Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

STOP c0000135


  • This topic is locked This topic is locked
14 replies to this topic

#1 GingerCat

GingerCat

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 17 March 2015 - 06:57 AM

Hi, I have a Windows 7 Pro 32 bit machine with the following STOP error "STOP: C0000135 The program can't start because %hs is missing. Try resintalling the program"

 

I have scanned with Sophos with the drive connected to another machine and W32/AutoRun-BSY was removed.

 

Here is my FarBar log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by SYSTEM on MININT-06FF0JP on 16-03-2015 16:35:15
Running from H:\
Platform: Windows 7 Professional (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [CheckIt Diagnostics 8] => C:\Program Files\Smith Micro\CheckIt Diagnostics 8\cd8ctf.exe [54088 2010-05-11] (Smith Micro)
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [516928 2013-02-15] (Acronis)
HKLM\...\Run: [ACPW08EN] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\acdIDInTouch2.exe [1813776 2014-09-17] (ACD Systems)
HKLM\...\Run: [btbb_McciTrayApp] => C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe [2860856 2013-11-11] (Alcatel-Lucent)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [43608 2014-08-21] ()
HKLM-x32\...\Run: [AVG_UI] => "C:\Program Files (x86)\AVG\AVG2015\avgui.exe" /TRAYONLY
HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [6382144 2014-03-05] (Acronis)
HKLM-x32\...\Run: [AcronisTibMounterMonitor] => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe [1103424 2013-01-10] (Acronis)
HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ioloLiveBoost] => C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe [5482104 2015-02-12] (iolo technologies, LLC)
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
HKU\David\...\Run: [Driver Detective] => C:\Program Files (x86)\PC Drivers HeadQuarters\Driver Detective\DriversHQ.DriverDetective.Client.exe [4785536 2014-05-07] (PC Drivers Headquarters)
HKU\David\...\Run: [Shadow] => C:\Program Files (x86)\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe [678960 2008-07-30] (NewTech Infosystems, Inc.)
HKU\David\...\Run: [DDAssist] => C:\Program Files (x86)\Drobo\Drobo Dashboard\DDAssist.exe [288080 2014-02-11] (Drobo, Inc.)
HKU\David\...\Run: [Drobo PC Backup] => C:\Program Files (x86)\Drobo\Drobo PC Backup\DroboPCBackup.exe [3645440 2011-04-18] (Drobo)
HKU\David\...\Run: [NetDrive2] => C:\Program Files\NetDrive2\NetDrive2.exe [12599600 2015-03-10] (Bdrive Inc)
HKU\David\...\Run: [ACDSeeCommanderPro8] => C:\Program Files\ACD Systems\ACDSee Pro\8.0\ACDSeeCommanderPro8.exe [2136072 2014-12-16] ()
HKU\David\...\Run: [GoogleChromeAutoLaunch_9A83AADA066CCEA6F8C613E0AB5C7E19] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-20] (Google Inc.)
HKU\David\...\Run: [Affixa] => C:\Program Files (x86)\Affixa_Notably Good Ltd\Affixa\AffixaTray.exe [643584 2014-08-13] (Notably Good Ltd)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
IFEO\adobe dng converter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe stock photos cs3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\creative cloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dreamweaver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit 2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extension manager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdapp.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop elements 11.0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementsorganizer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\professional_cpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shadow.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-16] (Adobe Systems Incorporated)
S2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DDService; C:\Program Files (x86)\Drobo\Drobo Dashboard\DDService.exe [1946960 2014-02-11] (Drobo, Inc.)
S2 DokanMounter_Dokan_NetDrive2; C:\Program Files\NetDrive2\mounter.exe [28160 2015-01-27] (Windows ® Win 7 DDK provider)
S2 DroboPCBackup.Service.exe; C:\Program Files (x86)\Drobo\Drobo PC Backup\DroboPCBackup.Service.exe [22016 2011-04-18] (Drobo)
S2 FoxitCloudUpdateService; C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\Foxit Cloud\FCUpdateService.exe [243880 2015-02-13] (Foxit Software Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC)
S2 notifierNetDrive2; C:\Program Files\NetDrive2\nd2sp.exe [75112 2015-03-10] (Bdrive Inc.)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
S2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S4 PDFProFiltSrv; C:\Program Files (x86)\Nuance\PDF Professional 7\PDFProFiltSrv.exe [134944 2010-10-15] (Nuance Communications, Inc.)
S4 Sage AutoUpdate Manager Service; C:\Program Files (x86)\Common Files\Sage\Central\AutoUpdateClient\Sage.Central.AutoUpdateManager.Service.exe [8192 2013-06-04] (Microsoft)
S4 Sage SData Service; C:\Program Files (x86)\Common Files\Sage SData\Sage.SData.Service.exe [53248 2013-01-29] (Sage (UK) Limited)
S3 UxTuneUp; C:\Windows\System32\uxtuneup.dll [42808 2014-11-24] (AVG Technologies)
S3 UxTuneUp; C:\Windows\SysWOW64\uxtuneup.dll [35640 2014-11-24] (AVG Technologies)
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-02] (AVG Secure Search)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2015-02-12] (Western Digital Technologies, Inc.)
S2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 avgfws; "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 Dokan_NetDrive2; C:\Program Files\NetDrive2\dokan.sys [117952 2014-07-02] (Windows ® Win 7 DDK provider)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-16] (EldoS Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-08-12] (EldoS Corporation)
S0 RSBLKM64; C:\Windows\System32\DRIVERS\RSBLKM64.sys [18744 2007-02-22] (RATOC Systems, Inc.)
S3 RSBLKW64; C:\Windows\System32\DRIVERS\RSBLKW64.SYS [37560 2007-02-22] (RATOC Systems, Inc.)
S3 rt70x64; C:\Windows\System32\DRIVERS\netr7064.sys [371200 2007-10-08] (Ralink Technology Corp.)
S3 scsiscan; C:\Windows\System32\DRIVERS\scsiscan.sys [17920 2009-07-13] (Microsoft Corporation)
S0 tib; C:\Windows\System32\DRIVERS\tib.sys [1120032 2014-10-29] (Acronis International GmbH)
S0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [183224 2014-10-29] (Acronis)
S0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [117024 2014-10-29] (Acronis International GmbH)
S1 Avgdiska; system32\DRIVERS\avgdiska.sys [X]
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S1 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\afcdp.sys ABCF9C80EAACE03021BB7F450EB8993F
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dc3d.sys D06E443457FADC6B1AFAF3AA4B6936F6
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 30710AEFCE721CEEE0F35EB6A01C263C
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Program Files\NetDrive2\dokan.sys A58304F6C49A2642F6DB0570F01CF6B7
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\system32\drivers\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\Dot4Scan.sys 488669CD1CD3BDCFDD9A5FDA72209069
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\ElRawDsk.sys F21A07780BBD64ADEF872F50E8CE2E75
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fltsrv.sys C06AF3D1E7CA6868A6A3064CE6907C4A
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\jraid.sys 73A968D4A85BB2552DDCF72CB15F06D2
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 56ED3EE5FED6BF2FC1305CF872042868
C:\Windows\System32\Drivers\ksecpkg.sys 8BA90F480705D7153AD0060CCA62222A
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MREMP50a64.SYS C2758DF79C83A0D12A5599A040CA1818
C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\Program Files\Common Files\Motive\MRESP50a64.SYS 38BD5B32E0722752BE8465D2A6DA43D9
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr28ux.sys AAED8CDB31A88C702DA4212C2AA886F9
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\DRIVERS\NuidFltr.sys 96ACBF3DDC38A52FEE115F577F36568F
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 01266516E6E88D183A2B58722EEB4443
C:\Windows\System32\DRIVERS\nusb3xhc.sys 5EC04F55CC5F165F21752712437DF638
C:\Windows\System32\drivers\nvhda64v.sys E366A5681C50785D4ED04FCFD65C3415
C:\Windows\System32\DRIVERS\nvlddmkm.sys 5D89C0070BC2643117CF33D0367AFABA
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys 0C4A0D577A6EF1B9D353851668779944
C:\Windows\System32\drivers\nvvad64v.sys DBFE7B2DF103F74AE51840B3C5F25FE9
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 9F5E27C8B88A8DA1DC93E93A5C27BB9B
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys E4799B87675C59AA1F620DE5C6F113BB
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\system32\drivers\rawdsk3.sys F3EE3EF609940865154ED95FBC839BAA
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\RSBLKM64.sys 94F52579D0603614345649187D2AEF67
C:\Windows\System32\DRIVERS\RSBLKW64.SYS 3BF5F74964B54B791D6390B935647CC9
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netr7064.sys 0BEB0E6E780207BAE4CC944033B1B61F
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scsiscan.sys E4212E8B026780CA5ACE580A65956641
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\snapman.sys E3E56CAF0472163871B922FC7CBC9654
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssudmdm.sys 91310683D7B6B292B746D60734B59322
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdrpman.sys AC28A6FCA485821499FF018695CEDE16
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tib.sys DE604462206F7D8C203F767F425FCA8D
C:\Windows\System32\DRIVERS\tib_mounter.sys 8C750FE6DE38AF13506B99EC2F519F79
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.sys FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vididr.sys 35E8A18D1C558D5C2FF2FFED2FD396F6
C:\Windows\System32\DRIVERS\vidsflt.sys 0DCD5C8F2E0B3650C4A29F6569C074FD
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacmoumonitor.sys FE75777289278A4941FE6139E82B3BD9
C:\Windows\System32\DRIVERS\wacommousefilter.sys E04D43C7D1641E95D35CAE6086C7E350
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomvhid.sys EC1CEB237E365330C1FCFC4876AA0AC0
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 16:34 - 2015-03-16 16:35 - 00000000 ____D () C:\FRST
2015-03-12 08:11 - 2015-03-12 08:11 - 00985600 _____ () C:\Users\David\Downloads\MicrosoftFixit50123 (1).msi
2015-03-12 07:52 - 2015-03-12 07:52 - 00985600 _____ () C:\Users\David\Downloads\MicrosoftFixit50123.msi
2015-03-12 07:05 - 2015-03-12 07:19 - 00000000 ____D () C:\Users\David\AppData\Roaming\Apple Computer
2015-03-12 07:05 - 2015-03-12 07:05 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-12 07:05 - 2015-03-12 07:05 - 00000000 ____D () C:\Users\David\AppData\Local\Apple Computer
2015-03-12 07:05 - 2012-10-03 08:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2015-03-12 07:04 - 2015-03-12 07:05 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-12 07:04 - 2015-03-12 07:04 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-12 07:04 - 2015-03-12 07:04 - 00000000 ____D () C:\Program Files\iTunes
2015-03-12 07:04 - 2015-03-12 07:04 - 00000000 ____D () C:\Program Files\iPod
2015-03-12 07:04 - 2015-03-12 07:04 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-12 07:02 - 2015-03-12 07:02 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-12 07:02 - 2015-03-12 07:02 - 00000000 ____D () C:\Users\David\AppData\Local\Apple
2015-03-12 07:02 - 2015-03-12 07:02 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-12 07:01 - 2015-03-12 07:04 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-12 07:01 - 2015-03-12 07:02 - 00000000 ____D () C:\ProgramData\Apple
2015-03-12 07:01 - 2015-03-12 07:01 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-12 05:01 - 2015-03-12 05:01 - 00000000 ____D () C:\Users\David\AppData\Roaming\AVG2015
2015-03-12 05:00 - 2015-03-12 05:01 - 00000000 ____D () C:\ProgramData\AVG2015
2015-03-12 05:00 - 2015-03-12 05:00 - 00000965 _____ () C:\Users\Public\Desktop\AVG 2015.lnk
2015-03-12 05:00 - 2015-03-12 05:00 - 00000000 ___HD () C:\$AVG
2015-03-12 04:52 - 2015-03-12 05:01 - 00000000 ____D () C:\Users\David\AppData\Local\Avg2015
2015-03-11 07:21 - 2015-03-11 09:22 - 00000000 ____D () C:\Program Files (x86)\DriverUpdate
2015-03-11 07:21 - 2015-03-11 07:21 - 00016152 _____ () C:\Windows\System32\Drivers\SWDUMon.sys
2015-03-11 07:21 - 2015-03-11 07:21 - 00000000 ____D () C:\Users\Public\Documents\Downloaded Installers
2015-03-11 07:21 - 2015-03-11 07:21 - 00000000 ____D () C:\Users\David\AppData\Local\SlimWare Utilities Inc
2015-03-10 23:30 - 2015-02-02 19:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-03-10 23:30 - 2015-02-02 19:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-03-10 23:30 - 2015-02-02 19:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-03-10 23:30 - 2014-10-31 14:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2015-03-10 23:30 - 2014-06-27 16:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\System32\winresume.exe
2015-03-10 23:30 - 2014-06-27 16:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\System32\ci.dll
2015-03-10 23:29 - 2015-03-05 21:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-03-10 23:29 - 2015-03-05 21:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-03-10 23:29 - 2015-03-05 21:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-03-10 23:29 - 2015-03-05 21:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-03-10 23:29 - 2015-03-05 21:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-03-10 23:29 - 2015-03-05 21:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-03-10 23:29 - 2015-03-05 21:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-03-10 23:29 - 2015-03-05 21:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-03-10 23:29 - 2015-03-05 21:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-10 23:29 - 2015-03-05 21:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-10 23:29 - 2015-03-05 21:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-10 23:29 - 2015-03-05 21:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-10 23:29 - 2015-03-05 21:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-10 23:29 - 2015-03-05 21:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-10 23:29 - 2015-03-05 21:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-10 23:29 - 2015-02-25 19:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-03-10 23:29 - 2015-02-23 19:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-03-10 23:29 - 2015-02-23 18:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-10 23:29 - 2015-02-20 17:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-03-10 23:29 - 2015-02-20 16:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-10 23:29 - 2015-02-20 16:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-10 23:29 - 2015-02-20 16:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-10 23:29 - 2015-02-20 16:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-10 23:29 - 2015-02-20 15:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-03-10 23:29 - 2015-02-20 15:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-10 23:29 - 2015-02-19 19:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-03-10 23:29 - 2015-02-19 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-03-10 23:29 - 2015-02-19 18:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-03-10 23:29 - 2015-02-19 18:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-03-10 23:29 - 2015-02-19 18:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-03-10 23:29 - 2015-02-19 18:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-03-10 23:29 - 2015-02-19 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-03-10 23:29 - 2015-02-19 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-03-10 23:29 - 2015-02-19 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-03-10 23:29 - 2015-02-19 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-03-10 23:29 - 2015-02-19 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-03-10 23:29 - 2015-02-19 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-03-10 23:29 - 2015-02-19 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-03-10 23:29 - 2015-02-19 18:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-03-10 23:29 - 2015-02-19 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-03-10 23:29 - 2015-02-19 18:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-10 23:29 - 2015-02-19 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-03-10 23:29 - 2015-02-19 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-03-10 23:29 - 2015-02-19 18:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-10 23:29 - 2015-02-19 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-03-10 23:29 - 2015-02-19 18:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-10 23:29 - 2015-02-19 18:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-10 23:29 - 2015-02-19 18:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-10 23:29 - 2015-02-19 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-03-10 23:29 - 2015-02-19 18:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-10 23:29 - 2015-02-19 18:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-10 23:29 - 2015-02-19 18:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-10 23:29 - 2015-02-19 17:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-10 23:29 - 2015-02-19 17:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-10 23:29 - 2015-02-19 17:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-10 23:29 - 2015-02-19 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-03-10 23:29 - 2015-02-19 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-03-10 23:29 - 2015-02-19 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-03-10 23:29 - 2015-02-19 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-03-10 23:29 - 2015-02-19 17:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-03-10 23:29 - 2015-02-19 17:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-10 23:29 - 2015-02-19 17:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-10 23:29 - 2015-02-19 17:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-10 23:29 - 2015-02-19 17:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-03-10 23:29 - 2015-02-19 17:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-10 23:29 - 2015-02-19 17:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-10 23:29 - 2015-02-19 17:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-10 23:29 - 2015-02-19 17:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-03-10 23:29 - 2015-02-19 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-03-10 23:29 - 2015-02-19 17:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-10 23:29 - 2015-02-19 16:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-10 23:29 - 2015-02-19 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-10 23:29 - 2015-02-12 21:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-10 23:29 - 2015-02-12 21:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-03-10 23:29 - 2015-02-02 19:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-03-10 23:29 - 2015-02-02 19:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\System32\ubpm.dll
2015-03-10 23:29 - 2015-02-02 19:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-10 23:29 - 2015-02-02 19:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-10 23:29 - 2015-01-30 19:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2015-03-10 23:29 - 2015-01-30 19:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-03-10 23:29 - 2015-01-30 15:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2015-03-10 23:29 - 2015-01-30 15:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2015-03-10 23:29 - 2015-01-28 19:23 - 05554104 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-03-10 23:29 - 2015-01-28 19:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-03-10 23:29 - 2015-01-28 19:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-03-10 23:29 - 2015-01-28 19:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-03-10 23:29 - 2015-01-28 19:05 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-10 23:29 - 2015-01-28 19:05 - 03917752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-10 23:29 - 2015-01-28 19:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-10 23:29 - 2015-01-28 18:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-10 23:29 - 2015-01-16 18:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\System32\msctf.dll
2015-03-10 23:29 - 2015-01-16 18:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-10 23:27 - 2015-03-10 18:37 - 00215912 _____ (Bdrive Inc.) C:\Windows\System32\NetDrive2.nd2np.dll
2015-03-10 23:27 - 2015-03-10 18:37 - 00186728 _____ (Bdrive Inc.) C:\Windows\SysWOW64\NetDrive2.nd2np.dll
2015-03-10 23:27 - 2015-02-03 19:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2015-03-10 23:27 - 2015-02-03 18:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-10 03:02 - 2015-03-10 03:02 - 00000000 ____D () C:\Users\David\Documents\Bluetooth Exchange Folder
2015-03-10 03:02 - 2015-03-10 03:02 - 00000000 ____D () C:\Users\David\AppData\Local\Broadcom
2015-03-10 03:02 - 2012-03-31 19:52 - 00594472 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwampfl.sys
2015-03-10 02:59 - 2015-03-10 02:59 - 00000000 ____D () C:\Program Files\WIDCOMM
2015-03-10 02:59 - 2012-03-31 19:52 - 00184872 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwaudio.sys
2015-03-10 02:59 - 2012-03-05 04:29 - 00210984 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwavdt.sys
2015-03-10 02:59 - 2012-03-05 04:29 - 00021544 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwrchid.sys
2015-03-10 02:59 - 2011-09-16 17:38 - 00039976 _____ (Broadcom Corporation.) C:\Windows\System32\Drivers\btwl2cap.sys
2015-03-06 15:48 - 2015-03-06 15:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-05 06:29 - 2015-03-05 06:29 - 00001425 _____ () C:\Users\Public\Desktop\System Mechanic.lnk
2015-03-04 10:28 - 2015-03-04 10:28 - 00002065 _____ () C:\Users\Public\Desktop\Lightroom 5.7.1 64-bit.lnk
2015-03-04 03:21 - 2015-03-04 03:21 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-04 01:31 - 2013-11-06 08:50 - 00001078 _____ () C:\Users\David\Documents\IMatchDatabase.fwp
2015-03-04 01:26 - 2014-01-09 16:19 - 952215552 _____ () C:\Users\David\Documents\IMatchDatabase.imd4
2015-03-04 01:25 - 2013-11-11 03:51 - 00001688 _____ () C:\Users\David\Documents\imatch.txt
2015-03-03 10:39 - 2015-03-14 11:45 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2015-03-01 03:51 - 2015-03-01 03:51 - 00000000 ____D () C:\Program Files\Western Digital
2015-02-28 04:50 - 2015-02-28 04:50 - 00000000 ____D () C:\Program Files\gs
2015-02-28 04:01 - 2015-02-28 04:01 - 00000000 ____D () C:\Program Files\ghostscriptPDF
2015-02-26 13:00 - 2015-02-26 13:14 - 00000000 ____D () C:\Users\David\AppData\Roaming\onOne Software
2015-02-26 13:00 - 2015-02-26 13:00 - 00002025 _____ () C:\Users\Public\Desktop\Perfect Effects 9.lnk
2015-02-26 13:00 - 2015-02-26 13:00 - 00000000 ____D () C:\ProgramData\Nalpeiron
2015-02-26 12:59 - 2015-02-26 12:59 - 00000000 ____D () C:\Program Files\onOne Software
2015-02-26 12:59 - 2015-02-26 12:59 - 00000000 ____D () C:\Program Files (x86)\onOne Software
2015-02-26 12:58 - 2015-02-26 12:59 - 00000000 ____D () C:\ProgramData\onOne Software
2015-02-25 09:37 - 2015-02-25 09:37 - 00284128 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.old
2015-02-24 16:33 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-24 16:33 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\System32\locale.nls
2015-02-24 08:46 - 2015-02-24 08:46 - 00280544 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgidsdrivera.old
2015-02-24 01:39 - 2015-02-24 01:39 - 00040149 _____ () C:\Users\David\Downloads\FamilyTree.gno
2015-02-19 16:43 - 2015-02-19 16:43 - 24198856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 18634072 _____ (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 15294280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 13916280 _____ (NVIDIA Corporation) C:\Windows\System32\nvopencl.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 13828032 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 12894024 _____ (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys
2015-02-19 16:43 - 2015-02-19 16:43 - 11272240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 11209192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 04244680 _____ (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 03987600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 01907400 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispco6434144.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 01555656 _____ (NVIDIA Corporation) C:\Windows\System32\nvdispgenco6434144.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 00944328 _____ (NVIDIA Corporation) C:\Windows\System32\NvIFR64.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 00907464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 00902344 _____ (NVIDIA Corporation) C:\Windows\System32\NvFBC64.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 00870032 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-19 16:43 - 2015-02-19 16:43 - 00026155 _____ () C:\Windows\System32\nvinfo.pb
2015-02-19 16:42 - 2015-02-19 16:42 - 22993224 _____ (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll
2015-02-16 10:58 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\System32\perftrack.dll
2015-02-16 10:58 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\wdi.dll
2015-02-16 10:58 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\System32\powertracker.dll
2015-02-16 10:58 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 08:04 - 2014-08-18 12:02 - 14018526 _____ () C:\Windows\PFRO.log
2015-03-15 02:30 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-14 16:40 - 2014-08-17 08:16 - 01304474 _____ () C:\Windows\WindowsUpdate.log
2015-03-14 16:34 - 2014-08-18 13:04 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-14 16:26 - 2014-08-21 13:32 - 00000398 _____ () C:\Windows\Tasks\WpsNotifyTask_David.job
2015-03-14 16:23 - 2014-08-21 13:32 - 00000398 _____ () C:\Windows\Tasks\WpsUpdateTask_David.job
2015-03-14 16:21 - 2014-08-17 10:35 - 00000000 ____D () C:\ProgramData\MFAData
2015-03-14 11:59 - 2009-07-13 20:45 - 00032128 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-14 11:59 - 2009-07-13 20:45 - 00032128 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-14 11:53 - 2014-09-25 04:02 - 00000000 ____D () C:\ProgramData\DroboPCBackup
2015-03-14 11:51 - 2014-08-20 23:54 - 00000000 ___RD () C:\Users\David\Dropbox
2015-03-14 11:48 - 2014-08-20 23:52 - 00000000 ____D () C:\Users\David\AppData\Roaming\Dropbox
2015-03-14 11:45 - 2014-08-19 07:22 - 00000000 ____D () C:\Users\David\AppData\Local\Adobe
2015-03-14 11:43 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 11:43 - 2009-07-13 20:51 - 00159735 _____ () C:\Windows\setupact.log
2015-03-14 11:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 11:35 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2015-03-13 18:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-03-13 02:07 - 2014-09-04 06:42 - 00000000 ____D () C:\ProgramData\TEMP
2015-03-12 07:01 - 2014-09-05 12:51 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-12 05:00 - 2014-08-18 04:35 - 00000000 ____D () C:\Program Files (x86)\AVGold
2015-03-12 04:50 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-03-12 00:34 - 2014-10-21 22:42 - 00000000 ____D () C:\Program Files\NetDrive2
2015-03-11 16:54 - 2014-08-19 08:02 - 00000000 ____D () C:\Windows\System32\MRT
2015-03-11 16:45 - 2014-08-19 08:02 - 122905848 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-03-10 23:27 - 2014-10-21 22:44 - 00000824 _____ () C:\Users\Public\Desktop\NetDrive2.lnk
2015-03-10 23:27 - 2014-10-21 22:44 - 00000000 ____D () C:\ProgramData\NetDrive2
2015-03-10 23:27 - 2014-08-19 05:48 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-10 14:22 - 2014-09-26 09:33 - 00000000 ____D () C:\Users\David\AppData\Roaming\Mapi2Xml
2015-03-09 23:42 - 2014-08-20 23:54 - 00001017 _____ () C:\Users\David\Desktop\Dropbox.lnk
2015-03-08 23:27 - 2014-08-18 00:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-05 16:04 - 2014-09-07 06:37 - 00000000 ____D () C:\ProgramData\iolo
2015-03-05 15:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-03-05 12:27 - 2014-09-06 14:48 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-05 06:51 - 2014-11-23 04:39 - 00000000 ____D () C:\Users\David\AppData\Roaming\XnView
2015-03-05 06:29 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-03-05 06:28 - 2014-09-14 13:54 - 00003118 _____ () C:\Windows\System32\Tasks\iolo Process Governor
2015-03-05 06:28 - 2014-09-14 13:54 - 00000000 ____D () C:\ProgramData\ioloGovernor
2015-03-04 10:27 - 2014-08-19 07:44 - 00000000 ____D () C:\Program Files\Adobe
2015-03-04 02:51 - 2014-11-29 04:52 - 00000000 ____D () C:\Windows\System32\appmgmt
2015-03-04 02:48 - 2015-01-08 01:52 - 00000000 ____D () C:\ProgramData\DxO Labs
2015-03-04 01:25 - 2014-03-24 06:16 - 00000000 ____D () C:\Users\David\Documents\Kies
2015-03-04 01:24 - 2014-03-24 06:16 - 00000000 ____D () C:\Users\David\Documents\Planning
2015-03-04 01:22 - 2014-03-24 06:16 - 00000000 ____D () C:\Users\David\Documents\Oon CHAT
2015-03-04 01:22 - 2014-03-24 06:16 - 00000000 ____D () C:\Users\David\Documents\My PageManager
2015-03-04 01:21 - 2014-03-24 06:16 - 00000000 ____D () C:\Users\David\Documents\Judophotos.com
2015-03-04 01:21 - 2014-03-24 06:15 - 00000000 ____D () C:\Users\David\Documents\INSPYDER REPORTS
2015-03-04 01:20 - 2014-03-24 06:15 - 00000000 ____D () C:\Users\David\Documents\British Judo Association
2015-03-04 01:18 - 2014-03-24 06:15 - 00000000 ____D () C:\Users\David\Documents\ACT
2015-03-03 04:11 - 2014-08-17 08:16 - 00000000 ____D () C:\users\David
2015-03-02 05:02 - 2014-12-09 12:35 - 00000000 ____D () C:\Program Files (x86)\AVG Web TuneUpold
2015-03-01 04:28 - 2015-01-18 03:02 - 00000000 ____D () C:\Users\David\AppData\Roaming\KeeperData
2015-03-01 03:52 - 2014-08-19 05:49 - 00104626 _____ () C:\Windows\DPINST.LOG
2015-03-01 03:51 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2015-03-01 03:51 - 2014-08-19 05:49 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2015-03-01 03:51 - 2014-08-17 12:37 - 00000000 ____D () C:\ProgramData\Western Digital
2015-02-28 09:54 - 2013-10-11 06:47 - 00000000 ____D () C:\Users\David\Desktop\Current Correspondence
2015-02-28 08:12 - 2014-09-04 08:59 - 00001635 _____ () C:\Users\David\AppData\Roaming\SAS7_000.DAT
2015-02-28 02:47 - 2014-09-26 13:34 - 00001055 _____ () C:\Users\David\Desktop\XnView.lnk
2015-02-28 02:47 - 2014-09-26 13:34 - 00000000 ____D () C:\Program Files (x86)\XnView
2015-02-27 00:51 - 2014-08-19 08:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-26 12:58 - 2014-08-19 06:36 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-02-25 05:57 - 2014-08-20 06:20 - 00000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2015-02-25 05:57 - 2014-08-20 06:19 - 00000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2015-02-25 05:57 - 2014-08-20 06:10 - 00000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2015-02-23 20:17 - 2014-08-17 08:32 - 00295552 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2015-02-19 16:43 - 2014-08-19 08:37 - 31515280 _____ (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll
2015-02-19 16:43 - 2014-08-19 08:37 - 17559432 _____ (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll
2015-02-19 16:43 - 2014-08-19 08:37 - 14497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-19 16:43 - 2014-03-20 14:03 - 16128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-19 16:42 - 2014-03-20 14:02 - 03209736 _____ (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll
2015-02-19 16:42 - 2014-03-20 14:02 - 02823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-16 11:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-15 08:14 - 2014-09-08 07:30 - 00002202 _____ () C:\Users\David\Sti_Trace.log
2015-02-14 06:51 - 2014-09-27 09:49 - 00000897 _____ () C:\Users\David\Desktop\DELETE.txt
2015-02-14 06:00 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports

Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjfib7l.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 16382.05 MB
Available physical RAM: 15184.07 MB
Total Pagefile: 16380.2 MB
Available Pagefile: 15183.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:550.55 GB) (Free:413.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (N volume on C Disk) (Fixed) (Total:380.86 GB) (Free:113.87 GB) NTFS
Drive h: (KINGSTON) (Removable) (Total:14.52 GB) (Free:13.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 9793CD7C)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=550.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=380.9 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 14.5 GB) (Disk ID: 022E391A)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

LastRegBack: 2015-03-07 03:25

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,762 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:55 PM

Posted 22 March 2015 - 07:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/570386 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 22 March 2015 - 07:55 AM

Bump

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 22 March 2015 - 08:38 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
IFEO\adobe dng converter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe stock photos cs3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\creative cloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dreamweaver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit 2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extension manager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdapp.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop elements 11.0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementsorganizer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\professional_cpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shadow.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShortcutTarget: Dropbox.lnk ->  (No File)
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-02] (AVG Secure Search)
S2 avgfws; "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]
S1 Avgdiska; system32\DRIVERS\avgdiska.sys [X]
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S1 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#5 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 March 2015 - 08:16 AM

Hi Nasdaq,

 

Thank you for your time.

 

I have run the fixlist as instructed but still cannot load Windows, same stop error "STOP: C0000135 The program can't start because %hs is missing"

 

Please find fixlog below

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by SYSTEM at 2015-03-23 13:10:47 Run:2
Running from g:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

HKLM-x32\...\Run: [vProt] => "C:\Program Files (x86)\AVG Web TuneUp\vprot.exe"
HKLM\...26dfa299cadb\InprocServer32: [Authentication UI Logon UI] authuitu.dll <==== ATTENTION!
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll File Not Found
IFEO\adobe dng converter.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\adobe stock photos cs3.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\bridge.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\creative cloud.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\devicecentral.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\dreamweaver.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extendscript toolkit 2.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\extension manager.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\pdapp.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop elements 11.0.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshop.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementseditor.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\photoshopelementsorganizer.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\prefutil.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\professional_cpl.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\shadow.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShortcutTarget: Dropbox.lnk ->  (No File)
S2 vToolbarUpdater18.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.4.0\ToolbarUpdater.exe [1875480 2015-03-02] (AVG Secure Search)
S2 avgfws; "C:\Program Files (x86)\AVG\AVG2015\avgfws.exe" [X]
S2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe" [X]
S2 avgwd; "C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe" [X]
S2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe" [X]
S2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [X]
S1 Avgdiska; system32\DRIVERS\avgdiska.sys [X]
S1 Avgfwfd; system32\DRIVERS\avgfwd6a.sys [X]
S1 AVGIDSDriver; system32\DRIVERS\avgidsdrivera.sys [X]
S0 AVGIDSHA; system32\DRIVERS\avgidsha.sys [X]
S1 Avgldx64; system32\DRIVERS\avgldx64.sys [X]
S0 Avgloga; system32\DRIVERS\avgloga.sys [X]
S0 Avgmfx64; system32\DRIVERS\avgmfx64.sys [X]
S0 Avgrkx64; system32\DRIVERS\avgrkx64.sys [X]
S1 Avgtdia; system32\DRIVERS\avgtdia.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 SPPD; \??\C:\Windows\system32\drivers\SPPD.sys [X]
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]

End
*****************

CloseProcesses: => Error: This directive works only outside recovery mode.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\vProt => value deleted successfully.
HKLM\Software\Classes\CLSID\{7986d495-ce42-4926-8afc-26dfa299cadb}\InprocServer32\\Default => Value was restored successfully.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data removed successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adobe dng converter.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\adobe stock photos cs3.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\bridge.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\creative cloud.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\devicecentral.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\dreamweaver.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\extendscript toolkit 2.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\extension manager.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\pdapp.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photoshop elements 11.0.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photoshop.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photoshopelementseditor.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\photoshopelementsorganizer.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\prefutil.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\professional_cpl.exe" => Key deleted successfully.
"HKLM\Software\microsoft\windows nt\currentversion\Image File Execution Options\shadow.exe" => Key deleted successfully.
ShortcutTarget: Dropbox.lnk ->  (No File) not found.
vToolbarUpdater18.4.0 => Service deleted successfully.
avgfws => Service deleted successfully.
AVGIDSAgent => Service deleted successfully.
avgwd => Service deleted successfully.
TuneUp.UtilitiesSvc => Service deleted successfully.
WtuSystemSupport => Service deleted successfully.
Avgdiska => Service deleted successfully.
Avgfwfd => Service deleted successfully.
AVGIDSDriver => Service deleted successfully.
AVGIDSHA => Service deleted successfully.
Avgldx64 => Service deleted successfully.
Avgloga => Service deleted successfully.
Avgmfx64 => Service deleted successfully.
Avgrkx64 => Service deleted successfully.
Avgtdia => Service deleted successfully.
MREMPR5 => Service deleted successfully.
MRENDIS5 => Service deleted successfully.
SPPD => Service deleted successfully.
TuneUpUtilitiesDrv => Service deleted successfully.

==== End of Fixlog 13:10:48 ====



#6 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 March 2015 - 08:44 AM

If it helps here is the stop problem signature.

 

Problem signature:
  Problem Event Name: StartupRepairOffline
  Problem Signature 01: 6.1.7600.16385
  Problem Signature 02: 6.1.7600.16385
  Problem Signature 03: unknown
  Problem Signature 04: 21199324
  Problem Signature 05: AutoFailover
  Problem Signature 06: 31
  Problem Signature 07: BadPatch
  OS Version: 6.1.7600.2.0.0.256.1
  Locale ID: 1033

Read our privacy statement online:
  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
  X:\windows\system32\en-US\erofflps.txt



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 23 March 2015 - 12:36 PM

Check the integrity of your system files.
Execute sfc.exe with the /Scannow not switch.

How to run sfc /Scannow
http://support.microsoft.com/kb/929833
<<<>>>

#8 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 23 March 2015 - 03:24 PM

Hi,

 

 

Error on running sfc /scannow

 

"There is a system repair pending which requires reboot to complete. Restart ..."



#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 24 March 2015 - 07:27 AM

Did you boot your computer before running the SFC.EXE tool?
If not do it and try again.
===

If that fails,

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

How is it now?

#10 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 24 March 2015 - 09:12 AM

Hi Nasdaq,

 

Yes booted via the cmd prompt in the recovery options. Just tried last known good configuration but same Stop error result.

 

Thank you,

 

Rob



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 24 March 2015 - 10:24 AM


Follow the instructions on this pabe.

http://forum.thewindowsclub.com/windows-tips-tutorials-articles/36372-there-system-repair-pending-requires-reboot-complete.html

When the the pending.xml file as been rename to ...pending.xml.old close explorer and run the SFC.exe again.

Keep me posted.

#12 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 24 March 2015 - 11:38 AM

Renamed pending.xml as instructed, even went as far as deleting but it still report that there is a repair pending. I am initiating start up repair as when I boot as that is the only way I can access the command prompt.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 24 March 2015 - 01:33 PM

You will probably have to re-install the operating system.

If you do not have the Installation disk I suggest you get one from the manufacturer.


Did you create a startup disk when you first got this computer?

Who is the manufacturer's of this computer?

#14 GingerCat

GingerCat
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:55 PM

Posted 24 March 2015 - 03:39 PM

Hi Nasdaq,

I have all the media so will call it a day on this and reinstall Windows as you suggest.

I aprreciate your efforts, thank you.

Rob

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,510 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:55 PM

Posted 31 March 2015 - 08:44 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users