtrack_win64_4517_sse2.exe(9840) -- C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe[-] -> Killed [TermProc]
¤¤¤ Registry : 12 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST1000LM 014-1EJ164 SCSI Disk Device +++++
--- User ---
[MBR] 582d12e969e35d633f5e753332544e8f
[BSP] 2a123dda8e7c133e1846ed90e48c905d : HP MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK
Emsisoft Anti-Malware - Version 9.0
Last update: 2/26/2015 18:21:41
User account: ELSERVICE13\Henry
Scan settings:
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, Y:\
Detect PUPs: Off
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
Scan start: 2/26/2015 18:23:05
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE detected: Application.AdImage (A)
C:\FRST\Quarantine\C\Program Files (x86)\Mozilla FireFox Update\Bundle.exe.xBAD detected: Adware.Generic.1050251 (B)
C:\FRST\Quarantine\C\ProgramData\Optimizer\program\windows_firefoxupdateam.exe.xBAD -> (Instyler o) -> (Instyler Module 0) detected: Adware.Generic.1050251 (B)
C:\FRST\Quarantine\C\Users\Henry\Documents\AGFM\MemStick\autorun.inf.xBAD detected: Worm.Autorun.VIN (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\Milling\FNF-10\6503\6503Backup_FullVers.arj -> cnc\mmi\VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\Milling\FNF-10\6504\6504Backup_FullVers.arj -> cnc\mmi\VBMMI.EXE detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\ROUTERS\RMT-50\7503\PRENCCS\source\dual\Prenccs.exe detected: Gen:Variant.Symmi.28926 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7701\7701_cnc.ZIP -> WINDOWS/Desktop/cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7701\7701_cnc.ZIP -> WINDOWS/Desktop/cnc/Copy of mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7708\7708_cnc.zip -> cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\CM10\7713\7713cnc.zip -> mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6341\cnc\mmi\VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6341\cnc_6341.zip -> cnc/mmi/VbMmi.exe detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\cnc6385.zip -> Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6385\Split_Gerber\run\WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/CTMP.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/WINCAM.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/POST.EXE detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US-15 US-20\6386\CNC6386.zip -> Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051021.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20051026.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/HELP/Copy of run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/ctmp.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/post.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/sdriver.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.ex detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\US30\6410\6410_cnc_20070503.zip -> CncBackup_6410/Program Files/GFM/cnc/Split_Gerber/run/wincam.exe detected: Gen:Trojan.Heur.GM.0408044100 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\USS40\6401\6401_cnc_20060115.zip -> CncBackup_6401/cnc/mmi/VbMmi.exe 5.20.11 detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\AGFM Machine Files Backup\Machine Files\US Cutting\USS40\6401\6401_cnc_zip -> mmi/VbMmi.exe 5.20.11 detected: Gen:Variant.Symmi.25545 (B)
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7011.apk -> META-INF/CERT.RSA detected: Android.Adware.KyView.A (B)
C:\Users\Henry\Documents\Phone Backups\HTC\rerware\MyBackup\AllAppsBackups\Schedule\Apps\com.luckyxmobile.timers4me_7013.apk -> META-INF/CERT.RSA detected: Android.Adware.KyView.A (B)
Scanned 483360
Found 82
Scan end: 2/26/2015 21:15:05
Scan time: 2:52:00
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} Quarantined Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL Quarantined Application.AdImage (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Quarantined 6
Emisoft has made changes that we were not notified of.
Just as a quick note, the processes terminated by RogueKiller are BOINC (Berkley Open Infrastructure for Network Computing) projects that I contribute computer time to. I've been running BOINC projects for several years on all my computers - they're all known safe.
Yes, it's labeled as PUP, Possible Unwanted Malware.
Below entries are ok IF you set excite as a Home page?
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found
https://herdprotect.com/rei_axcontrol.dll-c3a4e221d513d85510b0e1d9b4d374b1297ff9eb.aspx
The Reimage Protector service is designed to support Reimage, a purported PC optimization tool designed to 'fine-tune' the computer's registry.
Reimage is part of Crossrider group. Registry cleaner of which can cause harm, between 67% to 56% remove it.
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\APPID\REI_AXCONTROL.DLL detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
detected: Application.AdImage (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\REI_AXCONTROL.REIENGINE detected: Application.AdImage (A)
~~
Mostly what was found by the Emisoft scan is on a backups?
And it quarantined 6 objects located in the registry.
~~~~~~~~~~~~~~~~~~~~~~~
What I'm thinking, if this hasn't stopped the extra IE processes, are applications loading at startup connecting to the internet.
Ideally these applications can be turned off and used on demand as needed. We have done enough rootkit scans that I'm sure have you seeing crosseyed now and no signs of any extra malware is showing up.
~~~
Let's see if there are any startup items we can disable to improve performance.
Go here to download HJT
http://www.bleepingcomputer.com/download/hijackthis/
Save HJTsetup.exe to your desktop.
Doubleclick on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Forgot to ask
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" -url "%1")
Boot Mode: Normal
Does the above application startup on every boot, and is it also a security program?
We can try to disable addons on IE
Add-ons - Enable or Disable Add-On Manager
http://www.sevenforums.com/tutorials/86771-internet-explorer-add-ons-enable-disable-add-manager.html
jhrowehl
2015-02-27, 16:04
Below entries are ok IF you set excite as a Home page?
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main | Start Page : www.excite.com -> Found
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][FIREFX:Config] zle9j8xn.default-1419567438668 : user_pref("browser.startup.homepage", "www.excite.com"); -> Found
https://herdprotect.com/rei_axcontrol.dll-c3a4e221d513d85510b0e1d9b4d374b1297ff9eb.aspx
The Reimage Protector service is designed to support Reimage, a purported PC optimization tool designed to 'fine-tune' the computer's registry.
Reimage is part of Crossrider group. Registry cleaner of which can cause harm, between 67% to 56% remove it.
Yes, Excite is my home page. As far as ReImage, I tried to get rid of that a couple of times already, it's not gone yet?
Here's the Hijack log:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:54:00, on 2/27/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17631)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
C:\Program Files (x86)\AVG\AVG2015\avgui.exe
C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\7\enigma_0.76.exe
C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\3\enigma_0.76.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\4\enigma_0.76.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\ProgramData\BOINC\projects\lhcathomeclassic.cern.ch_sixtrack\sixtrack_win64_4517_sse2.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
C:\ProgramData\BOINC\slots\1\enigma_0.76.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Invincea Web Redirector - {1C52FA7C-51B7-4621-9D5A-11101BA13134} - C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
O4 - HKLM\..\Run: [NetSetMan] "C:\Program Files (x86)\NetSetMan\netsetman.exe" -h
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe
O4 - HKLM\..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
O4 - HKLM\..\Run: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [P-215II CaptureOnTouch] "C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe" LOGON
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - Startup: OpenOffice 4.1.1.lnk = C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe
O4 - Global Startup: Network Server.lnk = C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
O8 - Extra context menu item: Open with Nuance PDF Converter 7 - res://C:\Program Files (x86)\Nuance\PDF Professional 7\cnvres_eng.dll /100
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: http://www.samsungsetup.com
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Alps HID Monitor Service (ApHidMonitorService) - Alps Electric Co., Ltd. - C:\Program Files\DellTPad\HidMonitorSvc.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Management Agent Service (DellMgmtAgent) - Dell Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
O23 - Service: Dell Security Framework Loader (DellMgmtLoader) - Unknown owner - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
O23 - Service: DELL Security Framework Local Server (DellMgmtServer) - Dell, Inc. - C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
O23 - Service: @C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe,-200 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EMC Captiva Cloud Service (Emc.Captiva.WebCaptureService) - EMC Corporation - C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Garmin Core Update Service - Garmin Ltd or its subsidiaries - C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel Bluetooth Service (iBtSiva) - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: Invincea Enterprise Service (InvProtectSvc) - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NSM Service (nsmService) - Ilja Herlein - C:\Program Files (x86)\NetSetMan\nsmservice.exe
O23 - Service: O2FLASH - Unknown owner - C:\Windows\system32\DRIVERS\o2flash.exe (file missing)
O23 - Service: OneTouch 4.0 Monitor - Visioneer Inc. - C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
O23 - Service: PDFProFiltSrvPP - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service: Dell PPO Service (poaService) - Dell Inc. - C:\Program Files\Dell\PPO\poaService.exe
O23 - Service: Dell PPO System Maintenance Service (PoaSMSrv) - Dell Inc. - C:\Program Files\Dell\PPO\poaSmSrv.exe
O23 - Service: Dell PPO Track & Analyze Service (poaTaServ) - Dell Inc. - C:\Program Files\Dell\PPO\poaTaServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: RWAR3HV_0002_0 - Visioneer Inc. - C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
O23 - Service: RWAR3Monitor - Visioneer Inc. - C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SboxSvc - Invincea, Inc. - C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TgbIke Starter - TheGreenBow - C:\Windows\SysWOW64\TgbStarter.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
O23 - Service: Windows Virtual Network (WVN3) (WindowsVNT_R3) - MicroStudio - C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
--
End of file - 17040 bytes
jhrowehl
2015-02-27, 17:22
Forgot to ask
Internet Explorer Version 11 (Default browser path: "C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe" -url "%1")
Boot Mode: Normal
Does the above application startup on every boot, and is it also a security program?
That's Dell protected Workspace. As far as I'm aware, it loads on boot.
There is an excessive amount of toolbars, do you want or use all these?
O2 - BHO: Invincea Web Redirector - {1C52FA7C-51B7-4621-9D5A-11101BA13134} - C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
Typically, these entries are infrequently used tasks that can be started manually, if necessary.
Removing/disabling these items from statup will help with system resources.
Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [NetSetMan] "C:\Program Files (x86)\NetSetMan\netsetman.exe" -h
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [AnyDVD] "C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe"
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
Typically, the below entries are infrequently used tasks that can be started manually, if necessary.
O4 - HKLM\..\Run: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe
O4 - HKLM\..\Run: [PDFProHook] C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
Reboot the computer to set the registry.
This might be the last file associated with Reimage
C:\Windows\Reimage.ini
After you reboot the computer tell me what issues remain.
jhrowehl
2015-02-28, 04:13
There is an excessive amount of toolbars, do you want or use all these?
O2 - BHO: Invincea Web Redirector - {1C52FA7C-51B7-4621-9D5A-11101BA13134} - C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll
I didn't even know I had those toolbars. They're gone now. I did keep NetSetMan and Slysoft, both are licensed packages that I've used for a long time on severral computers.
But, I still have my rogue Iexplore processes...
from the photo
www.rtl.be/belrtl/
Bel RTL Radio?, for your your iPhone?
as an experiment, Disconnect Bluetooth devices
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
I don't know why you have more then one IE process running but, it's not pointing to malware.
jhrowehl
2015-02-28, 05:43
from the photo
www.rtl.be/belrtl/
Bel RTL Radio?, for your your iPhone?
as an experiment, Disconnect Bluetooth devices
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
I don't know why you have more then one IE process running but, it's not pointing to malware.
My phone is Android. My son and grand daughters have Iphones, but they don't use any of my computers. The way these processes run, after they get started (usually within a minute or two of starting a web browser) the web address changes about once every 2 seconds. After a while, they settle on one address and stay there. After I kill the processes, it takes between 15 minutes and 3 hours, and they're back.
The bluetooth is 'out of the box', I never set up bluetooth after getting the laptop. Do I need to disable the connection, or kill the processes in task manager?
jhrowehl
2015-02-28, 19:30
The way these processes run, after they get started (usually within a minute or two of starting a web browser) the web address changes about once every 2 seconds. After a while, they settle on one address and stay there. After I kill the processes, it takes between 15 minutes and 3 hours, and they're back.
The attached files are a sample of how these processes work. This forum had a database connection problem earlier, which gave me a good opportunity to catch a couple of screen captures. I couldn't catch each one because they were happening too quickly. But the screen captures, starting with 04, show how this progresses. I can only attach 5 per post, so I will continue with the next message.
jhrowehl
2015-02-28, 19:36
I can only attach 5 per post, so I will continue with the next message.
Notice with this set of captures, I end up with 3 pages open, and 4 processes running. It started with 1 page and 3 processes, then went to 2 pages and 3 processes, and now I have 3 pages and 4 processes.
it's like cookies running after you close a page?
Clear Browser Cache in IE11
Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg, and then select theGeneral tab, then select Browsing history select the Delete button.
Select the check box next to each of the following categories.
Temporary Internet files and website files
Cookies and website data
History
Click Delete
~~~~~
Add-ons - Enable or Disable Add-On Manager
http://www.sevenforums.com/tutorials/86771-internet-explorer-add-ons-enable-disable-add-manager.html
See if a browser add-on is preventing the additional IE processes from closing.
Start Internet Explorer without add-ons by right-clicking the IE icon on the desktop. Choose Start without add-ons.
or
from Start> Programs> Accessories> System tools> Internet Explorer (no add-ons)
If the problem goes away, an add-on is causing it.
Since version 8, Internet Explorer uses a tab-per-process model. That means there is a "iexplore.exe" for the user interface, then each tab you have open is another "iexplore.exe" This is done for security reasons and increases stability of the browser.
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/why-are-there-multiple-iexploreexe-in-task-manager/a1bea766-a499-4ba5-b485-e0277ec4b08b
~~~~~
Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.
Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif
NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg
Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif
Click on box next to the Restart System when Finished. Then click on Start.
jhrowehl
2015-03-01, 01:00
it's like cookies running after you close a page?
I don't think so... all I need to do is open Firefox and wait. IExplore magically appears in the process list. Internet Explorer is *not* running, but task manager says it is. It's not available on the task bar, and I can't Alt-Tab to it. It's not running, it isn't there. That's how I found this rogue process - I don't use Internet Explorer. For anything. Ever. Period. If I could uninstall it, I would, but Redmond Washington has different ideas about that.
When these rogue processes are running, I can open Internet Explorer, and I see the page that I'm navigating to in the task list along with the rogue processes. I can close the instance of Internet Explorer that I opened, and the processes associated with it drop out of the task list. But the rogue processes continue.
Think of it as a case of identity theft. This process has stolen Internet Explorer's credentials, and is presenting them to Task Manager.
Let's see if we can remove IE plugin in Firefox and see if it makes a differnece. If it's there.
http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Disable FireFox plug-in
At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on Internet Explorer
Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.
IE is an integral part of Windows (used by Core Windows services such as Windows Update). If the machine appears clean, it's unlikely caused by malware.
I would like to Check MD5's of each copy of Explorer.exe
http://windows.microsoft.com/en-us/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7
Boot your computer into safe mode insructions if needed.
Open FRST
Click Search button and post the log (Search.txt) it makes to your reply.
Please copy and paste this in the search box
iexplorer.exe
After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Search.txt). Please post it to your reply.
http://i.imgur.com/9NsNSHq.png Process Explorer
Please download Process Explorer (http://download.sysinternals.com/files/ProcessExplorer.zip) and save the file to your Desktop.
Right-Click ProcessExplorer.zip and click Extract All. Click Extract.
Open the ProcessExplorer folder on your Desktop, right-click procexp.exe and click http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme
Click http://i.imgur.com/vnQ07at.png View DLLs.
If any of the following processes are highlighted in blue, click the process.
Click File, Save As, and save the file in the same folder. Do so for each highlighted process.
Internet Explorer
Attach the file(s) in your next reply.
jhrowehl
2015-03-01, 05:29
Let's see if we can remove IE plugin in Firefox and see if it makes a differnece. If it's there.
There was no IE plugin. I'll have to run Process Explorer tomorrow. Here's the results of the search:
Farbar Recovery Scan Tool (x64) Version: 25-02-2015 01
Ran by Henry at 2015-02-28 20:22:28
Running from C:\Users\Henry\Desktop
Boot Mode: Safe Mode (minimal)
================== Search Files: "iexplore.exe" =============
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
[2010-11-20 22:25][2010-11-20 22:25] 0673040 ____A (Microsoft Corporation) C613E69C3B191BB02C7A191741A1D024 [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_854dedf9f74389b0\iexplore.exe
[2015-02-10 16:42][2015-01-14 00:09] 0815288 ____A (Microsoft Corporation) 363BC25BACB34E9D40441968B1B3D5BE [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17501_none_8555ea97f73dee78\iexplore.exe
[2014-12-09 18:23][2014-11-26 20:10] 0815280 ____A (Microsoft Corporation) A24BFBAE8B50A6780B68FF3673FAB52F [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17420_none_8562d1dff733eb94\iexplore.exe
[2014-11-11 19:51][2014-11-07 14:23] 0815280 ____A (Microsoft Corporation) 591C6FD1541BAFAEEE82B1F5831C8532 [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17358_none_856fec69f729e8b0\iexplore.exe
[2014-11-01 10:56][2014-10-06 21:04] 0812736 ____A (Microsoft Corporation) F9F310F9FB7F294F00ABDD03453D8CEE [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_8578a4f9f723b3b2\iexplore.exe
[2014-11-01 10:55][2014-07-31 18:16] 0812224 ____A (Microsoft Corporation) CDF01A5C7927786A708EAEE91F14797B [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_8575d1abf726346b\iexplore.exe
[2014-10-26 18:27][2014-10-26 18:27] 0812216 ____A (Microsoft Corporation) CD900EFB4F8946A2BB1950D9F45915C2 [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[2014-10-26 18:27][2014-10-26 18:27] 0811728 ____A (Microsoft Corporation) 0667ED9F8E905E1F73DB60ACCEDCBCA7 [File is signed]
C:\Windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[2014-10-26 18:17][2014-10-26 18:17] 0806096 ____A (Microsoft Corporation) C8A8321292A459B0A17FB39A782A5C74 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1196a9003b674a92\iexplore.exe
[2010-11-20 22:24][2010-11-20 22:24] 0695056 ____A (Microsoft Corporation) 86257731DDB311FBC283534CC0091634 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17633_none_7af943a7c2e2c7b5\iexplore.exe
[2015-02-10 16:42][2015-01-14 00:47] 0813744 ____A (Microsoft Corporation) 2D4AB594AABBEBA938F36BA1BC71C3F6 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17501_none_7b014045c2dd2c7d\iexplore.exe
[2014-12-09 18:23][2014-11-26 20:43] 0813744 ____A (Microsoft Corporation) 2A9DA9E7462EBA3F6D2036E8D18FF773 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17420_none_7b0e278dc2d32999\iexplore.exe
[2014-11-11 19:51][2014-11-07 14:49] 0813744 ____A (Microsoft Corporation) F00FC8AF1B04C4611F92BC3DA01A2F49 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17358_none_7b1b4217c2c926b5\iexplore.exe
[2014-11-01 10:56][2014-10-06 21:54] 0810680 ____A (Microsoft Corporation) 6B9FDB34A5A490FF6A7EDE280062626A [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_7b23faa7c2c2f1b7\iexplore.exe
[2014-11-01 10:55][2014-07-31 18:41] 0810176 ____A (Microsoft Corporation) 31A7689F580F37B52F65B9653F8916D4 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_7b212759c2c57270\iexplore.exe
[2014-10-26 18:27][2014-10-26 18:27] 0810160 ____A (Microsoft Corporation) 24868C9D422EDB5B249C0C81B01A0C19 [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_7b3b5109c2b10624\iexplore.exe
[2014-10-26 18:27][2014-10-26 18:27] 0809680 ____A (Microsoft Corporation) EA8386CA87165460D39A1D29FF11080B [File is signed]
C:\Windows\winsxs\amd64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_7b0d6f67c2d3f97a\iexplore.exe
[2014-10-26 18:17][2014-10-26 18:17] 0804560 ____A (Microsoft Corporation) 0685765C0CBE095BA0C6C8790BAE21EF [File is signed]
C:\Windows\erdnt\cache86\iexplore.exe
[2015-02-25 09:11][2015-01-14 00:09] 0815288 ____A (Microsoft Corporation) 363BC25BACB34E9D40441968B1B3D5BE [File is signed]
C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\iexplore.exe
[2015-01-03 09:26][2014-11-21 06:12] 0761656 ____A (MalwareBytes) 625BB08813743947985B0DEEFC35ED12 [File is signed]
C:\Program Files (x86)\Internet Explorer\iexplore.exe
[2015-02-10 16:42][2015-01-14 00:09] 0815288 ____A (Microsoft Corporation) 363BC25BACB34E9D40441968B1B3D5BE [File is signed]
C:\Program Files\Internet Explorer\iexplore.exe
[2015-02-10 16:42][2015-01-14 00:47] 0813744 ____A (Microsoft Corporation) 2D4AB594AABBEBA938F36BA1BC71C3F6 [File is signed]
====== End Of Search ======
ok
so far these are clean :)
jhrowehl
2015-03-01, 22:54
http://i.imgur.com/9NsNSHq.png Process Explorer
Please download Process Explorer (http://download.sysinternals.com/files/ProcessExplorer.zip) and save the file to your Desktop.
Right-Click ProcessExplorer.zip and click Extract All. Click Extract.
Open the ProcessExplorer folder on your Desktop, right-click procexp.exe and click http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme
Click http://i.imgur.com/vnQ07at.png View DLLs.
If any of the following processes are highlighted in blue, click the process.
Click File, Save As, and save the file in the same folder. Do so for each highlighted process.
Internet Explorer
Attach the file(s) in your next reply.
I didn't have a 'view DLL's' option... but there was an option to show a lower pane. I used that. There were 3 instances of Iexplore running. 1 appeared to be a subprocess of Firefox (that's the '1a.txt' file). 1 appeared to be a main Internet Explorer process (.2a,txt' file) and 1 appeared to be a subprocess of Internet Explorer ('3a.txt' file).
It's all legit.
I had another colleague step in and look over logs and the same remarks are as mine, the machine appears clean, it's unlikely caused by malware.
I cannot explain why all the IE processes are loading now that don't or didn't used to.
Use the computer for a while and let's see if any alerts or error messages come up.
Let's remove tools and quarantine folders.
http://i.imgur.com/AFZxnZc.jpg DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Reset system settings
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
jhrowehl
2015-03-03, 00:34
It's all legit.
I had another colleague step in and look over logs and the same remarks are as mine, the machine appears clean, it's unlikely caused by malware.
I cannot explain why all the IE processes are loading now that don't or didn't used to.
Use the computer for a while and let's see if any alerts or error messages come up.
I don't have any alerts or error messages, but I still have the rogue processes coming up occasionally. I was checking a few other forums, and I found one that described almost exactly what's happening here. The only differences are that I don't have the volume turned on, so I don't know if any audio is being downloaded, and I don't know if Google searches are redirecting, because Firefox now uses Yahoo. Here's the link to the forum message I'm referring to:
http://www.techspot.com/community/topics/a-rogue-iexplorer-exe-in-task-manager-unable-to-remove.174094/
I know the tech that helped in that topic. His name is Broni, very dedicated hard working guy. Has helped many people.
One thing I picked up on is this topic was started Dec 1, 2011.
This User was alerted to Service (*** hidden *** ) [DISABLED] USBSTOR <-- ROOTKIT !!!
of which you didn't have but rather your machine had malware.
The only tool listed in that topic we haven't used is GMER. There were other rootkit scan ran but nothing was identified.
http://i.imgur.com/cT9dbF4.png GMER
Please download GMER (http://www.bleepingcomputer.com/download/gmer/dl/2/) and save the file to your Desktop.
Right-Click the randomly named GMER file and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Note: If asked to allow gmer.sys driver to load, please consent.
Important: If you receive a warning regarding Rootkit Activity, click NO.
You will see the following window (click the image to enlarge):
http://www.geekstogo.com/misc/guide_icons/GMER_thumb.jpg (http://www.geekstogo.com/misc/guide_icons/GMER_instructions.jpg[/img)
Referring to the image above, please ensure the following boxes are unchecked.
IAT/EAT
Drives/Partitions other than Systemdrive (typically C:\)
Show All (Important!)
Click Scan.
Upon completion, click [Save ...], and name the file, Gmer.txt.
Save the file (GMER.txt) to a convenient location (eg. Desktop). Copy the contents of the log and paste in your next reply.
Important Note: Rootkit scans often produce false-positives. Do NOT take any action on, "<--- ROOTKIT" entries.
------------------------------------
If you would like to change Firefox search engine to Google, please read the below link.
https://support.google.com/websearch/answer/464?hl=en
Also, please don't run the FixTDSS.exe from Symantec/Norton. A very many machines became unbootable after running that tool.
jhrowehl
2015-03-03, 06:13
I ran GMER, but I can't get the log file to you. The file is over 44K in length, which exceeds the 20,000 character length for the message. The upload manager is taking forever to upload it, like more than 10 minutes so far. I'll have to split it tomorrow and post it in several messages.
jhrowehl
2015-03-04, 02:08
Here's the first group of files. There are a total of 19.
jhrowehl
2015-03-04, 02:10
Second group...
jhrowehl
2015-03-04, 02:11
Third group...
jhrowehl
2015-03-04, 02:12
Fourth group...
The only thng that was found as suspicious was RWAR3Monitor.exe (RoadWarrior 3 Monitor This file is not digitally signed.) and that was because it has an unsigned driver.
Rootkit scans we have run have not found anything.
Please download MBRCheck.exe (download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) to your Desktop. Run the application.
If no infection is found, it will produce a report on the desktop. Post that report in your next reply.
If an infection is found, you will be presented with the following dialog:
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Type N and press Enter. A report will be produced on the desktop. Post that report in your next reply.
jhrowehl
2015-03-04, 04:31
Here's the MBRCheck log:
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows 7 Professional
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Precision M2800
Logical Drives Mask: 0x0100000c
Kernel Drivers (total 210):
0x03256000 \SystemRoot\system32\ntoskrnl.exe
0x0320D000 \SystemRoot\system32\hal.dll
0x00B97000 \SystemRoot\system32\kdcom.dll
0x00C6D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CBC000 \SystemRoot\system32\PSHED.dll
0x00CD0000 \SystemRoot\system32\CLFS.SYS
0x00D2E000 \SystemRoot\system32\CI.dll
0x00E51000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F13000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F23000 \SystemRoot\system32\drivers\ACPI.sys
0x00F7A000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F83000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F8D000 \SystemRoot\system32\drivers\pci.sys
0x00FC0000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FCD000 \SystemRoot\system32\DRIVERS\iusb3hcs.sys
0x00FD7000 \SystemRoot\System32\drivers\partmgr.sys
0x00FEC000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00E00000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00E0C000 \SystemRoot\system32\drivers\volmgr.sys
0x00C00000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E21000 \SystemRoot\System32\drivers\mountmgr.sys
0x0100A000 \SystemRoot\system32\drivers\iaStorA.sys
0x012D3000 \SystemRoot\system32\drivers\storport.sys
0x01337000 \SystemRoot\system32\drivers\amdxata.sys
0x01342000 \SystemRoot\system32\drivers\fltmgr.sys
0x0138E000 \SystemRoot\system32\drivers\fileinfo.sys
0x013A2000 \SystemRoot\System32\Drivers\DLACDBHE.SYS
0x013A5000 \SystemRoot\System32\Drivers\DRVECDB.SYS
0x013C2000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x0144B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x016AD000 \SystemRoot\System32\Drivers\msrpc.sys
0x0170B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01726000 \SystemRoot\System32\Drivers\cng.sys
0x01798000 \SystemRoot\System32\drivers\pcw.sys
0x017A9000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x0188D000 \SystemRoot\system32\drivers\ndis.sys
0x0197F000 \SystemRoot\system32\drivers\NETIO.SYS
0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01A01000 \SystemRoot\System32\drivers\tcpip.sys
0x0182C000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x017B3000 \SystemRoot\system32\drivers\volsnap.sys
0x01875000 \SystemRoot\system32\DRIVERS\stdcfltn.sys
0x0187E000 \SystemRoot\System32\Drivers\spldr.sys
0x01600000 \SystemRoot\System32\drivers\rdyboost.sys
0x019DF000 \SystemRoot\system32\DRIVERS\SEDFilter.sys
0x0163A000 \SystemRoot\System32\Drivers\mup.sys
0x019F5000 \SystemRoot\system32\drivers\iaStorF.sys
0x0164C000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01655000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0168F000 \SystemRoot\system32\drivers\disk.sys
0x01400000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01430000 \SystemRoot\system32\DRIVERS\CredFltL.sys
0x0143C000 \SystemRoot\system32\DRIVERS\avgrkx64.sys
0x01C39000 \SystemRoot\system32\DRIVERS\avgloga.sys
0x01C88000 \SystemRoot\system32\DRIVERS\avgmfx64.sys
0x01CAA000 \SystemRoot\system32\DRIVERS\avgidsha.sys
0x01CDE000 \SystemRoot\system32\DRIVERS\amdkmpfd.sys
0x04754000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0477E000 \SystemRoot\System32\Drivers\Null.SYS
0x04787000 \SystemRoot\System32\Drivers\Beep.SYS
0x0478E000 \SystemRoot\System32\Drivers\DLARTL_E.SYS
0x04797000 \SystemRoot\System32\drivers\vga.sys
0x047A5000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x047CA000 \SystemRoot\System32\drivers\watchdog.sys
0x047DA000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x047E3000 \SystemRoot\system32\drivers\rdpencdd.sys
0x047EC000 \SystemRoot\system32\drivers\rdprefmp.sys
0x047F5000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04400000 \SystemRoot\System32\Drivers\Npfs.SYS
0x04411000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04433000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x01D03000 \SystemRoot\system32\DRIVERS\avgtdia.sys
0x01D49000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04828000 \SystemRoot\system32\drivers\afd.sys
0x048B1000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x048BC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x048C5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x048EB000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x04901000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04910000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0492B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0493F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04990000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0499C000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x049A7000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0x049B3000 \SystemRoot\System32\drivers\discache.sys
0x04C4B000 \SystemRoot\system32\drivers\csc.sys
0x04CCE000 \SystemRoot\System32\Drivers\dfsc.sys
0x04CEC000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04CFD000 \SystemRoot\system32\DRIVERS\avgldx64.sys
0x04D3D000 \SystemRoot\system32\DRIVERS\avgidsdrivera.sys
0x04D84000 \SystemRoot\system32\DRIVERS\avgdiska.sys
0x04DAD000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x04EED000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0508C000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x05181000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0F444000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x05400000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
0x057B8000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04E00000 \SystemRoot\system32\DRIVERS\iusb3xhc.sys
0x057DC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x057DE000 \SystemRoot\system32\DRIVERS\TeeDriverx64.sys
0x05000000 \SystemRoot\system32\DRIVERS\e1d62x64.sys
0x101E7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04F8D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05DC0000 \SystemRoot\system32\DRIVERS\O2FJ2w7x64.sys
0x05A00000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x05A2F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x0F400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x05E9A000 \SystemRoot\system32\DRIVERS\Apfiltr.sys
0x05F2A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x05F39000 \SystemRoot\system32\DRIVERS\parport.sys
0x05F56000 \SystemRoot\System32\Drivers\AnyDVD.sys
0x05F81000 \SystemRoot\system32\DRIVERS\ST_Accel.sys
0x05F97000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x05FAD000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x05FB6000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x05FBB000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x05E00000 \SystemRoot\system32\DRIVERS\usb3Hub.sys
0x05E37000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x05E4D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x05E71000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05FCB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05E7D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0F40F000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x051C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x05DF2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x05E98000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04C00000 \SystemRoot\system32\DRIVERS\ks.sys
0x0F430000 \SystemRoot\system32\drivers\POADrvr.sys
0x051E1000 \SystemRoot\system32\drivers\DellProf.sys
0x0F43A000 \SystemRoot\system32\drivers\DDDriver64Dcsa.sys
0x051EC000 \SystemRoot\system32\DRIVERS\iwdbus.sys
0x0507A000 \SystemRoot\system32\DRIVERS\TGBMPEnum.sys
0x04FE4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x01D8E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04EC5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x07957000 \SystemRoot\system32\DRIVERS\portcls.sys
0x07994000 \SystemRoot\system32\DRIVERS\drmk.sys
0x079B6000 \SystemRoot\system32\drivers\ksthunk.sys
0x07800000 \SystemRoot\system32\DRIVERS\iusb3hub.sys
0x07AFF000 \SystemRoot\system32\drivers\RTDVHD64.sys
0x07D32000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x07D4F000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x07D5D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x07D76000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x07D7F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x07D8D000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x07D9A000 \SystemRoot\System32\Drivers\usbvideo.sys
0x07DC8000 \SystemRoot\system32\DRIVERS\ibtusb.sys
0x07E49000 \SystemRoot\system32\DRIVERS\btmhsf.sys
0x07FA9000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x07A00000 \SystemRoot\System32\Drivers\bthport.sys
0x07FC1000 \SystemRoot\System32\Drivers\cvusbdrv.sys
0x07FD2000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x07E00000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x07E10000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x07A8C000 \SystemRoot\system32\DRIVERS\btmaux.sys
0x07E30000 \SystemRoot\System32\Drivers\crashdmp.sys
0x07E3E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x04440000 \SystemRoot\System32\Drivers\dump_iaStorA.sys
0x07AB3000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00040000 \SystemRoot\System32\win32k.sys
0x07AC6000 \SystemRoot\System32\drivers\Dxapi.sys
0x07AD2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00500000 \SystemRoot\System32\TSDDD.dll
0x00710000 \SystemRoot\System32\cdd.dll
0x0785F000 \SystemRoot\system32\drivers\luafv.sys
0x07AE0000 \SystemRoot\System32\Drivers\DRVEDDM.SYS
0x07E48000 \SystemRoot\System32\Drivers\DLADResE.SYS
0x07882000 \SystemRoot\System32\Drivers\DLAIFS_E.SYS
0x07AEE000 \SystemRoot\System32\Drivers\DLAOPIOE.SYS
0x07AF5000 \SystemRoot\System32\Drivers\DLAPoolE.SYS
0x078A5000 \SystemRoot\system32\drivers\WudfPf.sys
0x078BE000 \SystemRoot\System32\Drivers\DLABMFSE.SYS
0x078C8000 \SystemRoot\System32\Drivers\DLABOIOE.SYS
0x079BC000 \SystemRoot\System32\Drivers\DLAUDFAE.SYS
0x079DC000 \SystemRoot\System32\Drivers\DLAUDF_E.SYS
0x049C2000 \??\C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys
0x078D1000 \SystemRoot\system32\DRIVERS\WinUSB.sys
0x04709000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x04EDA000 \SystemRoot\System32\DRIVERS\scfilter.sys
0x04FF6000 \SystemRoot\System32\Drivers\wbfcvusbdrv.sys
0x04DD3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x04A01000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x04A54000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x04A67000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x04A7F000 \SystemRoot\system32\drivers\HTTP.sys
0x04B48000 \SystemRoot\system32\DRIVERS\bowser.sys
0x04B66000 \SystemRoot\System32\drivers\mpsdrv.sys
0x04B7E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04BAB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x04800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0989F000 \SystemRoot\system32\drivers\peauth.sys
0x09945000 \SystemRoot\System32\Drivers\secdrv.SYS
0x09950000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x09981000 \??\C:\Windows\system32\Drivers\SSPORT.sys
0x09989000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0999B000 \SystemRoot\SYSTEM32\DRIVERS\WibuKey64.sys
0x078EC000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0A883000 \SystemRoot\System32\DRIVERS\srv.sys
0x0A91B000 \??\C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys
0x0A92B000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0B00A000 \SystemRoot\system32\drivers\mrxdav.sys
0x0B033000 \SystemRoot\system32\DRIVERS\Netwsw02.sys
0x0B392000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0B39F000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x770F0000 \Windows\System32\ntdll.dll
0x47C70000 \Windows\System32\smss.exe
0xFF410000 \Windows\System32\apisetschema.dll
Processes (total 182):
0 System Idle Process
4 System
380 C:\Windows\System32\smss.exe
516 C:\PROGRA~2\AVG\AVG2015\avgrsa.exe
588 C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
620 csrss.exe
1088 C:\Windows\System32\wininit.exe
1124 csrss.exe
1160 C:\Windows\System32\services.exe
1168 C:\Windows\System32\lsass.exe
1176 C:\Windows\System32\lsm.exe
1260 C:\Windows\System32\winlogon.exe
1320 C:\Windows\System32\svchost.exe
1428 C:\Windows\System32\svchost.exe
1500 C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
1556 C:\Windows\System32\atiesrxx.exe
1596 C:\Windows\System32\svchost.exe
1636 C:\Windows\System32\svchost.exe
1676 C:\Windows\System32\svchost.exe
1708 C:\Windows\System32\svchost.exe
1768 DpCardEngine.exe
1868 C:\Windows\System32\svchost.exe
1988 C:\Windows\System32\igfxCUIService.exe
2036 C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
1704 C:\Windows\System32\atieclxx.exe
2088 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2148 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2160 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2216 WUDFHost.exe
2372 WUDFHost.exe
2496 C:\Windows\System32\svchost.exe
2728 C:\Windows\System32\spoolsv.exe
2772 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
2804 C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
2896 C:\Windows\System32\svchost.exe
2996 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
3024 C:\Program Files\DellTPad\HidMonitorSvc.exe
3044 C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
3068 C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
2260 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
2452 C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
3152 C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
3316 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3432 C:\Windows\System32\svchost.exe
3516 C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
3716 C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
3732 C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
3708 C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
3172 C:\Windows\System32\IPROSetMonitor.exe
2316 C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
3988 C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
2364 C:\Program Files (x86)\NetSetMan\nsmservice.exe
2356 C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
4104 C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
4140 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
4188 C:\Program Files\Dell\PPO\poaService.exe
4216 C:\Program Files\Dell\PPO\poaSmSrv.exe
4248 C:\Program Files\Dell\PPO\poaTaServ.exe
4272 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
4296 C:\Program Files\Visioneer\RWAR3\RWAR3HV_0002_0.EXE
4348 C:\Program Files\Visioneer\RWAR3\RWAR3Monitor.exe
4404 C:\Windows\System32\svchost.exe
4460 C:\Windows\SysWOW64\TgbStarter.exe
4508 C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
4564 C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
4660 C:\Windows\System32\SearchIndexer.exe
4768 unsecapp.exe
4808 C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
4816 WmiPrvSE.exe
4852 unsecapp.exe
5000 C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
5048 C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
5124 WmiPrvSE.exe
5296 C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
5444 C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
6000 C:\Windows\System32\svchost.exe
6632 C:\Windows\System32\taskhost.exe
6640 C:\Program Files\DellTPad\Apoint.exe
6776 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
6816 C:\Windows\System32\dwm.exe
6932 C:\Windows\explorer.exe
7028 C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
4936 C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
6216 C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
4740 C:\Windows\System32\igfxHK.exe
6444 C:\Windows\System32\igfxTray.exe
6460 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
6492 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
6408 C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
6524 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
6352 C:\Program Files\Dell\PPO\DellPoaEvents.exe
6684 C:\Windows\System32\rundll32.exe
7132 C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
6112 C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
6184 C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
6656 C:\Windows\System32\rundll32.exe
6356 C:\Program Files\BOINC\boinctray.exe
7188 C:\Program Files\BOINC\boincmgr.exe
7252 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
7316 C:\Program Files\Windows Sidebar\sidebar.exe
7456 C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
7476 C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
7512 C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
7544 C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
7660 C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
7704 C:\Windows\System32\igfxEM.exe
7756 C:\Program Files\DellTPad\ApMsgFwd.exe
7860 C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
7936 C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
8020 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
8140 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
7184 C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
7304 C:\Program Files (x86)\AVG\AVG2015\avgui.exe
7328 C:\Program Files\DellTPad\hidfind.exe
7344 C:\Program Files\DellTPad\ApntEx.exe
7392 C:\Windows\System32\conhost.exe
7496 C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
3240 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
7748 C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
7592 C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
7812 C:\Windows\System32\wbem\unsecapp.exe
7784 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
7712 C:\Program Files (x86)\NetSetMan\netsetman.exe
7600 C:\Windows\SysWOW64\ctfmon.exe
8572 C:\Program Files\BOINC\boinc.exe
8584 C:\Windows\System32\conhost.exe
8928 C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
8940 C:\Windows\System32\conhost.exe
9016 C:\Program Files\Windows Media Player\wmpnetwk.exe
9212 C:\Windows\System32\svchost.exe
9700 C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
9748 C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
9848 C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
10164 C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
236 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
10532 C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
10648 C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
10900 C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
10980 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
11136 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
4728 C:\Windows\System32\drivers\o2flash.exe
8060 C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
9000 C:\Windows\System32\wuauclt.exe
6376 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
6380 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
9380 C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
7776 C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
6472 WmiPrvSE.exe
6252 C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
5256 C:\Windows\System32\conhost.exe
10896 C:\Windows\System32\taskmgr.exe
9880 C:\Windows\System32\wlanext.exe
10288 C:\Windows\System32\conhost.exe
19260 C:\Windows\splwow64.exe
19672 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
18964 C:\Windows\System32\audiodg.exe
20284 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
20472 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
20744 C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
27832 C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
27072 C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
28096 C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
28608 C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
26816 C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_separation__modified_fit_1.36_windows_x86_64.exe
28020 C:\ProgramData\BOINC\projects\asteroidsathome.net_boinc\period_search_10210_windows_x86_64__sse2.exe
27744 C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
28260 C:\ProgramData\BOINC\projects\www.enigmaathome.net\wrapper_5.32_windows_intelx86.exe
28512 C:\Windows\System32\conhost.exe
23464 C:\ProgramData\BOINC\slots\7\enigma_0.76.exe
28540 C:\ProgramData\BOINC\slots\0\enigma_0.76.exe
27140 C:\Windows\System32\conhost.exe
27008 C:\Windows\System32\conhost.exe
26752 C:\ProgramData\BOINC\slots\2\enigma_0.76.exe
27788 C:\ProgramData\BOINC\slots\8\enigma_0.76.exe
28328 C:\Windows\System32\conhost.exe
28312 C:\Windows\System32\conhost.exe
28032 C:\totalcmd\TOTALCMD.EXE
29676 dllhost.exe
29048 dllhost.exe
29384 C:\Users\Henry\Desktop\MBRCheck.exe
25104 C:\Windows\System32\conhost.exe
27508 C:\Windows\System32\dllhost.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`f1600000 (NTFS)
\\.\Y: --> \\.\PhysicalDrive0 at offset 0x00000000`02800000 (NTFS)
PhysicalDrive0 Model Number: ST1000LM014-1EJ164, Rev: DEMA
Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979
Done!
The only thing that looked suspicious to me was
https://www.virustotal.com/en/file/b32f2a60068842d375ffe09770ee7e45da57e15d81fbc5932f4b11c5bb951d05/analysis/
enigma_5.32_windows_intelx86.exe This file is not digitally signed. No suspicious behavior reported so far.
Bkav HW32.Laneul.kwqw <--detected by an unknown antivirus
that all looks fine with a non infected MBR now. If something had been found we would see
Unknown MBR code or MBR Code Faked!
We have run other rootkit and trojan scans that are clear.
I think we'll have to wait this one out for a while and see if anything should pop up or start showing alerts cause, I can't find anything.
jhrowehl
2015-03-06, 03:23
The only thing that looked suspicious to me was
https://www.virustotal.com/en/file/b32f2a60068842d375ffe09770ee7e45da57e15d81fbc5932f4b11c5bb951d05/analysis/
enigma_5.32_windows_intelx86.exe This file is not digitally signed. No suspicious behavior reported so far.
Bkav HW32.Laneul.kwqw <--detected by an unknown antivirus
that all looks fine with a non infected MBR now. If something had been found we would see
Unknown MBR code or MBR Code Faked!
We have run other rootkit and trojan scans that are clear.
I think we'll have to wait this one out for a while and see if anything should pop up or start showing alerts cause, I can't find anything.
The Enigma_5.32 file is known safe, I have it running on several computers. It's part of the BOINC (Berkley Open Infrastructure for Network Computing) science projects. This particular one is crunching one of the last 3 unbroken German Enigma code messages from World War II.
And I'm almost thinking that I might have seen something useful, I just need to verify if I'm correct. I upgraded an installed program, and in the process it's upgrade link (Known safe website) opened my 'default' browser, Internet Explorer. Keep in mind that for the past 4 months, I've set Firefox as my default browser about 200 or 300 times, each time I boot my laptop and open Firefox. And, I have told Internet Explorer *not* to set as default, probably 10 to 150 times so far.
Anyway, while performing the upgrade, with IE open for about 30 minutes, I had no rogue processes. However, when I opened Firefox to check my email, I had the rogue processes within just a couple of minutes. So... did I actually see something, or did I mis-interpret what I was seeing?
I also need to figure out the differences between my choices of Internet Explorer. I have 3 options available; 1- the standard Internet Explorer, 2- Internet Explorer (No Add-ons) [yes, that's the selection under All Programs, Accessories, System Tools], and 3- Dell Protected Workspace, which uses Internet Explorer. I'm almost thinking that the IE session that was opened was under Dell Protected Workspace, because, if I remember correctly, the window had a green border. The green border is the Dell PWS visual indicator.
I'll have to experiment for a bit, and hopefully I can come up with something that might help explain what's going on.
Also, just for grins and giggles, I was thinking about making a list of all Iexplore.exe files on my system, with file size and file date, and checking to see if any of them match known file forgeries.
jhrowehl
2015-03-06, 04:50
This may help.....
Dell Protected Workspace. I am not familiar with this, to me it suggest an added secure browser.
I know people use IE 'No Add-ons' to troubleshoot, and had thought of using it to see if that was what was causing issues here but, no malicious Add-ons were found.
Also, from what you've posted about changes for default browser not holding, might be related to security settings such as SpyBot Teatimer but, settings in other security tools can do the same.
~~~~~~~~~~~~~~
Let's try to make system changes to make Firefox your default browser.
Click on the Windows logo to open the Start menu, then select Control Panel. The Control Panel window will open.
Click on the link labeled Programs. The Programs panel will open.
Click on the link labeled Set your default programs. The Set your default programs panel will open.
In the Programs list on the left side of the window, click Firefox.
In the right side of the window, click Set this program as default.
~~~~~~
From the screen capture it shows using Flash from a temp directorey and we can take care of that now.
Please Run TFC by OldTimer to clear temporary files:
TFC by OldTimer (http://oldtimer.geekstogo.com/TFC.exe ) and save it to your desktop.
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.
~~~~~
We need to check which version of Flash player your using and make sure it's up to date.
Please run this security check for my review.
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe).
Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.
jhrowehl
2015-03-07, 02:29
Dell Protected Workspace. I am not familiar with this, to me it suggest an added secure browser.
I know people use IE 'No Add-ons' to troubleshoot, and had thought of using it to see if that was what was causing issues here but, no malicious Add-ons were found.
That's supposed to be an additional security layer from Dell. I'm aware that it's there, but I don't use it (that I'm aware of). It's one of those 'new' things that I haven't had the time to play with yet and find out what it really does.
I hit control panel and set Firefox as my default browser, and removed access to IE. I attached the report from Security check, and will run TFC after I post this.
I also have a question... are you familiar with VXMClient? The AVG detection that I posted earlier was the result of VXMClient. It pops up obviously false update prompts, such as 'Flash Player Plugs is out of date', and not Adobe Flash Player. Or, 'Your Internet Browser is out of date - click to download the updated browser'. Never mentions IE or Firefox, just your 'browser'. Those type of update prompts are huge red flags, along with alarm bells, warning lights, the whole shootin' match. I kill the processes without clicking the box.
Searching the internet, I find articles saying that VXMClient is malware, but not the typical virus or trojan type. It's browser related, and hides itself fairly well.
are you familiar with VXMClient
No
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
jhrowehl
2015-03-07, 04:48
No
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
Ok, will do. And, just for info, when I launched Firefox to log on here, it asked me if I wanted to set it as my default browser.
Again.
It's late here and I have a 5 year old to get ready for bed, I'll be back in the morning. :)
Also, let's make sure nothing is coming in through your router.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKOtu1Ft.png.pagespeed.ic.ONB4zWgOQ_.jpg Router Power Cycle
Switch your computer off.
Turn your router/modem off.
Unplug your router/modem and all cables from the wall.
Wait 60 seconds.
Plug your router/modem back in and turn on.
Switch your computer on.
Check for issues.
------------------------------------
http://i.imgur.com/KOtu1Ft.png Router Reset
Please read: Malware Silently Alters Wireless Router Settings (http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html)
Consult Router Passwords (http://www.routerpasswords.com/) to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router.
Reset Router to Factory Default Settings:
Typically a reset can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)
In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
~~~~
Please make sure of the following settings on your computer:
Click Start, Control panel, then double-click Network and Sharing Center.
In the left window select Manage Network Connection.
In the right window right-click Local Area Connection and select Properties .
Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK.
Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK twice.
If you need to change any of these settings you will need to reboot your computer.
~~~~~~~~~~~~~~~~~~~~~~~~
I need you to make a batch file.
Open a new Notepad session
Click the Start button, click Run
In the run box type notepad
Click OK
In the notepad, Click "Format" and be certain that Word Wrap is not checked.
Copy and paste all the text in the code box below into the Notepad. Do Not copy the word CODE
@Echo on
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
In the notepad
Click File, Save as..., and set the Save in to your Desktop
In the filename box, type (including quotation marks) as the filename:
"flush.bat"
Click Save
You should now have a file on your desktop with an icon like this http://forums.whatthetech.com/uploads/monthly_01_2010/post-78707-1263753228.jpg
Double click on flush.bat & allow it to run. A small black screen may briefly flash on and off, that normal.
jhrowehl
2015-03-07, 16:46
Firefox just asked me if I wanted to set it as my default browser... again. I set it as my default browser 4 or 5 times a day now.
I also had an AVG detection this morning... see capture16.jpg. It's running from a temporary file, but, I ran TFC last night, so there should be no temporary files.
I tried something last night, I downloaded a free version of SpyHunter and ran it. The free version is the teaser, it won't remove any threats until you buy the paid version. But it's results were interesting. Check the other 4 screen captures, and pay particular attention to capture21. We had FRST remove Reimage Repair twice, but SpyHunter found 48 instances of Reimage Repair leftovers.
Spybot does not find any of the reimage traces, and misses the adware programs.
Here's the FRST log file:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-03-2015 01
Ran by Henry (administrator) on ELSERVICE13 on 06-03-2015 21:51:04
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\nsmservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\netsetman.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
(Invincea, Inc.) C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\winsxs\wow64_microsoft-windows-wmi-core-providerhost_31bf3856ad364e35_6.1.7601.17514_none_78dd6e4cd6655603\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
() C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.48_windows_x86_64__mt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [InvProtect] => C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe [6779592 2015-02-12] (Invincea, Inc.)
HKLM\...\Run: [CANON P-215II SVC] => rundll32.exe P215IISvc.dll,EntryPointUserMessage
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetSetMan] => C:\Program Files (x86)\NetSetMan\netsetman.exe [6699176 2015-03-02] (Ilja Herlein)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [1893224 2012-02-23] (TODO: <Company name>)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [P-215II CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe [2251056 2014-03-30] (Canon Electronics Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-02] (AMD)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-19] (SlySoft, Inc.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1120752 2014-12-11] (Space Sciences Laboratory)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
BHO: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll (Invincea, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll (Invincea, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll (Zeon Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\pkmcdo.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668
FF Homepage: www.excite.com
FF NetworkProxy: "no_proxies_on", "localhost; 127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll (DigitalPersona, Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll (Zeon Corporation)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\artur.dubovoy@gmail.com [2015-03-06]
FF Extension: Garmin Communicator - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-26]
FF Extension: QuickJava - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-26]
FF Extension: Invincea Web Redirector - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\webredirector@invincea.com [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-11-01]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-11-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2150088 2015-02-12] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 nsmService; C:\Program Files (x86)\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [232448 2014-09-30] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-19] (Nuance Communications, Inc.)
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174792 2015-02-12] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2012-03-21] (TheGreenBow)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A4; C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe [2971736 2015-03-03] (Microsoftware)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{B72A21F9-6C42-44BF-BEBD-DD11EDF0E075}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2310488 2014-02-13] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [52232 2015-02-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183816 2015-02-12] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2012-03-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140976 2012-03-21] (TheGreenBow)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-26] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-08-02] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [107008 2006-11-22] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2006-11-09] (WIBU-SYSTEMS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 cpuz134; \??\C:\Users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 21:51 - 2015-03-06 21:51 - 00033754 _____ () C:\Users\Henry\Desktop\FRST.txt
2015-03-06 21:50 - 2015-03-06 21:51 - 00000000 ____D () C:\FRST
2015-03-06 21:50 - 2015-03-06 21:50 - 02092544 _____ (Farbar) C:\Users\Henry\Desktop\FRST64.exe
2015-03-06 19:48 - 2015-03-06 19:48 - 00448512 _____ (OldTimer Tools) C:\Users\Henry\Desktop\TFC.exe
2015-03-06 19:14 - 2015-03-06 19:14 - 00000802 _____ () C:\Users\Henry\Desktop\checkup.txt
2015-03-06 19:04 - 2015-03-06 19:04 - 00852604 _____ () C:\Users\Henry\Desktop\SecurityCheck.exe
2015-03-05 21:45 - 2015-03-05 21:45 - 00001850 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-03-05 21:44 - 2015-03-05 21:44 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-03-05 17:59 - 2015-03-05 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 14:18 - 2015-03-05 14:48 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-05 14:18 - 2015-03-05 14:18 - 00003598 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-05 06:09 - 2015-03-05 06:09 - 00001939 _____ () C:\Users\Henry\Desktop\OBD-PCLink.lnk
2015-03-04 17:48 - 2015-03-04 17:48 - 18058685 _____ (Innova Electronics ) C:\Users\Henry\Downloads\OBD_PCLink_V1.33.exe
2015-03-04 17:41 - 2015-03-04 17:41 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Innova
2015-03-04 17:41 - 2015-03-04 17:41 - 00000000 ____D () C:\Innova
2015-03-04 17:40 - 2015-03-04 17:40 - 00001965 _____ () C:\Users\Public\Desktop\Innova OBD PC-Link.lnk
2015-03-04 17:40 - 2015-03-04 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Innova Electronics
2015-03-04 17:40 - 2015-03-04 17:40 - 00000000 ____D () C:\Program Files (x86)\Innova OBD PC-Link
2015-03-04 17:39 - 2015-03-04 17:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2015-03-04 17:39 - 2015-03-04 17:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-04 17:39 - 2015-03-04 17:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-03-04 17:38 - 2015-03-04 17:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-04 17:37 - 2015-03-04 17:38 - 208015834 _____ (Innova Electronics ) C:\Users\Henry\Downloads\Innova_V02.03.07_PCLink.exe
2015-03-04 17:23 - 2015-03-04 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBD-PCLink
2015-03-04 17:23 - 2015-03-04 17:23 - 00000000 ____D () C:\Program Files (x86)\OBD-PCLink
2015-03-04 17:16 - 2015-03-04 17:16 - 00000000 ____D () C:\Users\Henry\AppData\Local\Innova_Electronics_Corp
2015-03-04 17:13 - 2015-03-04 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RepairSolutions
2015-03-04 17:13 - 2015-03-04 17:13 - 00000000 ____D () C:\Program Files (x86)\RepairSolutions
2015-03-03 21:26 - 2015-03-03 21:26 - 00023134 _____ () C:\Users\Henry\Desktop\MBRCheck_03.03.15_21.26.03.txt
2015-03-03 21:24 - 2015-03-03 21:24 - 00080384 _____ () C:\Users\Henry\Desktop\MBRCheck.exe
2015-03-02 22:43 - 2015-03-02 22:43 - 00441583 _____ () C:\Users\Henry\Desktop\gmer.txt
2015-03-02 21:17 - 2015-03-02 21:17 - 00380416 _____ () C:\Users\Henry\Desktop\3x39kz7u.exe
2015-03-02 17:42 - 2015-03-02 17:47 - 00001376 _____ () C:\Users\Henry\Desktop\Kill Iexplore.lnk
2015-03-02 17:23 - 2015-03-05 06:13 - 00000585 _____ () C:\Windows\pixcache.ini
2015-03-01 21:52 - 2015-03-01 21:52 - 00001951 _____ () C:\DelFix.txt
2015-02-28 20:58 - 2015-02-28 22:16 - 00000530 _____ () C:\Windows\DtcInstall.log
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-27 14:17 - 2015-03-06 14:22 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-27 08:43 - 2015-03-01 21:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-02-27 08:43 - 2015-02-27 08:43 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-27 08:32 - 2015-02-27 08:32 - 00000000 ____D () C:\Program Files\Western Digital
2015-02-26 21:15 - 2015-02-26 21:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-02-26 18:20 - 2015-02-26 22:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-02-26 18:03 - 2015-02-26 18:03 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-26 18:03 - 2015-02-26 18:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-26 17:52 - 2015-03-03 13:02 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-26 14:32 - 2015-01-08 18:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 14:32 - 2015-01-08 18:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-26 11:31 - 2015-02-26 11:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-25 22:44 - 2015-02-25 22:44 - 00001115 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-25 22:44 - 2015-02-25 22:44 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\com.wd.WDMyCloud
2015-02-25 08:57 - 2015-02-25 09:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PCDr
2015-02-22 14:17 - 2015-02-22 14:17 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-20 18:26 - 2015-02-26 17:52 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2015-02-16 16:26 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 16:26 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 16:26 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-15 14:01 - 2015-03-03 13:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-12 21:42 - 2015-01-22 23:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 23:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 21:42 - 2015-01-22 22:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 21:42 - 2015-01-22 22:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 11:05 - 2015-02-11 11:05 - 00003224 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 11:04 - 2015-02-11 11:04 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-10 16:42 - 2015-01-14 00:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 16:42 - 2015-01-14 00:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 16:42 - 2015-01-11 22:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 16:42 - 2015-01-11 22:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 22:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 16:42 - 2015-01-11 21:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 16:42 - 2015-01-11 21:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 16:42 - 2015-01-11 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 16:42 - 2015-01-11 21:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 16:42 - 2015-01-11 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 16:42 - 2015-01-11 21:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 16:42 - 2015-01-11 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 16:42 - 2015-01-11 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 16:42 - 2015-01-11 21:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 16:42 - 2015-01-11 21:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 16:42 - 2015-01-11 21:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 21:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 16:42 - 2015-01-11 21:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 16:42 - 2015-01-11 20:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 16:42 - 2015-01-11 20:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 16:42 - 2015-01-11 20:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 16:42 - 2015-01-11 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 16:42 - 2015-01-11 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 16:42 - 2015-01-11 20:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 16:42 - 2015-01-11 20:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 16:42 - 2015-01-11 20:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 16:42 - 2015-01-11 20:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 16:42 - 2015-01-11 20:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 16:42 - 2015-01-11 20:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 16:42 - 2015-01-11 20:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 16:42 - 2015-01-11 20:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 16:42 - 2015-01-11 20:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 16:42 - 2015-01-11 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 16:42 - 2015-01-11 20:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 16:42 - 2015-01-11 19:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 16:42 - 2015-01-11 19:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 16:42 - 2015-01-10 01:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 16:41 - 2015-02-16 16:55 - 00025260 _____ () C:\Windows\system32\ScanResults.xml
2015-02-10 16:41 - 2015-01-15 03:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 16:41 - 2015-01-15 03:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 16:41 - 2015-01-15 03:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 16:41 - 2015-01-15 03:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 16:41 - 2015-01-15 03:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 16:41 - 2015-01-15 03:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 16:41 - 2015-01-15 03:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 16:41 - 2015-01-15 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 16:41 - 2015-01-15 03:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 16:41 - 2015-01-15 02:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 16:41 - 2015-01-15 02:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 16:41 - 2015-01-15 02:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 16:41 - 2015-01-15 02:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 16:41 - 2015-01-15 02:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 16:41 - 2015-01-14 23:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 16:41 - 2015-01-14 01:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 01:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 16:41 - 2015-01-14 01:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 16:41 - 2015-01-14 01:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 16:41 - 2015-01-14 00:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 16:41 - 2015-01-14 00:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 16:41 - 2015-01-12 22:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 16:41 - 2015-01-12 21:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 16:41 - 2014-12-12 00:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 16:41 - 2014-12-12 00:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 16:41 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 16:41 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 16:41 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 16:41 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 16:41 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 16:41 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 16:41 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 16:40 - 2015-01-08 21:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 16:34 - 2015-02-16 16:48 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-07 09:20 - 2015-02-07 09:20 - 00000000 ____D () C:\Users\Henry\AppData\Local\GARMIN_Corp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-06 21:50 - 2014-11-02 11:06 - 00000000 ____D () C:\ProgramData\BOINC
2015-03-06 21:28 - 2014-10-26 16:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-06 21:20 - 2014-11-15 13:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-06 20:57 - 2014-10-26 17:06 - 00047539 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-06 20:02 - 2014-10-26 17:08 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-06 20:00 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-06 20:00 - 2009-07-13 23:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-06 19:59 - 2009-07-14 00:13 - 00798530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-06 19:58 - 2014-10-26 16:38 - 01665956 _____ () C:\Windows\WindowsUpdate.log
2015-03-06 19:56 - 2014-11-29 16:32 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-06 19:56 - 2014-11-15 13:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-06 19:56 - 2014-11-01 11:51 - 00131072 ___SH () C:\CredSED.dat
2015-03-06 19:54 - 2015-01-11 15:06 - 00007972 _____ () C:\Windows\setupact.log
2015-03-06 19:54 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 17:43 - 2014-11-02 00:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-06 06:04 - 2014-11-02 12:58 - 00000000 ____D () C:\Program Files (x86)\NetSetMan
2015-03-05 21:45 - 2014-11-03 20:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-05 21:45 - 2014-11-03 20:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-03-05 21:45 - 2014-11-03 20:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-03-05 21:44 - 2014-10-26 16:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 16:33 - 2014-11-02 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSetMan Pro
2015-03-05 14:18 - 2014-10-26 17:05 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-05 06:55 - 2014-11-01 20:20 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\.oit
2015-03-05 06:01 - 2014-11-04 06:34 - 00007636 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2015-03-05 05:55 - 2009-07-13 23:45 - 00317552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 17:49 - 2014-11-02 11:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-04 17:41 - 2014-11-01 10:33 - 00079072 _____ () C:\Users\Henry\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 06:56 - 2014-11-01 13:31 - 00000000 ____D () C:\Users\Henry\Documents\AGFM
2015-03-04 06:54 - 2014-11-17 06:00 - 00000000 ____D () C:\Program Files (x86)\Xerox
2015-03-04 06:54 - 2014-11-03 16:33 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-03 22:11 - 2014-11-01 19:58 - 00000000 ____D () C:\Program Files\Common Files\Visioneer
2015-03-03 21:35 - 2014-11-11 17:49 - 00000000 ____D () C:\Program Files (x86)\Visioneer
2015-03-03 21:35 - 2014-11-01 19:58 - 00000000 ____D () C:\Windows\Twain_64
2015-03-03 16:39 - 2014-11-09 01:18 - 00001386 _____ () C:\Users\Henry\Desktop\Lock Computer.lnk
2015-03-03 09:17 - 2009-07-14 00:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 17:29 - 2014-11-18 17:09 - 00000184 _____ () C:\Windows\setscan.ini
2015-03-01 09:47 - 2014-11-05 20:40 - 00074240 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-03-01 09:32 - 2014-11-01 15:59 - 00000000 ____D () C:\Users\Henry\Documents\D
2015-02-28 22:17 - 2015-01-14 16:53 - 00006478 _____ () C:\Windows\PFRO.log
2015-02-28 22:16 - 2014-10-26 18:32 - 00000000 ____D () C:\Windows\CSC
2015-02-28 22:13 - 2009-07-13 21:34 - 00000439 _____ () C:\Windows\win.ini
2015-02-28 22:06 - 2011-02-10 09:33 - 00798530 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-28 20:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\registration
2015-02-28 18:17 - 2014-11-11 21:48 - 00000818 __RSH () C:\Users\Henry\ntuser.pol
2015-02-28 18:17 - 2014-11-01 10:31 - 00000000 ____D () C:\Users\Henry
2015-02-27 08:33 - 2015-01-14 16:49 - 00020844 _____ () C:\Windows\DPINST.LOG
2015-02-27 08:32 - 2014-11-04 22:39 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-02-27 08:32 - 2014-11-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-27 08:32 - 2014-11-01 12:46 - 00000000 ____D () C:\ProgramData\Western Digital
2015-02-26 17:52 - 2009-07-13 22:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-26 14:34 - 2014-11-01 12:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 11:31 - 2015-01-03 09:26 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-26 11:29 - 2015-01-03 09:26 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-26 11:07 - 2014-11-02 00:12 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 10:35 - 2014-11-02 00:27 - 00000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2015-02-26 10:30 - 2014-11-02 00:27 - 00000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2015-02-25 23:06 - 2014-11-01 19:32 - 00000000 ____D () C:\Users\Henry\Documents\MyCloud
2015-02-25 22:44 - 2014-11-01 13:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-25 09:10 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-23 16:39 - 2014-12-31 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox Update
2015-02-20 18:26 - 2014-10-26 17:07 - 00001974 _____ () C:\Users\Public\Desktop\Protected Workspace.lnk
2015-02-20 18:26 - 2014-10-26 17:07 - 00000000 ____D () C:\Program Files (x86)\Invincea
2015-02-20 13:08 - 2014-11-14 22:26 - 00001063 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-02-19 21:31 - 2014-11-01 12:58 - 00000000 ____D () C:\Users\Henry\Documents\Garmin Data
2015-02-18 07:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 16:28 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\tracing
2015-02-13 21:01 - 2014-11-01 19:09 - 00000000 ____D () C:\Users\Henry\Documents\Garmin
2015-02-13 20:50 - 2014-11-03 20:32 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GARMIN
2015-02-13 20:38 - 2014-11-03 20:35 - 00000000 ____D () C:\Users\Henry\AppData\Local\Garmin
2015-02-12 17:16 - 2014-11-01 13:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\CrashDumps
2015-02-12 17:16 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 16:46 - 2014-11-01 11:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 16:41 - 2014-11-01 11:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 11:04 - 2014-10-26 16:40 - 00000000 ____D () C:\Program Files\Dell
2015-02-09 21:22 - 2014-11-01 19:10 - 00000000 ____D () C:\Users\Henry\Documents\Humor
2015-02-09 05:38 - 2014-11-17 06:06 - 00000576 _____ () C:\wifi-debug.xml
2015-02-07 12:17 - 2014-11-01 20:09 - 00000000 ____D () C:\Users\Henry\Documents\Product Manuals
2015-02-05 16:21 - 2014-11-05 18:33 - 00000000 ____D () C:\Users\Henry\AppData\Local\Deployment
2015-02-05 12:28 - 2014-10-26 16:38 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 12:28 - 2014-10-26 16:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 12:28 - 2014-10-26 16:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-04 22:15 - 2014-11-15 13:03 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-04 22:15 - 2014-11-15 13:03 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-02-04 09:27 - 2014-12-26 13:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-02-04 09:27 - 2014-12-04 22:11 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-02-04 09:27 - 2014-11-08 17:45 - 00000000 ____D () C:\ProgramData\Ulead Systems
2015-02-04 09:27 - 2014-11-03 20:39 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\IrfanView
2015-02-04 09:27 - 2014-11-01 15:06 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GHISLER
2015-02-04 09:27 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-04 09:26 - 2010-11-21 02:16 - 00000000 ___RD () C:\Users\Public\Recorded TV
==================== Files in the root of some directories =======
2014-12-25 11:45 - 2015-01-19 21:59 - 0000263 _____ () C:\Users\Henry\AppData\Roaming\Binary Clock_Settings.ini
2014-11-02 00:27 - 2015-02-26 10:30 - 0000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2014-11-02 00:27 - 2015-02-26 10:35 - 0000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2014-11-05 20:40 - 2015-03-01 09:47 - 0074240 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 17:45 - 2014-11-01 17:45 - 0000093 _____ () C:\Users\Henry\AppData\Local\fusioncache.dat
2014-11-04 06:34 - 2015-03-05 06:01 - 0007636 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2014-11-12 21:31 - 2014-11-12 21:31 - 0000040 ___SH () C:\ProgramData\.zreglib
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 07:25
==================== End Of Log ============================
jhrowehl
2015-03-07, 18:15
I ran SpyBot, and all checks came up clean. Then I ran MalwareBytes... here's it's log:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2015/03/07 10:10:21 -0500</date>
<logfile>mbam-log-2015-03-07 (10-10-20).xml</logfile>
<isadmin>no</isadmin>
</header>
<engine>
<version>2.00.4.1028</version>
<malware-database>v2015.03.07.03</malware-database>
<rootkit-database>v2015.02.25.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Henry</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>378711</objects>
<time>460</time>
<processes>1</processes>
<modules>0</modules>
<keys>1</keys>
<values>0</values>
<datas>0</datas>
<folders>2</folders>
<files>5</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>disabled</archives>
<rootkits>enabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<process><path>C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe</path><vendor>PUP.Optional.VXMClient.A</vendor><action>delete-on-reboot</action><pid>4644</pid><hash>1d9244fe9bef87af1b9d653d6d96b749</hash></process>
<key><path>HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsVNT_R3</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>1d9244fe9bef87af1b9d653d6d96b749</hash></key>
<folder><path>C:\Program Files (x86)\Windows Network Accelerater\v3</path><vendor>PUP.Optional.VXMClient.A</vendor><action>delete-on-reboot</action><hash>713e58ea375353e313238b1760a3649c</hash></folder>
<folder><path>C:\Program Files (x86)\Windows Network Accelerater\v3\config</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>713e58ea375353e313238b1760a3649c</hash></folder>
<file><path>C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe</path><vendor>PUP.Optional.VXMClient.A</vendor><action>delete-on-reboot</action><hash>1d9244fe9bef87af1b9d653d6d96b749</hash></file>
<file><path>C:\Program Files (x86)\Windows Network Accelerater\v3\systeinfo.vpx</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>713e58ea375353e313238b1760a3649c</hash></file>
<file><path>C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.ex1</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>713e58ea375353e313238b1760a3649c</hash></file>
<file><path>C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.exe</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>713e58ea375353e313238b1760a3649c</hash></file>
<file><path>C:\Program Files (x86)\Windows Network Accelerater\v3\config\systeinfo.vpx</path><vendor>PUP.Optional.VXMClient.A</vendor><action>success</action><hash>713e58ea375353e313238b1760a3649c</hash></file>
</items>
</mbam-log>
We generally ask people to uninstall/delete - Enigma Software Group\SpyHunter
because of bogus claims of what it says it finds, that program has dubious history.
~~~~
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
~~~~
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Please also have this file scanned
C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
~~~~
Did you allow that last MBAM scan to delete/quarantine what it found?
Let me have you do a clean removal and reinstall of MBAM
Please uninstall your current version of MBAM and reinstall the latest version. MBAM Clean Removal Process 2x (https://forums.malwarebytes.org/index.php?showtopic=146017)
Then restart the computer again.
**
Next, Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
~~~~
Panda Cloud Cleaner
http://i.imgur.com/t0iH38h.png Panda Cloud Cleaner
Please download Panda Cloud Cleaner (http://acs.pandasoftware.com/pandacloudcleaner/installers/activescan/PandaCloudCleaner.exe) and save the file to your Desktop.
Temporarily disable your anti-virus software. For instructions, please refer to the following link (http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/).
Right-Click PandaCloudCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Next, followed by Next, followed by Finished.
Click Accept and Scan.
Allow Updates to download, and the scan to commence.
Upon completion, allow the results to be sent to the Cloud.
On the Scan finished screen, click http://i.imgur.com/vwu1luX.png. Do NOT click Clean.
Re-enable your anti-virus software.
Press the Windows Key http://i.imgur.com/pdKOQKY.png + r on your keyboard at the same time. Type C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.log and click OK.
A log (PCloudCleaner.log) will open. Copy the contents of the log and paste in your next reply.
Panda Cloud Cleaner tutorial (http://www.pandasecurity.com/usa/homeusers/support/card/?id=1674)
Please post
Files to be scanned
files from FRST scan
PCloudCleaner.log
jhrowehl
2015-03-07, 21:23
We generally ask people to uninstall/delete - Enigma Software Group\SpyHunter
because of bogus claims of what it says it finds, that program has dubious history.
~~~~
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
Did that last night, do you need it again?
Did you allow that last MBAM scan to delete/quarantine what it found?
Yes, I did. But I still have the problem.
I'll see if the file scan has any results... those files should have been quarantined by MalwareBytes.
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
Did that last night, do you need it again?
~~~
If you did I'm not finding it posted?
Did you run the Panda Cloud Cleaner?
jhrowehl
2015-03-07, 21:47
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
Please also have this file scanned
C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
Winvxm was quarrantined, so it wasn't available. Here's the result link for the Youtubeseve.exe file:
https://www.virustotal.com/en/file/f493fb75c2f5d8e9876829bb7df0dd56f1121b82f27b7f43c9effd3b3f49f0da/analysis/1425756392/
jhrowehl
2015-03-07, 21:50
Please run the Farbar Recovery Scan Tool.
Enter vxmclient in the Search Box.
click the Search Registry button, post the content of the Search.txt file in your next reply.
Did that last night, do you need it again?
~~~
If you did I'm not finding it posted?
Did you run the Panda Cloud Cleaner?
The log is posted in message 76.
I'm waiting for a backup to complete before I run Panda Cloud Cleaner, and reinstall of MalwareBytes.
Post #76 was just a new scan using FRST for the computer, not the search option for vxmclient.
(edited to reflect correct file name)
MicroStudio C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
Microsoftware C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
See if you can uninstall/delete those 2 items out of your add/remove programs list in the Control panel. (If found)
~~~~
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1 (http://jpshortstuff.247fixes.com/SystemLook.exe)
Download Mirror #2 (http://images.malwareremoval.com/jpshortstuff/SystemLook.exe)
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
vxmclient
:folderfind
vxmclient
:regfind
vxmclient
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
with results to Panda Cloud Cleaner, and MalwareBytes.
jhrowehl
2015-03-08, 00:42
I can't delete the Youtube file with the standard Windows stuff. I ran FRST, SystemLook, and Panda Cloud Cleaner. Here's the Panda log file, and the SystemLook log file:
Malware. FILE: C:\USERS\HENRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\ENPAGOPD.TXT to be deleted.
Malware. FILE: C:\USERS\HENRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\8KD8LCZG.TXT to be deleted.
Malware. FILE: C:\USERS\HENRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\H2024F3P.TXT to be deleted.
Unknown. FILE: C:\PROGRAMDATA\BOINC\PROJECTS\MILKYWAY.CS.RPI.EDU_MILKYWAY\MILKYWAY_SEPARATION_1.00_WINDOWS_X86_64.EXE to be deleted.
Unknown. FILE: C:\PROGRAMDATA\BOINC\PROJECTS\EINSTEIN.PHYS.UWM.EDU\EINSTEINBINARY_BRP6_1.41_WINDOWS_X86_64__BRP5-OPENCL-ATI.EXE to be deleted.
Unknown. FILE: C:\PROGRAMDATA\BOINC\PROJECTS\LHCATHOMECLASSIC.CERN.CH_SIXTRACK\SIXTRACK_WIN64_4517_SSE2.EXE to be deleted.
Malware. FILE: C:\USERS\HENRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\MGTJCKVX.TXT to be deleted.
Unknown. FILE: C:\PROGRAM FILES (X86)\VISIONEER\ONETOUCH 4.0\OTSERVICE.EXE to be deleted.
Unknown. REGKEY: HKLM\SYSTEM\CurrentControlSet\Services\OneTouch 4.0 Monitor. Key to be deleted.
Malware. FILE: C:\USERS\HENRY\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\PZS6G3M7.TXT to be deleted.
Unknown. FILE: C:\WINDOWS\SYSTEM32\P215IISVC.DLL to be deleted.
Unknown. REGKEY: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run[CANON P-215II SVC]. Value: CANON P-215II SVC To be deleted.
Malware. REGKEY: HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND. Value: (null) To be changed to: C:\Program Files\Internet Explorer\IEXPLORE.EXE.
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SUPERHIDDEN] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SUPERHIDDEN] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0
Suspicious Policy. POLICY: HKLM\SOFTWARE\CLASSES\MSCFILE\SHELL\OPEN\COMMAND to be changed to: %SystemRoot%\system32\mmc.exe "%1" %*
Suspicious Policy. POLICY: HKLM\SOFTWARE\CLASSES\MSCFILE\SHELL\OPEN\COMMAND to be changed to: %SystemRoot%\system32\mmc.exe "%1" %*
SystemLook 30.07.11 by jpshortstuff
Log created at 16:34 on 07/03/2015 by Henry
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.
========== filefind ==========
Searching for "vxmclient"
No files found.
========== folderfind ==========
Searching for "vxmclient"
No folders found.
========== regfind ==========
Searching for "vxmclient"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.exe"="Windows Network Client"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.exe"="Windows Network Client"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Program Files (x86)\Windows Network Accelerater\v3\vxmclient.exe"="Windows Network Client"
-= EOF =-
Items found by Panda are OK, I can find info on those and they are OK to leave alone.
Can you post the fixlog I created?
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
jhrowehl
2015-03-08, 03:43
Also, let's make sure nothing is coming in through your router.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKOtu1Ft.png.pagespeed.ic.ONB4zWgOQ_.jpg Router Power Cycle
Switch your computer off.
Turn your router/modem off.
Unplug your router/modem and all cables from the wall.
Wait 60 seconds.
Plug your router/modem back in and turn on.
Switch your computer on.
Check for issues.
------------------------------------
http://i.imgur.com/KOtu1Ft.png Router Reset
Please read: Malware Silently Alters Wireless Router Settings (http://blog.washingtonpost.com/securityfix/2008/06/malware_silently_alters_wirele_1.html)
Consult Router Passwords (http://www.routerpasswords.com/) to find out what default username and password for your brand of router and make a note of that for future reference. Alternatively, your may find the username/password written on the base of your router. If neither options are applicable, please contact the manufacturer of your router.
Reset Router to Factory Default Settings:
Typically a reset can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds)
In order to get to the router's server, type http:\\192.168.1.1 in the address bar and click Enter. You should see the log in window.
Fill in the password you have already found and you will get the configuration page.
Configure the router to allow you to connect to your ISP server. In some routers it is done by a setup wizard.
If you do not have a setup wizard you have to fill in the log in password your ISP has initially given to you. You can also call your ISP if you don't have your initial password.
Don't forget to change the routers default password and set a stronger, more complex password. Note down the password and keep it somewhere for future reference.
~~~~
Please make sure of the following settings on your computer:
Click Start, Control panel, then double-click Network and Sharing Center.
In the left window select Manage Network Connection.
In the right window right-click Local Area Connection and select Properties .
Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK.
Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK twice.
If you need to change any of these settings you will need to reboot your computer.
I had a few bumps in the carpet with some of the information...
The link to the article about the router malware apparently is out of date, it goes to a page with several articles, but the one mentioned isn't on the page. But, I am aware of the situation. I'm an electronic service rep for my company, and I work with networks to some extent. Also, the detailed instructions on logging into the router are for a Linksys router, I use Netgear. Not a problem for me, but you may have some other people out there that are using something other than Linksys, and may get confused. This holds true for entering the password from your ISP... mine doesn't use connection logons, it's all controlled by the modem MAC address. You need to call them and have your modem registered, otherwise you have no service.
I have IPv6 disabled for two reasons - I don't have a need for it, and my ISP doesn't currently support it in my area.
To put your mind at ease concerning the possibility of router malware, my network is completely stealthed. I use Gibson Research Corporation for network security issues, including port security scans. I achieved 100% stealth rating on my system. In fact, my ISP can't find my network - and they know exactly where it is!
Case in point - I had modem problems sometime around Thanskgiving, and had a service tech on site for testing and repair. They were having problems getting my new modem to successfully register. They decided to run active echo ranging tests between their servers and my network. Their tech hooked his equipment into my network, and did the uplink ranging with no problem. Now, here comes the good part - the downlink ranging tests failed because they could not probe the test equipment that was hooked up. The test set was online, active, and listening, but my ISP was unable to penetrate my security to connect with their test equipment. They had the IP address, and the port numbers, but they still couldn't get through.
I had to temporarily disable security, allow the ranging tests, then re-enable security. With security re-enabled, they thought that I had disconnected my router. Needless to say, the service tech was impressed. Even though he was actively communicating with the ISP servers, the servers still couldn't find the test set.
If my ISP can't find me, I'm reasonably confident that hackers can't find me either.
jhrowehl
2015-03-08, 04:52
Items found by Panda are OK, I can find info on those and they are OK to leave alone.
Can you post the fixlog I created?
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
I can't find the fixlist that you asked for... I think it was overwritten somewhere along the line. Here's the latest fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-03-2015 01
Ran by Henry at 2015-03-07 16:40:05 Run:1
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
EmptyTemp:
End
*****************
Processes closed successfully.
WindowsVNT_R3 => Service not found.
YouTubeDownload_A3 => Service not found.
"C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe" => File/Directory not found.
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe => Moved successfully.
EmptyTemp: => Removed 95.1 MB temporary data.
The system needed a reboot.
==== End of Fixlog 16:40:21 ====
I can't find the fixlist that you asked for... I think it was overwritten somewhere along the line. Here's the latest fixlog:
Dogoneit, I was hoping it would come back found and deleted!
If my ISP can't find me, I'm reasonably confident that hackers can't find me either.
Thats good to hear because they are so so many not in that good shape.
If you would, locate the copy of Farbar Recovery Scan Tool, right click and select delete.
Now we will download an updated copy. Would like to check and see whats left to find.
Farbar Recovery Scan Tool (FRST) Scan
Please download Farbar Recovery Scan Tool (x32) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/) or Farbar Recovery Scan Tool (x64) (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/) and save the file to your Desktop.
Note: Download and run the version compatible with your system (32 or 64-bit). Download both if you're unsure; only one will run.
Right-Click FRST.exe / FRST64.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Click Yes to the disclaimer.
Ensure the Addition.txt box is checked.
Click the Scan button and let the programme run.
Upon completion, click OK, then OK on the Addition.txt pop up screen.
Two logs (FRST.txt & Addition.txt) will now be open on your Desktop. Copy the contents of both logs and paste in your next reply.
jhrowehl
2015-03-08, 18:34
Thats good to hear because they are so so many not in that good shape.
If you would, locate the copy of Farbar Recovery Scan Tool, right click and select delete.
Now we will download an updated copy. Would like to check and see whats left to find.
I'm extremely picky about network security. The tech was actively pinging outbound, and getting valid echo returns, but the ISP servers were getting no response whatsoever from my network. The tech was trying to explain that my router was defective, right up until I disabled security and allowed the tests. You should have seen the look on his face - wish I had a camera! The attached screen capture shows the settings that make you 'invisible' to external pings and port scans.
I updated FRST, log files appear below:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 08-03-2015 02
Ran by Henry (administrator) on ELSERVICE13 on 08-03-2015 11:12:25
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(DigitalPersona, Inc.) C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpCardEngine.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidMonitorSvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\nsmservice.exe
(Visioneer Inc.) C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaService.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaSmSrv.exe
(Dell Inc.) C:\Program Files\Dell\PPO\poaTaServ.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(TheGreenBow) C:\Windows\SysWOW64\TgbStarter.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Dell Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe
(Dell, Inc.) C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(EMC Corporation) C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebToolkitHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell Inc.) C:\Program Files\Dell\PPO\DellPoaEvents.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
() C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apache Software Foundation) C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgui.exe
(Canon Electronics Inc.) C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Ilja Herlein) C:\Program Files (x86)\NetSetMan\netsetman.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxRpcSs.exe
(Invincea, Inc.) C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SandboxDcomLaunch.exe
(Invincea, Inc.) C:\ProgramData\Invincea\Enterprise\Bin\x64\InvProtectAgent64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(BayHubTech/O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell Backup and Recovery\Toaster.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
() C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2015\avgcsrva.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Ghisler Software GmbH) C:\totalcmd\TOTALCMD.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.48_windows_x86_64__mt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_305_ActiveX.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [727896 2014-03-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510232 2014-01-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [285272 2013-12-30] (Waves Audio Ltd.)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1374936 2014-01-13] (Realtek Semiconductor)
HKLM\...\Run: [DellPoaEvents] => C:\Program Files\Dell\PPO\DellPoaEvents.exe [396496 2014-08-15] (Dell Inc.)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-05-28] (Intel Corporation)
HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-05-29] (Intel(R) Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [CSFTrayApp] => C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe [232288 2014-09-11] ()
HKLM\...\Run: [InvProtect] => C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtect64.exe [6779592 2015-02-12] (Invincea, Inc.)
HKLM\...\Run: [CANON P-215II SVC] => rundll32.exe P215IISvc.dll,EntryPointUserMessage
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [67056 2014-12-11] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [9639920 2014-12-11] (Space Sciences Laboratory)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-04-10] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-02] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [NetSetMan] => C:\Program Files (x86)\NetSetMan\netsetman.exe [6699176 2015-03-02] (Ilja Herlein)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [PaperPort PTD] => C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe [36168 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [IndexSearch] => C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe [18248 2013-04-19] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDF7 Registry Controller] => C:\Program Files (x86)\Nuance\PDF Professional 7\RegistryController.exe [141160 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [PDFProHook] => C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe [641384 2012-02-17] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OmniPage Preload] => C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [1893224 2012-02-23] (TODO: <Company name>)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3667472 2014-12-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [P-215II CaptureOnTouch] => C:\Program Files (x86)\Canon Electronics\P215II\TouchDR.exe [2251056 2014-03-30] (Canon Electronics Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2010-01-07] (CyberLink Corp.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2014-04-02] (AMD)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVD.exe [109480 2015-02-19] (SlySoft, Inc.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [688984 2015-01-28] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\boinc.scr [1120752 2014-12-11] (Space Sciences Laboratory)
Lsa: [Notification Packages] DPPassFilter scecli
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Network Server.lnk
ShortcutTarget: Network Server.lnk -> C:\Program Files (x86)\WIBUKEY\Server\WkSvMgr.exe (WIBU-SYSTEMS AG)
Startup: C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice 4.1.1.lnk
ShortcutTarget: OpenOffice 4.1.1.lnk -> C:\Program Files (x86)\OpenOffice 4\program\quickstart.exe ()
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Windows\system32\mscoree.dll (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Microsoft\Internet Explorer\Main,Start Page = www.excite.com
BHO: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\X64\InvRedirHostIE64.dll [2015-02-12] (Invincea, Inc.)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: Invincea Web Redirector -> {1C52FA7C-51B7-4621-9D5A-11101BA13134} -> C:\Program Files (x86)\Invincea\Enterprise\InvRedirHostIE.dll [2015-02-12] (Invincea, Inc.)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll [2011-06-30] (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
BHO-x32: ZeonIEEventHelper Class -> {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} -> C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08] (Zeon Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-09-12] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - DocuCom PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\ZeonIEFavClient.dll [2011-07-08] (Zeon Corporation)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\pkmcdo.dll [2001-01-21] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 208.67.222.222 208.67.222.220 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668
FF Homepage: www.excite.com
FF NetworkProxy: "no_proxies_on", "localhost; 127.0.0.1"
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-04-29] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: digitalpersona.com/ChromeDPAgent -> C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\components\npChromeDPAgent.dll [2014-03-17] (DigitalPersona, Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Professional 7\bin\nppdf.dll [2011-07-15] (Zeon Corporation)
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\artur.dubovoy@gmail.com [2015-03-06]
FF Extension: Garmin Communicator - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-12-26]
FF Extension: QuickJava - C:\Users\Henry\AppData\Roaming\Mozilla\Firefox\Profiles\zle9j8xn.default-1419567438668\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-12-26]
FF Extension: Invincea Web Redirector - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\webredirector@invincea.com [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-11-01]
FF HKLM-x32\...\Firefox\Extensions: [dpmaxz_ng@jetpack] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome
FF Extension: Dell Data Protection | Security Tools - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome [2014-11-01]
FF Extension: PDF Converter 7.1 - C:\Program Files (x86)\Nuance\PDF Professional 7\FireFox [2014-11-09]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [ncffjdbbodifgldkcbhmiiljfcnbgjab] - C:\Program Files (x86)\Dell\Dell Data Protection\Security Tools Authentication\Bin\BrowserExt\dpchrome.crx [2014-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ApHidMonitorService; C:\Program Files\DellTPad\HidMonitorSvc.exe [87384 2014-03-27] (Alps Electric Co., Ltd.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3432976 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-12-18] (AVG Technologies CZ, s.r.o.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [73072 2014-11-10] (Dell)
R2 DellMgmtAgent; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.exe [255328 2014-09-11] (Dell Inc.)
R2 DellMgmtLoader; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe [26464 2014-09-11] ()
R2 DellMgmtServer; C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.MgmtServer.exe [33632 2014-09-11] (Dell, Inc.)
R2 DpHost; C:\Program Files\Dell\Dell Data Protection\Security Tools\Authentication\Bin\DpHostW.exe [472912 2014-03-19] (DigitalPersona, Inc.)
R2 Emc.Captiva.WebCaptureService; C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\Emc.Captiva.WebCaptureService.exe [46400 2013-03-25] (EMC Corporation)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [517464 2015-01-28] (Garmin Ltd or its subsidiaries)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-05-28] (Intel Corporation)
R2 iBtSiva; C:\Program Files (x86)\Intel\Bluetooth\ibtsiva.exe [121288 2014-06-06] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [315376 2014-05-06] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel(R) Corporation)
R2 InvProtectSvc; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectSvc64.exe [2150088 2015-02-12] (Invincea, Inc.)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [154584 2014-04-29] (Intel Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [335872 2003-03-19] (Microsoft Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-05-29] ()
R2 nsmService; C:\Program Files (x86)\NetSetMan\nsmservice.exe [1278632 2015-02-06] (Ilja Herlein)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2014-03-07] (BayHubTech/O2Micro International)
R2 OneTouch 4.0 Monitor; C:\Program Files (x86)\Visioneer\OneTouch 4.0\OtService.exe [232448 2014-09-30] (Visioneer Inc.) [File not signed]
R2 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [135016 2012-02-17] (Nuance Communications, Inc.)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [77640 2013-04-19] (Nuance Communications, Inc.)
R2 poaService; C:\Program Files\Dell\PPO\poaService.exe [721104 2014-08-15] (Dell Inc.)
R2 PoaSMSrv; C:\Program Files\Dell\PPO\poaSmSrv.exe [312016 2014-08-15] (Dell Inc.)
R2 poaTaServ; C:\Program Files\Dell\PPO\poaTaServ.exe [645328 2014-08-16] (Dell Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-12-06] (Realtek Semiconductor)
R2 SboxSvc; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxSvc.exe [174792 2015-02-12] (Invincea, Inc.)
R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-02] (SoftThinks SAS)
S3 stllssvr; C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [69632 2007-07-11] (MicroVision Development, Inc.) [File not signed]
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [19288 2015-03-04] (Dell Inc.)
R2 TgbIke Starter; C:\Windows\SysWOW64\TgbStarter.exe [239280 2012-03-21] (TheGreenBow)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-10-26] (Microsoft Corporation)
R2 YouTubeDownload_A4; C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe [2971736 2015-03-03] (Microsoftware)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-05-29] (Intel® Corporation)
S3 Dell.CommandPowerManager.Service; C:\Windows\SysWOW64\dllhost.exe /Processid:{B72A21F9-6C42-44BF-BEBD-DD11EDF0E075}
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [150440 2014-12-23] (SlySoft, Inc.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [260888 2014-12-08] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [203544 2014-11-18] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
R3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2014-03-26] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1423160 2014-04-18] (Motorola Solutions, Inc.)
R0 CredFltL; C:\Windows\System32\DRIVERS\CredFltL.sys [37120 2014-09-11] ()
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2014-08-13] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2014-08-13] (Dell Computer Corporation)
R2 DLABMFSE; C:\Windows\System32\Drivers\DLABMFSE.SYS [46448 2007-07-23] (Roxio)
R2 DLABOIOE; C:\Windows\System32\Drivers\DLABOIOE.SYS [42352 2007-07-23] (Roxio)
R0 DLACDBHE; C:\Windows\System32\Drivers\DLACDBHE.SYS [17776 2007-07-23] (Roxio)
R2 DLADResE; C:\Windows\System32\Drivers\DLADResE.SYS [9968 2007-07-23] (Roxio)
R2 DLAIFS_E; C:\Windows\System32\Drivers\DLAIFS_E.SYS [146672 2007-07-23] (Roxio)
R2 DLAOPIOE; C:\Windows\System32\Drivers\DLAOPIOE.SYS [35056 2007-07-23] (Roxio)
R2 DLAPoolE; C:\Windows\System32\Drivers\DLAPoolE.SYS [19824 2007-07-23] (Roxio)
R1 DLARTL_E; C:\Windows\System32\Drivers\DLARTL_E.SYS [41072 2007-07-23] (Roxio)
R2 DLAUDFAE; C:\Windows\System32\Drivers\DLAUDFAE.SYS [135152 2007-07-23] (Roxio)
R2 DLAUDF_E; C:\Windows\System32\Drivers\DLAUDF_E.SYS [144112 2007-07-23] (Roxio)
R0 DRVECDB; C:\Windows\System32\Drivers\DRVECDB.SYS [124112 2007-07-23] (Sonic Solutions)
R2 DRVEDDM; C:\Windows\System32\Drivers\DRVEDDM.SYS [63984 2007-07-23] (Roxio)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [489752 2014-06-12] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2014-05-02] (Intel Corporation)
R3 ibtusb; C:\Windows\System32\DRIVERS\ibtusb.sys [199624 2014-06-06] (Intel Corporation)
R3 IntcAzAudAddService; C:\Windows\System32\drivers\RTDVHD64.sys [2310488 2014-02-13] (Realtek Semiconductor Corp.)
R3 InvProtectDrv; C:\Program Files (x86)\Invincea\Enterprise\X64\InvProtectDrv64.sys [52232 2015-02-12] (Invincea, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [118272 2014-04-29] (Intel Corporation)
R3 NETwNs64; C:\Windows\System32\DRIVERS\Netwsw02.sys [3442144 2014-06-18] (Intel Corporation)
R3 O2FJ2RDR; C:\Windows\System32\DRIVERS\O2FJ2w7x64.sys [210592 2014-05-14] (BayHubTech/O2Micro )
R3 POADrvr; C:\Windows\System32\drivers\POADrvr.sys [21264 2014-08-15] (Dell Computer Corporation)
U3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
R3 SboxDrv; C:\Program Files (x86)\Invincea\Enterprise\Sandbox\SboxDrv.sys [183816 2015-02-12] (Invincea, Inc.)
R0 SEDFilter; C:\Windows\System32\DRIVERS\SEDFilter.sys [61184 2014-09-11] (Dell Inc.)
R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_Accel.sys [75976 2013-08-06] (STMicroelectronics)
R3 TGBMPEnum; C:\Windows\System32\DRIVERS\TGBMPEnum.sys [40624 2012-03-21] (TheGreenBow)
S3 TGBVPNVirtM; C:\Windows\System32\DRIVERS\TGBVPNVirtM.sys [140976 2012-03-21] (TheGreenBow)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-26] ()
R3 usb3Hub; C:\Windows\System32\DRIVERS\usb3Hub.sys [204184 2014-03-04] (Windows (R) Win 7 DDK provider)
S3 usbscan; C:\Windows\SysWOW64\DRIVERS\usbscan.sys [35840 2009-07-14] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17632 2014-08-02] ()
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey64.sys [107008 2006-11-22] (WIBU-SYSTEMS AG)
S3 Wibukey2_64; C:\Windows\System32\drivers\wibukey2_64.sys [16896 2006-11-09] (WIBU-SYSTEMS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
S3 cpuz134; \??\C:\Users\Henry\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 11:11 - 2015-03-08 11:11 - 02095104 _____ (Farbar) C:\Users\Henry\Desktop\FRST64.exe
2015-03-07 18:23 - 2015-03-07 18:39 - 00002250 _____ () C:\Users\Henry\Desktop\PCloudCleaner.LOG
2015-03-07 18:22 - 2015-03-07 18:22 - 00002214 _____ () C:\Users\Henry\Desktop\PCloudCleaner1.txt
2015-03-07 17:48 - 2013-04-29 09:17 - 00047632 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-03-07 17:47 - 2015-03-07 17:47 - 00001244 _____ () C:\Users\Public\Desktop\Panda Cloud Cleaner.lnk
2015-03-07 17:47 - 2015-03-07 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2015-03-07 17:47 - 2015-03-07 17:47 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-03-07 17:39 - 2015-03-07 17:39 - 00000000 ____D () C:\Users\Henry\Desktop\FRST-OlderVersion
2015-03-07 17:31 - 2015-03-07 17:36 - 00002166 _____ () C:\Users\Henry\Desktop\SystemLook1.txt
2015-03-07 17:21 - 2015-03-07 17:38 - 00000894 _____ () C:\Users\Henry\Desktop\SystemLook.txt
2015-03-07 17:20 - 2015-03-07 17:20 - 00139264 _____ () C:\Users\Henry\Desktop\SystemLook.exe
2015-03-07 16:34 - 2015-03-07 16:34 - 00004034 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-03-07 15:39 - 2015-03-07 15:40 - 31660040 _____ (Panda Security ) C:\Users\Henry\Desktop\PandaCloudCleaner.exe
2015-03-06 23:43 - 2015-03-06 22:52 - 00063254 _____ () C:\Users\Henry\Desktop\FRST - Copy.txt
2015-03-06 23:43 - 2015-03-06 22:52 - 00040908 _____ () C:\Users\Henry\Desktop\Addition - Copy.txt
2015-03-06 22:51 - 2015-03-08 11:13 - 00034183 _____ () C:\Users\Henry\Desktop\FRST.txt
2015-03-06 22:51 - 2015-03-06 22:52 - 00040908 _____ () C:\Users\Henry\Desktop\Addition.txt
2015-03-06 22:50 - 2015-03-08 11:12 - 00000000 ____D () C:\FRST
2015-03-06 20:48 - 2015-03-06 20:48 - 00448512 _____ (OldTimer Tools) C:\Users\Henry\Desktop\TFC.exe
2015-03-06 20:14 - 2015-03-06 20:14 - 00000802 _____ () C:\Users\Henry\Desktop\checkup.txt
2015-03-06 20:04 - 2015-03-06 20:04 - 00852604 _____ () C:\Users\Henry\Desktop\SecurityCheck.exe
2015-03-05 22:45 - 2015-03-05 22:45 - 00001850 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2015-03-05 22:44 - 2015-03-05 22:44 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2015-03-05 18:59 - 2015-03-05 18:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 15:18 - 2015-03-05 15:48 - 00000000 ____D () C:\ProgramData\SupportAssistAgent
2015-03-05 15:18 - 2015-03-05 15:18 - 00003598 _____ () C:\Windows\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-03-05 07:09 - 2015-03-05 07:09 - 00001939 _____ () C:\Users\Henry\Desktop\OBD-PCLink.lnk
2015-03-04 18:48 - 2015-03-04 18:48 - 18058685 _____ (Innova Electronics ) C:\Users\Henry\Downloads\OBD_PCLink_V1.33.exe
2015-03-04 18:41 - 2015-03-04 18:41 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Innova
2015-03-04 18:41 - 2015-03-04 18:41 - 00000000 ____D () C:\Innova
2015-03-04 18:40 - 2015-03-04 18:40 - 00001965 _____ () C:\Users\Public\Desktop\Innova OBD PC-Link.lnk
2015-03-04 18:40 - 2015-03-04 18:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Innova Electronics
2015-03-04 18:40 - 2015-03-04 18:40 - 00000000 ____D () C:\Program Files (x86)\Innova OBD PC-Link
2015-03-04 18:39 - 2015-03-04 18:39 - 00000000 ____D () C:\Program Files\Microsoft Synchronization Services
2015-03-04 18:39 - 2015-03-04 18:39 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-04 18:39 - 2015-03-04 18:39 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-03-04 18:38 - 2015-03-04 18:38 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-04 18:37 - 2015-03-04 18:38 - 208015834 _____ (Innova Electronics ) C:\Users\Henry\Downloads\Innova_V02.03.07_PCLink.exe
2015-03-04 18:23 - 2015-03-04 18:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBD-PCLink
2015-03-04 18:23 - 2015-03-04 18:23 - 00000000 ____D () C:\Program Files (x86)\OBD-PCLink
2015-03-04 18:16 - 2015-03-04 18:16 - 00000000 ____D () C:\Users\Henry\AppData\Local\Innova_Electronics_Corp
2015-03-04 18:13 - 2015-03-04 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RepairSolutions
2015-03-04 18:13 - 2015-03-04 18:13 - 00000000 ____D () C:\Program Files (x86)\RepairSolutions
2015-03-03 22:26 - 2015-03-03 22:26 - 00023134 _____ () C:\Users\Henry\Desktop\MBRCheck_03.03.15_21.26.03.txt
2015-03-03 22:24 - 2015-03-03 22:24 - 00080384 _____ () C:\Users\Henry\Desktop\MBRCheck.exe
2015-03-02 23:43 - 2015-03-02 23:43 - 00441583 _____ () C:\Users\Henry\Desktop\gmer.txt
2015-03-02 22:17 - 2015-03-02 22:17 - 00380416 _____ () C:\Users\Henry\Desktop\3x39kz7u.exe
2015-03-02 18:42 - 2015-03-02 18:47 - 00001376 _____ () C:\Users\Henry\Desktop\Kill Iexplore.lnk
2015-03-02 18:23 - 2015-03-05 07:13 - 00000585 _____ () C:\Windows\pixcache.ini
2015-03-01 22:52 - 2015-03-01 22:52 - 00001951 _____ () C:\DelFix.txt
2015-02-28 21:58 - 2015-02-28 23:16 - 00000530 _____ () C:\Windows\DtcInstall.log
2015-02-28 19:21 - 2015-02-28 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-28 19:21 - 2015-02-28 19:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-27 15:17 - 2015-03-07 16:27 - 00003484 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2015-02-27 09:43 - 2015-03-01 22:52 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2015-02-27 09:43 - 2015-02-27 09:43 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2015-02-27 09:32 - 2015-02-27 09:32 - 00000000 ____D () C:\Program Files\Western Digital
2015-02-26 22:15 - 2015-02-26 22:15 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-02-26 19:20 - 2015-02-26 23:30 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-02-26 19:03 - 2015-02-26 19:03 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-02-26 19:03 - 2015-02-26 19:03 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-02-26 18:52 - 2015-03-03 14:02 - 00000000 ____D () C:\ProgramData\Optimizer
2015-02-26 15:32 - 2015-01-08 19:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 15:32 - 2015-01-08 19:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-26 12:31 - 2015-02-26 12:43 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-25 23:44 - 2015-02-25 23:44 - 00001115 _____ () C:\Users\Public\Desktop\WD My Cloud.lnk
2015-02-25 23:44 - 2015-02-25 23:44 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\com.wd.WDMyCloud
2015-02-25 09:57 - 2015-02-25 10:11 - 00000000 ____D () C:\Windows\erdnt
2015-02-22 15:17 - 2015-02-22 15:17 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\PCDr
2015-02-22 15:17 - 2015-02-22 15:17 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-21 12:06 - 2015-02-21 12:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-20 19:26 - 2015-02-26 18:52 - 00000560 __RSH () C:\ProgramData\ntuser.pol
2015-02-16 17:26 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-16 17:26 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-16 17:26 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-16 17:26 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-15 15:01 - 2015-03-03 14:03 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-02-12 22:42 - 2015-01-23 00:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 22:42 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 22:42 - 2015-01-22 23:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-12 22:42 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 12:05 - 2015-02-11 12:05 - 00003224 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2015-02-11 12:04 - 2015-02-11 12:04 - 00000000 ____D () C:\Program Files\Dell Support Center
2015-02-10 17:42 - 2015-01-14 01:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-10 17:42 - 2015-01-14 01:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-10 17:42 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-10 17:42 - 2015-01-11 23:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-10 17:42 - 2015-01-11 23:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-10 17:42 - 2015-01-11 22:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-10 17:42 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-10 17:42 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-10 17:42 - 2015-01-11 22:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-10 17:42 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-10 17:42 - 2015-01-11 22:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-10 17:42 - 2015-01-11 22:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-10 17:42 - 2015-01-11 22:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-10 17:42 - 2015-01-11 22:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-10 17:42 - 2015-01-11 22:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-10 17:42 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-10 17:42 - 2015-01-11 22:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-10 17:42 - 2015-01-11 22:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-10 17:42 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-10 17:42 - 2015-01-11 22:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-10 17:42 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-10 17:42 - 2015-01-11 22:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-10 17:42 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-10 17:42 - 2015-01-11 22:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-10 17:42 - 2015-01-11 22:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-10 17:42 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-10 17:42 - 2015-01-11 22:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-10 17:42 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-10 17:42 - 2015-01-11 22:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-10 17:42 - 2015-01-11 21:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-10 17:42 - 2015-01-11 21:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-10 17:42 - 2015-01-11 21:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-10 17:42 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-10 17:42 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-10 17:42 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-10 17:42 - 2015-01-11 21:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-10 17:42 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-10 17:42 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-10 17:42 - 2015-01-11 21:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-10 17:42 - 2015-01-11 21:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-10 17:42 - 2015-01-11 21:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-10 17:42 - 2015-01-11 21:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-10 17:42 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-10 17:42 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-10 17:42 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-10 17:42 - 2015-01-11 21:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-10 17:42 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-10 17:42 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-10 17:42 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-10 17:42 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-10 17:42 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-10 17:42 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-10 17:42 - 2015-01-10 02:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-10 17:42 - 2015-01-10 02:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-10 17:41 - 2015-02-16 17:55 - 00025260 _____ () C:\Windows\system32\ScanResults.xml
2015-02-10 17:41 - 2015-01-15 04:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-10 17:41 - 2015-01-15 04:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-10 17:41 - 2015-01-15 04:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-10 17:41 - 2015-01-15 04:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-10 17:41 - 2015-01-15 04:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-10 17:41 - 2015-01-15 04:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-10 17:41 - 2015-01-15 04:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-10 17:41 - 2015-01-15 04:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-10 17:41 - 2015-01-15 04:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-10 17:41 - 2015-01-15 04:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-10 17:41 - 2015-01-15 04:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-10 17:41 - 2015-01-15 03:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-10 17:41 - 2015-01-15 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-10 17:41 - 2015-01-15 03:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-10 17:41 - 2015-01-15 03:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-10 17:41 - 2015-01-15 03:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-10 17:41 - 2015-01-15 03:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-10 17:41 - 2015-01-15 00:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-10 17:41 - 2015-01-14 02:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-10 17:41 - 2015-01-14 02:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-10 17:41 - 2015-01-14 02:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-10 17:41 - 2015-01-14 02:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-10 17:41 - 2015-01-14 01:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-10 17:41 - 2015-01-14 01:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-10 17:41 - 2015-01-14 01:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-10 17:41 - 2015-01-12 23:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-10 17:41 - 2015-01-12 22:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-10 17:41 - 2014-12-12 01:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-10 17:41 - 2014-12-12 01:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-10 17:41 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-10 17:41 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-10 17:41 - 2014-11-25 23:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-10 17:41 - 2014-11-25 23:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-10 17:41 - 2014-07-06 22:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-10 17:41 - 2014-07-06 22:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-10 17:41 - 2014-07-06 21:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-10 17:41 - 2014-07-06 21:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-10 17:40 - 2015-01-08 22:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-10 17:34 - 2015-02-16 17:48 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2015-02-07 10:20 - 2015-02-07 10:20 - 00000000 ____D () C:\Users\Henry\AppData\Local\GARMIN_Corp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-08 11:13 - 2014-11-02 12:06 - 00000000 ____D () C:\ProgramData\BOINC
2015-03-08 10:45 - 2014-10-26 18:06 - 00081048 _____ () C:\Windows\SysWOW64\Gms.log
2015-03-08 10:39 - 2014-11-02 01:09 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-08 10:34 - 2014-10-26 17:38 - 01700862 _____ () C:\Windows\WindowsUpdate.log
2015-03-08 10:28 - 2014-10-26 17:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-08 10:20 - 2014-11-15 14:03 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 23:20 - 2014-11-15 14:03 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 19:18 - 2014-11-01 16:59 - 00000000 ____D () C:\Users\Henry\Documents\D
2015-03-07 17:51 - 2014-10-26 18:08 - 00000000 ____D () C:\Program Files (x86)\Dell Backup and Recovery
2015-03-07 17:48 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 17:48 - 2009-07-14 00:45 - 00021312 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 17:47 - 2009-07-14 01:13 - 00798530 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 17:44 - 2014-11-29 17:32 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-07 17:44 - 2014-11-01 12:51 - 00131072 ___SH () C:\CredSED.dat
2015-03-07 17:42 - 2015-01-14 17:53 - 00020524 _____ () C:\Windows\PFRO.log
2015-03-07 17:42 - 2015-01-11 16:06 - 00008140 _____ () C:\Windows\setupact.log
2015-03-07 17:42 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 11:23 - 2014-12-04 23:11 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-03-06 07:04 - 2014-11-02 13:58 - 00000000 ____D () C:\Program Files (x86)\NetSetMan
2015-03-05 22:45 - 2014-11-03 21:35 - 00000000 ____D () C:\ProgramData\Garmin
2015-03-05 22:45 - 2014-11-03 21:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-03-05 22:45 - 2014-11-03 21:33 - 00000000 ____D () C:\Program Files (x86)\Garmin
2015-03-05 22:44 - 2014-10-26 17:47 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 17:33 - 2014-11-02 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetSetMan Pro
2015-03-05 15:18 - 2014-10-26 18:05 - 00000000 ____D () C:\Program Files (x86)\Dell
2015-03-05 07:55 - 2014-11-01 21:20 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\.oit
2015-03-05 07:01 - 2014-11-04 07:34 - 00007636 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2015-03-05 06:55 - 2009-07-14 00:45 - 00317552 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 18:49 - 2014-11-02 12:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2015-03-04 18:41 - 2014-11-01 11:33 - 00079072 _____ () C:\Users\Henry\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 07:56 - 2014-11-01 14:31 - 00000000 ____D () C:\Users\Henry\Documents\AGFM
2015-03-04 07:54 - 2014-11-17 07:00 - 00000000 ____D () C:\Program Files (x86)\Xerox
2015-03-04 07:54 - 2014-11-03 17:33 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-03-03 23:11 - 2014-11-01 20:58 - 00000000 ____D () C:\Program Files\Common Files\Visioneer
2015-03-03 22:35 - 2014-11-11 18:49 - 00000000 ____D () C:\Program Files (x86)\Visioneer
2015-03-03 22:35 - 2014-11-01 20:58 - 00000000 ____D () C:\Windows\Twain_64
2015-03-03 17:39 - 2014-11-09 02:18 - 00001386 _____ () C:\Users\Henry\Desktop\Lock Computer.lnk
2015-03-03 10:17 - 2009-07-14 01:08 - 00032656 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-03-02 18:29 - 2014-11-18 18:09 - 00000184 _____ () C:\Windows\setscan.ini
2015-03-01 10:47 - 2014-11-05 21:40 - 00074240 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-28 23:16 - 2014-10-26 19:32 - 00000000 ____D () C:\Windows\CSC
2015-02-28 23:13 - 2009-07-13 22:34 - 00000439 _____ () C:\Windows\win.ini
2015-02-28 23:06 - 2011-02-10 10:33 - 00798530 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-28 21:57 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\registration
2015-02-28 19:17 - 2014-11-11 22:48 - 00000818 __RSH () C:\Users\Henry\ntuser.pol
2015-02-28 19:17 - 2014-11-01 11:31 - 00000000 ____D () C:\Users\Henry
2015-02-27 09:33 - 2015-01-14 17:49 - 00020844 _____ () C:\Windows\DPINST.LOG
2015-02-27 09:32 - 2014-11-04 23:39 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-02-27 09:32 - 2014-11-01 14:24 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-02-27 09:32 - 2014-11-01 13:46 - 00000000 ____D () C:\ProgramData\Western Digital
2015-02-26 18:52 - 2009-07-13 23:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-02-26 15:34 - 2014-11-01 13:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-26 12:07 - 2014-11-02 01:12 - 00000000 ____D () C:\ProgramData\AVG2015
2015-02-26 11:35 - 2014-11-02 01:27 - 00000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2015-02-26 11:30 - 2014-11-02 01:27 - 00000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2015-02-26 00:06 - 2014-11-01 20:32 - 00000000 ____D () C:\Users\Henry\Documents\MyCloud
2015-02-25 23:44 - 2014-11-01 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2015-02-25 10:10 - 2009-07-13 22:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-23 17:39 - 2014-12-31 11:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla FireFox Update
2015-02-20 19:26 - 2014-10-26 18:07 - 00001974 _____ () C:\Users\Public\Desktop\Protected Workspace.lnk
2015-02-20 19:26 - 2014-10-26 18:07 - 00000000 ____D () C:\Program Files (x86)\Invincea
2015-02-20 14:08 - 2014-11-14 23:26 - 00001063 _____ () C:\Users\Public\Desktop\AnyDVD.lnk
2015-02-19 22:31 - 2014-11-01 13:58 - 00000000 ____D () C:\Users\Henry\Documents\Garmin Data
2015-02-18 08:42 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-02-16 17:28 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\tracing
2015-02-13 22:01 - 2014-11-01 20:09 - 00000000 ____D () C:\Users\Henry\Documents\Garmin
2015-02-13 21:50 - 2014-11-03 21:32 - 00000000 ____D () C:\Users\Henry\AppData\Roaming\GARMIN
2015-02-13 21:38 - 2014-11-03 21:35 - 00000000 ____D () C:\Users\Henry\AppData\Local\Garmin
2015-02-12 18:16 - 2014-11-01 14:28 - 00000000 ____D () C:\Users\Henry\AppData\Local\CrashDumps
2015-02-12 18:16 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-12 17:46 - 2014-11-01 12:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 17:41 - 2014-11-01 12:00 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 12:04 - 2014-10-26 17:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-02-11 12:04 - 2014-10-26 17:40 - 00000000 ____D () C:\Program Files\Dell
2015-02-09 22:22 - 2014-11-01 20:10 - 00000000 ____D () C:\Users\Henry\Documents\Humor
2015-02-09 06:38 - 2014-11-17 07:06 - 00000576 _____ () C:\wifi-debug.xml
2015-02-07 13:17 - 2014-11-01 21:09 - 00000000 ____D () C:\Users\Henry\Documents\Product Manuals
==================== Files in the root of some directories =======
2014-12-25 12:45 - 2015-01-19 22:59 - 0000263 _____ () C:\Users\Henry\AppData\Roaming\Binary Clock_Settings.ini
2014-11-02 01:27 - 2015-02-26 11:30 - 0000048 _____ () C:\Users\Henry\AppData\Roaming\IpAndPort.fig
2014-11-02 01:27 - 2015-02-26 11:35 - 0000227 _____ () C:\Users\Henry\AppData\Roaming\RmUserCfg.ini
2014-11-05 21:40 - 2015-03-01 10:47 - 0074240 _____ () C:\Users\Henry\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-01 18:45 - 2014-11-01 18:45 - 0000093 _____ () C:\Users\Henry\AppData\Local\fusioncache.dat
2014-11-04 07:34 - 2015-03-05 07:01 - 0007636 _____ () C:\Users\Henry\AppData\Local\Resmon.ResmonCfg
2014-11-12 22:31 - 2014-11-12 22:31 - 0000040 ___SH () C:\ProgramData\.zreglib
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-05 08:25
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-03-2015 02
Ran by Henry at 2015-03-08 11:14:08
Running from C:\Users\Henry\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2015 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Advanced IP Scanner v1.5 (HKLM-x32\...\Advanced IP Scanner v1.5) (Version: - )
Advanced LAN Scanner v1.0 BETA 1 (HKLM-x32\...\Advanced LAN Scanner v1.0 BETA 1) (Version: - )
AMD Catalyst Install Manager (HKLM\...\{BF728146-387A-B1FE-28F1-F25B5363D5EA}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 7.5.8.0 - SlySoft)
AVG 2015 (HKLM\...\AVG) (Version: 2015.0.5645 - AVG Technologies)
AVG 2015 (Version: 15.0.4299 - AVG Technologies) Hidden
AVG 2015 (Version: 15.0.5645 - AVG Technologies) Hidden
AVIGenerator 1.8.0.0 (HKLM-x32\...\AVIGenerator) (Version: 1.8.0.0 - )
BOINC (HKLM\...\{0DF28429-855F-4BDC-B264-058D2785965E}) (Version: 7.4.36 - Space Sciences Laboratory, U.C. Berkeley)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Canon driver for P-215II (x64) (HKLM\...\{29365D7E-86E6-4828-AFE5-0BDBE73A39F6}) (Version: 1.0.5197 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Application (HKLM-x32\...\{2F5ED7FC-EB58-41C8-ACBD-094362D6DA4F}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Mail (HKLM-x32\...\{B6ADDC04-4138-490A-80B6-7D874008F281}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for PaperPort 14 (HKLM-x32\...\{1458CC10-F280-4D16-A791-B72893FC1DA1}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Presto! BizCard 6 (HKLM-x32\...\{8662E3EE-8811-4CDE-9B4C-2B75A3746DA8}) (Version: 1.0.5200 - Canon Electronics Inc.)
CaptureOnTouch plug-in for Printer (HKLM-x32\...\{BDFF5BF0-2949-450D-8030-E6892B0DB03C}) (Version: 1.0.5200 - Canon Electronics Inc.)
CmgMasterPrerequisites (x32 Version: 1.4.1.777 - Credant Technologies Inc.) Hidden
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Command | Power Manager (HKLM\...\{DDDAF4A7-8B7D-4088-AECC-6F50E594B4F5}) (Version: 2.0.0 - Dell Inc.)
Dell Command | Update (HKLM-x32\...\{EC542D5D-B608-4145-A8F7-749C02BE6D94}) (Version: 2.0.0 - Dell Inc.)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{AB904BBA-B274-44E7-9FDD-E96E5D69F9D3}) (Version: 2.3.440.224 - Broadcom Corporation)
Dell Data Protection | Client Security Framework (HKLM\...\{05FDD00D-1C45-44D1-AB3F-C24D45C39457}) (Version: 8.4.1.1717 - Dell, Inc.)
Dell Data Protection | Security Tools (HKLM-x32\...\InstallShield_{812AA6D3-5BEB-4577-88B1-00998B91AB41}) (Version: 1.4.1.777 - Dell, Inc.)
Dell Data Protection | Security Tools (x32 Version: 1.4.1.777 - Dell, Inc.) Hidden
Dell Data Protection | Security Tools Authentication (HKLM\...\{0B72160B-9F67-47C0-858F-5A0074162148}) (Version: 1.3.1.433 - DigitalPersona, Inc.)
Dell Digital Delivery (HKLM-x32\...\{D850CB7E-72BC-4510-BA4F-48932BFAB295}) (Version: 2.9.901.0 - Dell Products, LP)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Foundation Services (HKLM\...\{0D2426EF-A4D1-403B-B78B-2897D6AD3021}) (Version: 1.1.333.0 - Dell Inc.)
Dell Precision Optimizer (HKLM-x32\...\{D66A3355-FEA4-4F60-8BAF-D6CBEDB396D8}) (Version: 02.00.07 - Dell Inc.)
Dell Protected Workspace (HKLM-x32\...\{E2CAA395-66B3-4772-85E3-6134DBAB244E}) (Version: 4.5.19821 - Invincea, Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.0.6584.52 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.0.2.57295 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1206.101.110 - ALPS ELECTRIC CO., LTD.)
DraftSight (HKLM-x32\...\{87A003CE-22FD-4952-9B0F-B98304A13427}) (Version: 8.1.398 - Dassault Systemes)
Elevated Installer (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin BaseCamp (HKLM-x32\...\{31A67F6C-D79D-47B9-9F0B-13C0FCF3C3A8}) (Version: 4.4.6 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.20 (HKLM-x32\...\{74699736-87EB-49E7-8B71-7527A45C35C6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin City Navigator North America NT 2015.30 (HKLM-x32\...\{0F0E68E9-9463-4087-B211-E80FAC5F9BC6}) (Version: 2.0.0.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{714dc1e5-69a4-4ecd-9552-93397e084298}) (Version: 3.2.29.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.29.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin MapSource (HKLM-x32\...\{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}) (Version: 6.16.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{3213ED5E-7BBE-4613-BE69-8B1E4FE520DD}) (Version: 2.7.3 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (HKLM-x32\...\{D9DA2DF6-8CB6-4E3C-A29E-FAECFBA3E9A7}) (Version: 2.5.3.0 - Garmin Ltd or its subsidiaries)
Garmin Training Center (HKLM-x32\...\{7D542452-84EB-47C0-97BA-735C523AB555}) (Version: 3.6.5 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Innova OBD PC-Link (HKLM-x32\...\{6C2ED8C5-2E5B-4801-A03C-24FAB28FE497}) (Version: 2.3.7 - Innova Electronics)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.2.1000 - Intel Corporation)
Intel(R) Network Connections 19.2.104.00 (HKLM\...\PROSetDX) (Version: 19.2.104.00 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3574 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1423.2) (HKLM\...\{302600C1-6BDF-4FD1-1405-148929CC1385}) (Version: 17.0.1405.0466 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.1.0.1058 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.4.40 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{9C798E99-094E-4289-A6C8-1D5EE63AFFE3}) (Version: 4.2.29.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{3b398ef6-924b-4943-ae2d-e8feb143622a}) (Version: 17.0.5 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: - )
Learn Microsoft Visual Basic 6.0 Now (HKLM-x32\...\Learn Microsoft Visual Basic 6.0 Now) (Version: - )
Lorex Client 10 (HKLM-x32\...\Lorex Client) (Version: 10 - )
Lorex Player 11 (HKLM-x32\...\{CA8CEEE3-8F1B-4A27-80A4-A1A00A3AE3F5}) (Version: 1.2.14 - Lorex)
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visio for Enterprise Architects SR-1 [English] (HKLM-x32\...\{90560409-6D54-11D4-BEE3-00C04F990354}) (Version: 10.1.3313 - Microsoft Corporation)
Microsoft Visual Basic 6.0 Learning Edition (HKLM-x32\...\Visual Basic 6.0 Learning Edition) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4048 (HKLM\...\{91415F19-4C22-3609-A105-92ED3522D83C}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4048 (HKLM-x32\...\{5B1F2843-B379-3FF2-B0D3-64DD143ED53A}) (Version: 9.0.30729.4048 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual J# .NET Redistributable Package 1.1 (HKLM-x32\...\{1A655D51-1423-48A3-B748-8F5A0BE294C8}) (Version: 1.1.4322 - Microsoft)
Microsoft Visual Studio .NET Enterprise Architect 2003 - English (HKLM-x32\...\Visual Studio .NET Enterprise Architect 2003 - English) (Version: - Microsoft)
Microsoft Web Publishing Wizard 1.53 (HKLM-x32\...\WebPost) (Version: - )
Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0.2 - Mozilla)
Mozilla Sunbird (0.9) (HKLM-x32\...\Mozilla Sunbird (0.9)) (Version: 0.9 (en-US) - Mozilla)
MSDN Library - April 2003 (HKLM-x32\...\{8F729180-4934-49B5-8DAF-9320F5AAEE95}) (Version: 7.40.3085 - Microsoft)
MSDN Library - Visual Studio 6.0 (HKLM-x32\...\Microsoft Developer Network - Visual Studio 6.0) (Version: - )
NETGEAR VPN Client Lite (HKLM-x32\...\NETGEAR VPN Client Lite) (Version: - NETGEAR)
NetSetMan Pro 4.0.0 (HKLM-x32\...\NetSetMan_is1) (Version: 4.0.0 - Ilja Herlein)
Nuance OmniPage 18 (HKLM-x32\...\{10FD521E-11D1-4A08-A497-BB49B701C6D8}) (Version: 18.1.0000 - Nuance Communications, Inc.)
Nuance PaperPort 14 (HKLM-x32\...\{43A4BB54-C319-4207-8948-42E79E66F47F}) (Version: 14.5.0000 - Nuance Communications, Inc.)
Nuance PDF Converter Professional 7 (HKLM\...\{D117E04F-3FF8-45E2-8C1A-3E173C3111FE}) (Version: 7.30.6212 - Nuance Communications, Inc.)
OBD-PC Link (HKLM-x32\...\{01C6D0D1-0829-4AB3-955D-59FF12A14931}) (Version: 1.34.0000 - Innova Electronics)
OBD-PC Link (HKLM-x32\...\{D444D748-EB5A-4A94-A84C-EA58A9FC52F5}) (Version: 1.33.0000 - Innova Electronics)
OneTouch 4 ScanSoft OmniPage 16.2 OCR Module (HKLM-x32\...\{F80376CE-BB27-4757-B2A1-F3873F7FC457}) (Version: 2.0.0 - Visioneer)
OneTouch 4.6 (HKLM-x32\...\{AF8B1525-17EF-4D2E-A018-8D79CE260BA8}) (Version: 4.6.2014.9305 - Visioneer Inc.)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
P-215II CaptureOnTouch (HKLM-x32\...\{21FE8257-EF7A-46A9-B4A0-C50E4E55795E}) (Version: 3.0 - Canon Electronics Inc.)
P-215II UserManual (HKLM-x32\...\{AA1A23EF-80B0-4F98-A0A5-603D2441657B}) (Version: 1.05.0000 - Canon Electronics Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
PLI Viewer (HKLM-x32\...\PLI Viewer_is1) (Version: - Henry Rowehl)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6107 - CyberLink Corp.)
PowerXpressHybrid (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Realtek Audio COM Components (HKLM-x32\...\{2355B503-9B11-4449-861D-1C1748B26320}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6023 - Realtek Semiconductor Corp.)
RepairSolutions (HKLM-x32\...\{A8D9CD8C-6349-4462-8340-BEEC1D3E7B0E}) (Version: 1.1.0 - Innova Electronics)
Roxio Activation Module (HKLM-x32\...\{07159635-9DFE-4105-BFC0-2817DB540C68}) (Version: 1.0 - Roxio)
Roxio Creator Audio (HKLM-x32\...\{83FFCFC7-88C6-41C6-8752-958A45325C82}) (Version: 3.5.0 - Roxio)
Roxio Creator Copy (HKLM-x32\...\{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}) (Version: 3.5.0 - Roxio)
Roxio Creator Data (HKLM-x32\...\{0D397393-9B50-4C52-84D5-77E344289F87}) (Version: 3.5.0 - Roxio)
Roxio Creator DE (HKLM-x32\...\{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}) (Version: 3.5.0 - Roxio)
Roxio Creator Tools (HKLM-x32\...\{0394CDC8-FABD-4ED8-B104-03393876DFDF}) (Version: 3.5.0 - Roxio)
Roxio Drag-to-Disc (HKLM\...\{AAE78E39-FAAF-4C19-A63E-BDED7428FDE1}) (Version: 9.1 - Roxio)
Roxio Express Labeler 3 (HKLM-x32\...\{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}) (Version: 3.2.1 - Roxio)
Roxio Update Manager (HKLM-x32\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Scansoft PDF Professional (x32 Version: - ) Hidden
Scope (HKLM-x32\...\{F4070264-6752-4B25-82CD-451356E80E3C}) (Version: 5.23.0.0 - )
Scope (x32 Version: 5.23.0.0 - GFM GmbH, Austria) Hidden
Scope (x32 Version: 5.6.3.0 - GFM GmbH, Austria) Hidden
SetIP (HKLM-x32\...\SetIP) (Version: 2.00.00.00 - Xerox Ltd.)
Sonic CinePlayer Decoder Pack (HKLM-x32\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.2.0 - Sonic Solutions)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.10.0051 - ST Microelectronics)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.2 - Tweaking.com)
Ulead Photo Express 4.0 SE (HKLM-x32\...\{BBC0D330-C37B-4472-BFB9-AA217CF0C95F}) (Version: - )
Ulead VideoStudio 7 SE Basic (HKLM-x32\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
Visioneer Acuity Assets V1 (HKLM-x32\...\{8D4A39B4-5D75-462C-89A2-81C1D887B9B5}) (Version: 5.1.812.11295 - Visioneer)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WD My Cloud (HKLM\...\{3082756C-2147-411F-AE6A-9DCEF0121903}) (Version: 1.0.7.5 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{F6FE3205-7737-4772-9017-C7ACD8A5561C}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{647175e1-9944-4a82-bac1-102c95f0a99a}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WIBU-KEY Setup (WIBU-KEY Remove) (HKLM\...\{00060000-0000-1004-8002-0000C06B5161}) (Version: Version 5.20b of 2007-Apr-18 (Setup) - WIBU-SYSTEMS AG)
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
Xerox WorkCentre 3315 (HKLM-x32\...\Xerox WorkCentre 3315) (Version: - Xerox Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
07-03-2015 12:34:18 Windows Backup
07-03-2015 23:14:40 Windows Backup
08-03-2015 10:39:23 Windows Backup
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2014-11-23 10:56 - 2015-02-26 18:51 - 00000035 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {01CDA079-E77B-421B-90B9-75C2DAAF2326} - System32\Tasks\{77EC7949-2166-4C99-A482-47664618375C} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {082FD059-B97E-4008-8D23-4420260357D4} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-03-04] (Dell Inc.)
Task: {26894EDA-0EB2-4937-B448-CD4DF445DD75} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {28B4D76D-CFC1-4BAF-A663-74CC919672C3} - System32\Tasks\{B43AC92C-8F82-4E72-883E-4A0B25F47BF4} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {3C1EFCB7-E81C-4EAA-95D3-D8A1A6D12A6F} - System32\Tasks\{321E17FF-DD87-4263-80FD-AD992F7D62E1} => C:\Garmin\PoiLoader.exe [2008-07-15] (GARMIN Corp.)
Task: {403103E9-5857-43F7-A4A4-C9F3B1691BB6} - System32\Tasks\Dell\PPO SM Manual Update => C:\Program Files\Dell\PPO\DcsuWrap.exe [2014-08-15] (Dell Inc.)
Task: {4B573AF8-25FE-49CC-AD1C-6ABE3F9FB781} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {571D3241-AEDC-4FA5-95E4-FF50179E65E6} - System32\Tasks\NetSetMan => C:\Program Files (x86)\NetSetMan\netsetman.exe [2015-03-02] (Ilja Herlein)
Task: {5F654F61-BA49-41CF-B1B7-EA3377B0A2F2} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {68D5D6E6-27B2-46DC-A690-A49805D6FCF5} - System32\Tasks\{18C23A6D-5405-41EE-8CBF-019CDF144345} => C:\totalcmd\TOTALCMD.EXE [2012-08-03] (Ghisler Software GmbH)
Task: {6E5BD55F-4A0A-4D72-9B2B-551C35D8517C} - System32\Tasks\{E5774B80-584C-477F-BDD4-089CE253FC27} => pcalua.exe -a C:\Users\Henry\Documents\Downloads\Visioneer\HiddenDevices.exe -d C:\Users\Henry\Documents\Downloads\Visioneer
Task: {7BD388DD-3811-4416-BF3B-F40C41F0A149} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {8C04DBAF-00AC-4F7E-AA99-AB71337B4664} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {94179557-D46C-4493-A857-704EA6934870} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {9B13EA28-4E92-4D59-899E-9BA4DA183BC5} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-02-03] (PC-Doctor, Inc.)
Task: {A22AFACB-6E1C-43DB-9A40-4BA28C01CBF0} - System32\Tasks\{76300760-610E-4F6A-871B-95BDAA2C3F34} => D:\SETUP.EXE
Task: {A3910C73-9DED-42CC-86EB-38687AD85BC2} - System32\Tasks\{BB86F365-1D4E-482E-AC11-BF302E1FD6F7} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {A3A84466-9B3A-4EF3-A7FE-A29BB540E5B5} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2015-01-28] ()
Task: {BFF99A1F-B2E1-4E8B-8889-FB37398862B9} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] ()
Task: {C24C108D-795C-499C-B91C-B46713D3ABE2} - System32\Tasks\{F0E1B53D-B723-4DE0-BCFC-7E82834E305A} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {DE7DE3E1-7DDA-42B8-BDED-247F8E2BBEBD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15] (Google Inc.)
Task: {E2244DBB-385A-4C62-B727-9E65B19AEB08} - System32\Tasks\{665DC180-863A-496B-857C-BC8F4F3B89FD} => C:\Program Files (x86)\Microsoft Visual Studio .NET 2003\Common7\IDE\devenv.exe [2003-03-19] (Microsoft Corporation)
Task: {EC53F16E-BE76-4247-86BD-646CA3DAB8A5} - System32\Tasks\{62BE403F-5535-4C72-A461-AE9059E0B730} => D:\SETUP.EXE
Task: {F4D39289-4BC2-4A70-8FF9-12990900D3E3} - System32\Tasks\{9CF71E80-E39E-4CEA-9770-D5981D522BF6} => D:\SETUP.EXE
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2014-09-11 18:59 - 2014-09-11 18:59 - 00303968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\authproxy.dll
2014-11-01 13:58 - 2011-07-28 12:55 - 00034304 _____ () C:\Windows\System32\sxr2mlm.dll
2014-11-01 13:58 - 2012-11-06 07:48 - 01214464 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\sxr2mdu.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00026464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Loader.exe
2014-09-11 18:59 - 2014-09-11 18:59 - 02172768 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Resources.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00027488 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Interfaces.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00082272 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Objects.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00062816 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.AuthProxy.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00079200 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.PBA.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00036192 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.Agent.Plugins.SED.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00129376 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredSEDProxy.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00666464 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CredCommon.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00879456 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\CryptoProvider.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00707424 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\DBManager.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00353632 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\OPALProvider.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 01507680 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\ConnectionProvider.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00047968 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\FVEProvider.dll
2014-10-26 18:08 - 2014-06-04 16:02 - 00020256 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.dll
2014-10-26 18:08 - 2014-06-04 16:02 - 00019744 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.dll
2014-10-26 18:08 - 2014-06-04 16:03 - 00035104 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRShellExtension.dll
2014-09-11 18:59 - 2014-09-11 18:59 - 00232288 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.SystrayApp.exe
2014-09-11 18:59 - 2014-09-11 18:59 - 00360800 _____ () C:\Program Files\Dell\Dell Data Protection\Client Security Framework\Dell.SecurityManager.UXLib.dll
2015-02-12 19:19 - 2015-02-12 19:19 - 00615112 _____ () C:\Program Files (x86)\Invincea\Enterprise\X64\SqlliteICD.dll
2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2014-09-29 20:51 - 2014-09-29 20:51 - 00074664 _____ () C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
2014-10-26 18:08 - 2014-07-02 22:55 - 00487144 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBRCrawler.exe
2015-02-13 18:00 - 2015-02-13 18:00 - 01683968 _____ () C:\ProgramData\BOINC\projects\milkyway.cs.rpi.edu_milkyway\milkyway_nbody_1.48_windows_x86_64__mt.exe
2013-03-25 13:42 - 2013-03-25 13:42 - 00021824 _____ () C:\Program Files (x86)\EMC Captiva\Captiva Cloud Runtime\SSLSupport.dll
2014-08-13 09:27 - 2014-08-13 09:27 - 00988160 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxml2.dll
2014-07-29 13:34 - 2014-07-29 13:34 - 00170496 _____ () C:\Program Files (x86)\OpenOffice 4\program\libxslt.dll
2014-04-10 15:30 - 2014-04-10 15:30 - 00134664 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2014-04-29 17:23 - 2014-04-29 17:23 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-10-26 18:08 - 2014-07-30 18:37 - 01906464 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\STRestoreAPI.dll
2014-10-26 18:08 - 2012-11-26 00:19 - 01153384 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\libxml2.dll
2014-10-26 18:08 - 2012-11-26 00:19 - 00117608 _____ () C:\Program Files (x86)\Dell Backup and Recovery\Components\Restore\zlib1.dll
2014-12-27 13:46 - 2014-12-27 13:46 - 00133120 _____ () C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 208.67.222.222 - 208.67.222.220
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
ACTUser (S-1-5-21-1310488628-551009281-1505269296-1005 - Limited - Enabled)
Administrator (S-1-5-21-1310488628-551009281-1505269296-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1310488628-551009281-1505269296-1003 - Limited - Enabled)
Guest (S-1-5-21-1310488628-551009281-1505269296-501 - Limited - Enabled)
Henry (S-1-5-21-1310488628-551009281-1505269296-1000 - Administrator - Enabled) => C:\Users\Henry
HomeGroupUser$ (S-1-5-21-1310488628-551009281-1505269296-1011 - Limited - Enabled)
SQLDebugger (S-1-5-21-1310488628-551009281-1505269296-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Microsoft Virtual WiFi Miniport Adapter #2
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/08/2015 11:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
System errors:
=============
Error: (03/08/2015 08:49:26 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: The name "JHR1 :1d" could not be registered on the interface with IP address 192.168.0.49.
The computer with the IP address 192.168.0.12 did not allow the name to be claimed by
this computer.
Error: (03/07/2015 05:48:02 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \SystemRoot\System32\DRIVERS\PSKMAD.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (03/07/2015 05:40:54 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Search service terminated with the following error:
%%19
Error: (03/07/2015 05:40:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (03/07/2015 05:40:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (03/07/2015 05:40:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Error: (03/07/2015 05:40:39 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (03/07/2015 05:40:39 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Media Player Network Sharing Service service failed to start due to the following error:
%%1069
Error: (03/07/2015 05:40:39 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WMPNetworkSvc service was unable to log on as NT AUTHORITY\NetworkService with the currently configured password due to the following error:
%%50
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
Error: (03/07/2015 05:40:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.
Module Path: C:\Windows\System32\IWMSSvc.dll
Microsoft Office Sessions:
=========================
Error: (03/08/2015 11:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:45 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:37 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
Error: (03/08/2015 11:13:36 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: GetLargeResourceRecord: opt 65002 optlen 8 wrong
CodeIntegrity Errors:
===================================
Date: 2015-02-25 09:09:19.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2015-02-25 09:09:19.402
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2014-11-09 16:43:42.493
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:46:22.548
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 12:36:23.302
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:55:27.525
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:30:57.431
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 11:08:00.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:52:31.536
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
Date: 2014-11-09 10:44:27.439
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\AVG\AVG2015\avghooka.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4710MQ CPU @ 2.50GHz
Percentage of memory in use: 30%
Total physical RAM: 16289.21 MB
Available physical RAM: 11352.05 MB
Total Pagefile: 32576.6 MB
Available Pagefile: 25791.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:919.74 GB) (Free:46.52 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:1862.98 GB) (Free:721.05 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:11.73 GB) (Free:3.71 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: 0005F107)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
==================== End Of Log ============================
C:\ProgramData\Optimizer ---> 3 / 68 (PUP)
Publisher: MicroTools
I think you should uninstall it at this time and if it's a tool you must use redownload it later.
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
~~~~~~~~~~~~~~~~~~~~~
Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 YouTubeDownload_A4; C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe [2971736 2015-03-03] (Microsoftware)
C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
2015-02-26 18:52 - 2015-03-03 14:02 - 00000000 ____D () C:\ProgramData\Optimizer
C:\ProgramData\Optimizer
EmptyTemp:
End
Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~~~~~~~~~`
Reset all the browsers back to default:
Instructions on how to backup your Favourites/Bookmarks and other data can be found below.
Backup Internet Explorer Bookmarks
http://www.wikihow.com/Back-Up-Favorites-in-Internet-Explorer
Backup Firefox Bookmarks
https://support.mozilla.org/en-US/kb/export-firefox-bookmarks-to-backup-or-transfer
Backup Chrome Bookmarks
http://www.wikihow.com/Export-Bookmarks-from-Chrome
Proceed with the reset once done.
I.E.
Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.
In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
Reset Internet Explorer
In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings
When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
Close Internet Explorer.
Firefox
At the top of the Firefox window, click the Firefox button, go over to the Help sub-menu and select Troubleshooting Information.
Click the Reset Firefox button in the upper-right corner of the Troubleshooting Information page.
To continue, click Reset Firefox in the confirmation window that opens.
Firefox will close and be reset. When its done, a window will list the information that was imported. Click Finish
Google Chrome
enter the following into the Chrome address bar:
chrome://settings/personal
and at the bottom click on "Advanced Settings"
At the very bottom of the page click on "Reset Browser Settings"
If you delete these files, they will be recreated when you go back into the browser:
C:\Users\"User Name"\AppData\Roaming\Mozilla\Firefox\Profiles
C:\Users\"User Name"\AppData\Local\Google\Chrome\User Data\Default
~~~~~~~~~~~~~~~~~~~~~~~~~
http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.
Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
~~~~~~~~~~~~~~~~
I know thats alot to do but trying hard to find the root of the problem.
please post
file to be scanned
fixlog
JRT.txt
jhrowehl
2015-03-09, 02:31
C:\ProgramData\Optimizer ---> 3 / 68 (PUP)
Publisher: MicroTools
I think you should uninstall it at this time and if it's a tool you must use redownload it later.
Please go to one of the below sites to scan the following files:
Virus Total (Recommended) (http://www.virustotal.com/)
jotti.org (http://virusscan.jotti.org/)
VirScan (http://virscan.org/)
click on Browse, and upload the following file for analysis:
C:\Users\Henry\AppData\Roaming\xaeojhej\colers.dll
Then click Submit. Allow the file to be scanned, and then please copy and paste the results link (for Virus Total) here for me to see.
If it says already scanned -- click "reanalyze now"
Please post the results in your next reply.
I'm going to have to get to that tomorrow...
I did scan the file, here's the link:
https://www.virustotal.com/en/file/cc24f54868900e052aedd645044640d142a3f26627d8cae0ccfc8f2b78856b3c/analysis/1425843560/
The FRST script I created has C:\ProgramData\Optimizer to be removed.
Also, locate and remove this folder
C:\Users\Henry\AppData\Roaming\xaeojhej
jhrowehl
2015-03-10, 00:10
Also, locate and remove this folder
C:\Users\Henry\AppData\Roaming\xaeojhej
Done. Took some fiddling, but I got it. Had to boot in safe mode, then use a utility to remove it - it was marked system/hidden.
jhrowehl
2015-03-10, 02:24
The FRST script I created has C:\ProgramData\Optimizer to be removed.
Also, locate and remove this folder
C:\Users\Henry\AppData\Roaming\xaeojhej
We may be on to something here... I left the computer connected to the internet for a couple of hours, which usually results in my rogue processes starting. So far, (keep your fingers crossed...), no rogue processes.
I didn't run FRST yet, I've been doing things one at a time, in an attempt to identify the source. Removing that particular directory seems to have made a difference. Aside from not seeing the rogue processes, the computer seems faster, and my biometrics are working better. We've been through the situation before where it took a couple of hours for the processes to show up, so I'm being real cautious and holding off with the victory dance for a bit.
But, here's hoping...
We may be on to something here... I left the computer connected to the internet for a couple of hours, which usually results in my rogue processes starting. So far, (keep your fingers crossed...), no rogue processes.
I didn't run FRST yet, I've been doing things one at a time, in an attempt to identify the source. Removing that particular directory seems to have made a difference. Aside from not seeing the rogue processes, the computer seems faster, and my biometrics are working better. We've been through the situation before where it took a couple of hours for the processes to show up, so I'm being real cautious and holding off with the victory dance for a bit.
But, here's hoping...
After removing this one?
C:\Users\Henry\AppData\Roaming\xaeojhej
You should run the FRST script, from what I can find that should be everything.
Man, the happy/victory dance I'm going to do will shock the world!
jhrowehl
2015-03-10, 04:43
After removing this one?
C:\Users\Henry\AppData\Roaming\xaeojhej
You should run the FRST script, from what I can find that should be everything.
Man, the happy/victory dance I'm going to do will shock the world!
Yep, that's the one. It seems to be behaving a little better now. I'll be watching closely for a couple of days, just to be sure, and will keep you posted.
I ran the FRST fixlist, here's the log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-03-2015 02
Ran by Henry at 2015-03-09 22:36:09 Run:2
Running from C:\Users\Henry\Desktop
Loaded Profiles: Henry (Available profiles: Henry)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
R2 YouTubeDownload_A4; C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe [2971736 2015-03-03] (Microsoftware)
C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe
2015-02-26 18:52 - 2015-03-03 14:02 - 00000000 ____D () C:\ProgramData\Optimizer
EmptyTemp:
End
*****************
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1310488628-551009281-1505269296-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
YouTubeDownload_A4 => Service deleted successfully.
C:\Program Files (x86)\YouTube-Downloader\A4\youtubeserv.exe => Moved successfully.
C:\ProgramData\Optimizer => Moved successfully.
OK good
fingers and toes crossed here :)
jhrowehl
2015-03-11, 01:22
OK good
fingers and toes crossed here :)
Same here! So far, no rogue processes coming up... still cautiously monitoring...
man, don't burst my bubble.
Been waiting all day for your reply to say all is good!
jhrowehl
2015-03-11, 03:14
man, don't burst my bubble.
Been waiting all day for your reply to say all is good!
Looking good so far. :) If I can go another day or two without the rogue processes, then I'll feel safe saying it's fixed. I'm an electronic service rep for a machine tool manufacturing company, so I'm familiar with having things look good, only to find out that the problem came back. So far today, I've had Firefox online for about 5 hours, with no rogue processes... that's a really good sign. I think if I can make it through to Friday without the ghosties or goblins coming back, then I'll be ready to consider it fixed.
gotcha!
We'll be here if needed.
jhrowehl
2015-03-11, 23:03
gotcha!
We'll be here if needed.
So far today, everything looked good. I'm going leave Firefox active for a bit tonight, to see if any rogue processes come up. I'm fairly confident that I won't see any, but, once bit, twice cautious.
Just out of curiosity, if that was the problem, will the offending DLL's be added to the definition files at some point? I still have them in the recycle bin, and am going to try to get them onto a memory stick or something.
jhrowehl
2015-03-11, 23:20
I have the 2 DLL files isolated in secure storage. Here are the VirusTotal links:
colers.dll
https://www.virustotal.com/en/file/cc24f54868900e052aedd645044640d142a3f26627d8cae0ccfc8f2b78856b3c/analysis/1426108563/
tivesen.dll
https://www.virustotal.com/en/file/6aacfb1f5677105bb09e714abcd4096a11e15bfca87892197fbb1870b8089eb6/analysis/1426108659/
So far today, everything looked good. I'm going leave Firefox active for a bit tonight, to see if any rogue processes come up. I'm fairly confident that I won't see any, but, once bit, twice cautious.
wooohooo!
I'm checking into the other to see if the R&D team needs those.
It's possible you may want to contact your antivirus vendor with these.
jhrowehl
2015-03-13, 02:27
wooohooo!
I'm checking into the other to see if the R&D team needs those.
It's possible you may want to contact your antivirus vendor with these.
The status report for today is... still no rogue processes. :)
It looks like we have the problem under control. Quick question... what program was calling the DLL's? Do I need to remove that program and associated registry entries?
The status report for today is... still no rogue processes. :)
It looks like we have the problem under control. Quick question... what program was calling the DLL's? Do I need to remove that program and associated registry entries?
To give you an exact program name..., don't know if I can but from what we did find and remove
C:\ProgramData\Optimizer ---> 3 / 68 (PUP)
Publisher: MicroTools
Both of those are capable of adding entries into the C:\Users\Henry\AppData\Roaming folder where malware so often does.
I honestly think if there was anything residual left behind it would had reared it's ugly head by now.
We need to remove tools and quarantine folders.
DelFix
Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix)
or from here http://www.bleepingcomputer.com/download/delfix/ and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Purge system restore
Click the Run button.
-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).
~~~~~~~~~~~~~~~~~~~
Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP
The following programmes come highly recommended in the security community.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
Want to help others? Join the ClassRoom (http://forums.whatthetech.com/What_the_Tech_Classroom_t80368.html) and learn how.
jhrowehl
2015-03-14, 02:18
OK, I think I'm ready to say that the problem is gone. :D:
I'm still curious as to which program was running that called the DLL's that were deleted. I know that's not an easy thing to do. Is it possible to find out with some type of registry scan?
jhrowehl
2015-03-14, 02:53
I did a quick search of the registry, and came up with the colers.dll file in 4 locations. I didn't find the other one that was in the deleted directory, tivesen.dll.
I've attached a file with the registry keys listed. Don't know if it will help or not, but, I figured it couldn't hurt.
OK, I think I'm ready to say that the problem is gone.
It was a battle!
CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090} which I think can mean task bar, tool bar or BHO
56FDF344-FD6D-11d0-958A-006097C9A090 is a windows system Taskbar Communication component.
AdwCleaner in different logs took it out
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
When searching it was also located when asking someone to do a Search for "ask"
Now, if this applies to you, heaven only knows.
Have you done a search to see if this folder is still on the computer?
C:\\Users\\Henry\\AppData\\Roaming\\xaeojhej
We can take out those reg entries
Next, launch Notepad, (Start > Run, type in: notepad) copy and paste next present in the quotebox below in it:
Windows Registry Editor Version 5.00
[-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
[-HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
[-HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
[-HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
[-HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
[-HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
[-HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
[-HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
Save this as fix.reg and change the "Save as type" to "All Files" and place it on your desktop. It should look like this: http://i204.photobucket.com/albums/bb106/Juliet702/regMiekie.png
Double-click on it and when it asks you if you want to merge the contents to the registry, click "Yes" or "OK". You should receive a message that it was successful. You may delete the file afterwards
jhrowehl
2015-03-14, 04:25
Yes, it was a battle! But, we managed to track it down, and win the fight.
Have you done a search to see if this folder is still on the computer?
C:\\Users\\Henry\\AppData\\Roaming\\xaeojhej
Yes I did, no it's not. I had removed it per your instructions in a prior message. That's when the problem went away. I managed to recover it, and the contents, from the recycle bin, and have the folder and the files isolated in a secure storage area.
The second DLL file, that was in the folder with the colers.dll file, wasn't in the registry. Makes me curious...
I reckon it was a ghost file?..but I am so glad it's gone. (I danced a little jig, if your from the south you'll know what that means)
but want to say, it's been a pleasure.
jhrowehl
2015-03-15, 20:34
I reckon it was a ghost file?..but I am so glad it's gone. (I danced a little jig, if your from the south you'll know what that means)
but want to say, it's been a pleasure.
I know what dancing a jig is all about!
Just out of curiosity, I have something going on now (not related to the original problem!). One of the registry keys seems to have been... corrupted? System restore is not working due to a known problem put out by Microsoft. Somewhere along the line, a registry backup was done. I still have those files where the program put them. How can I restore the registry?
I know that's going to put back entries that we removed, but, I still have the scripts available in this thread, so I can remove them again.
Early on, did you download and use Tweaking, registry backup
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29-Updated
did you follow requirements here on post #2?
There will now be a folder at the root of the Hard-Drive named C:\RegBackup
Can you give me info on what registry key is messing up?
jhrowehl
2015-03-16, 00:05
Early on, did you download and use Tweaking, registry backup
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-02-28 18:21 - 2015-02-28 18:21 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
2015-02-21 11:06 - 2015-02-21 11:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
C:\Windows\tweaking.com-regbackup-ELSERVICE13-Windows-7-Professional-(64-bit).dat
http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-%28Please-read-this-Procedure-Before-Requesting-Assistance%29-Updated
did you follow requirements here on post #2?
There will now be a folder at the root of the Hard-Drive named C:\RegBackup
Can you give me info on what registry key is messing up?
Yes, I did, and I have the backups still available. I thought I had posted this already, but I figured out how to do the registry restore, and all is working well again. The registry key that was 'not quite right' is in the attached screen capture.
Before I did the restore, I exported the entire registry into a separate folder. Now, I'm going to export it again into another folder, and then do a file compare to see what changed. If you've ever heard of TotalCommand, it absolutely outstanding for that. Highlight one file in the left window, highlight another file in the right window, and have it compare by content. It will highlight all the differences. Once I find the difference with that class ID, I'll let you know.
jhrowehl
2015-03-16, 00:46
OK... the following is the results of comparing the two registry files. The section "Reg2" is the registry that I was having the problem with. The section "Reg3" is the restored registry that works. Note that there a 5 entries in the problem registry, and 10 entries in the working registry.
Missing ClassID
Reg2
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,78,00,\
70,00,6c,00,6f,00,72,00,65,00,72,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
"LastKey"="Computer\\HKEY_LOCAL_MACHINE\\SOFTWARE\\Wow6432Node\\Classes\\CLSID\\{56FDF344-FD6D-
11d0-958A-006097C9A090}"
Reg3
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,78,00,\
70,00,6c,00,6f,00,72,00,65,00,72,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{56FDF344-FD6D-11d0-958A-
006097C9A090}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,78,00,\
70,00,6c,00,6f,00,72,00,65,00,72,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{56FDF344-FD6D-11d0-958A-
006097C9A090}\InProcServer32]
@=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\
00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,65,00,78,00,\
70,00,6c,00,6f,00,72,00,65,00,72,00,66,00,72,00,61,00,6d,00,65,00,2e,00,64,\
00,6c,00,6c,00,00,00
"ThreadingModel"="Apartment"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Classes\Wow6432Node\CLSID
\{56FDF344-FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000\Software\Classes\Wow6432Node\CLSID
\{56FDF344-FD6D-11d0-958A-006097C9A090}\InProcServer32]
@="C:\\Users\\Henry\\AppData\\Roaming\\xaeojhej\\colers.dll"
"ThreadingModel"="Apartment"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\Wow6432Node\CLSID\{56FDF344-
FD6D-11d0-958A-006097C9A090}]
@="Task Bar Communication"
[HKEY_USERS\S-1-5-21-1310488628-551009281-1505269296-1000_Classes\Wow6432Node\CLSID\{56FDF344-
FD6D-11d0-958A-006097C9A090}\InProcServer32]
@="C:\\Users\\Henry\\AppData\\Roaming\\xaeojhej\\colers.dll"
"ThreadingModel"="Apartment"
I figured out how to do the registry restore, and all is working well again
yes!
In Reg3, all those items were restored?
I see the bad folder and the bad file?
jhrowehl
2015-03-16, 02:13
yes!
In Reg3, all those items were restored?
I see the bad folder and the bad file?
The entire registry was restored - the whole shootin' match. Like I had mentioned in one of my last posts, this will restore all the 'bad' stuff too... but we know what was removed. The fixlist entries are still in the messages here. Even though it will be 'been there, done that', at least we're not shooting in the dark looking for the problem. And on that subject, the original problem did *not* return with the registry restore. The registry entries were restored, not the folder or the files. When the folder with the files was deleted, the problem went away. Those files are still gone.
The restored registry now references non-existent files, but I can fix that. I can go back through the message thread, get all the FRST fixlist files, and re-run them.
the original problem did *not* return with the registry restore. The registry entries were restored, not the folder or the files. When the folder with the files was deleted, the problem went away. Those files are still gone.
The restored registry now references non-existent files, but I can fix that. I can go back through the message thread, get all the FRST fixlist files, and re-run them.
Was thinking I was getting ready to shoot you!, then read it over again and see it's better then expected.
goodness gracious, ok, the computer still in good shape?
jhrowehl
2015-03-16, 03:57
Was thinking I was getting ready to shoot you!, then read it over again and see it's better then expected.
goodness gracious, ok, the computer still in good shape?
I was wearing my bulletproof vest... :D: I had thought about the possibility of bringing the original problem back, then remembered that the folder was deleted, so the offending DLL's are no longer available. If they're not on the system, they can't be executed. I'm going to locate the fixlist where the coler.dll entries were removed, and run that one only, since that DLL was the problem. At least the references to it will be gone also.
And so far, so good. I haven't seen the rogue processes yet. I'll be keeping an eye on it for a few days again, but I'm confident that I won't see the problem.
I was wearing my bulletproof vest
LOL!
You know, if it ain't broke?
jhrowehl
2015-03-17, 00:25
LOL!
You know, if it ain't broke?
Yeah... If it ain't broke, there's no job security for the repair tech... :lip:
Anywho, still no occurrences of the rogue processes. And just out of curiosity, you had me make a change to Internet Exploder... I mean Explorer... where no changes could be made by outside processes, or something along those lines. I have a utility that automatically sets the home page and proxy settings based on network connections, and IE is not cooperating. How do I remove the extra security requirement, set it back to default?
Are you talking about this?
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
Using Automatic Configuration, Automatic Proxy, and Automatic Detection
https://technet.microsoft.com/en-us/library/cc985352.aspx
jhrowehl
2015-03-17, 03:40
Are you talking about this?
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xehzOq95.png.pagespeed.ic.1o1xpAkZbO.png Internet Explorer: How to reset Internet Explorer settings (http://support.microsoft.com/kb/923737)
Using Automatic Configuration, Automatic Proxy, and Automatic Detection
https://technet.microsoft.com/en-us/library/cc985352.aspx
No, it was something you had me do to make sure that default settings for IE weren't being changed by the rogue processes. I can't remember specifically what it was, but I seem to recall opening IE, click the gear icon, then...
And that's where I get lost. :sad:
Could it be related to resetting the router?
Post #75
Please make sure of the following settings on your computer:
Click Start, Control panel, then double-click Network and Sharing Center.
In the left window select Manage Network Connection.
In the right window right-click Local Area Connection and select Properties .
Internet Protocol Version 6 (IP6v) should be checked. Double-click on it. Make sure of the following settings:
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK.
Internet Protocol Version 4 (IP4v) should be checked. Double-click on it.
The option Obtain an IP address automatically should be checked.
The option Obtain DNS server address automatically should be checked.
Click OK twice.
If you need to change any of these settings you will need to reboot your computer.
~~~
we refreshed
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
~~~~~
I've gone over this thread in it's entirety. I've located all the IE instructions I posted
Post 24
Clear Browser Cache in IE11 and Download Flash Cookie Killer
Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button , and then select theGeneral tab, then select Browsing history select the Delete button.
Select the check box next to each of the following categories.
Temporary Internet files and website files
Cookies and website data
History
Click Delete
~~~~~~~~~~~~~~~~
Post #48
Clear Browser Cache in IE11
Close all Internet Explorer and Windows Explorer windows that are currently open.
Open Internet Explorer.
Click the Tools button , and then select theGeneral tab, then select Browsing history select the Delete button.
Select the check box next to each of the following categories.
Temporary Internet files and website files
Cookies and website data
History
Click Delete
~~~~~
Add-ons - Enable or Disable Add-On Manager
http://www.sevenforums.com/tutorials...d-manager.html
See if a browser add-on is preventing the additional IE processes from closing.
Start Internet Explorer without add-ons by right-clicking the IE icon on the desktop. Choose Start without add-ons.
or
from Start> Programs> Accessories> System tools> Internet Explorer (no add-ons)
If the problem goes away, an add-on is causing it.
Since version 8, Internet Explorer uses a tab-per-process model. That means there is a "iexplore.exe" for the user interface, then each tab you have open is another "iexplore.exe" This is done for security reasons and increases stability of the browser.
~~~~~~~~~~~~~~~~`
Post 90
Reset all the browsers back to default:
Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.
In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
Reset Internet Explorer
In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings
When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
Close Internet Explorer.
jhrowehl
2015-03-18, 00:15
Post 90
Reset all the browsers back to default:
Open Internet Explorer, click on the gear icon at the top (far right), then click again on Internet Options.
In the Internet Options dialog box, click on the Advanced tab, then click on the Reset button.
Reset Internet Explorer
In the Reset Internet Explorer settings section, check the Delete personal settings box, then click on Reset Internet Explorer back to its default settings
When Internet Explorer finishes resetting, click Close in the confirmation dialogue box and then click OK.
Close Internet Explorer.
That was the fix. I thought we had done something to prevent changes being made by 'other' processes, but I couldn't remember what it was. However, resetting to defaults did what I was looking for.
And - still no rogue processes. :bigthumb:
Good deal.
It's been a pleasure to help you :)
jhrowehl
2015-03-18, 02:38
Good deal.
It's been a pleasure to help you :)
Yeah, was a whole lot of fun, wasn't it? :laugh: Now, Windows Update has 12 updates waiting for me. Here goes nothing...
ahmmm, afraid to ask but, is the computer still useable?
Are we ready to close this topic out?
jhrowehl
2015-03-19, 01:58
ahmmm, afraid to ask but, is the computer still useable?
Are we ready to close this topic out?
Yes, it's doing fine! I'm back to the stuff that was happening before the rogue processes... minor stuff that I think is drivers and such. But that's not malware. So, I guess this thread can be closed.
Thanks for your help!
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif
Since this issue appears resolved ... this Topic is closed.