Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

99% sure rat


  • Please log in to reply
22 replies to this topic

#1 Xxaimee1433xx

Xxaimee1433xx

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 06 October 2017 - 09:50 PM

Omg im going through the same crap. I dont know what to do. I also have seen that double screen where u can tell someone else was viewing or whatever im trying to say. I am now just a user on my computer. I have found permissions for all these different groups, remote administration group, someone names "trusted installer".

BC AdBot (Login to Remove)

 


#2 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 08 October 2017 - 07:44 PM

Yes same here. My guest account r activated and I'm now only a user on my pc. No one else uses pc but me. I have all these wifi virtual adapters all a sudden. Not running Norton running avast. I've gone through the tcpview process monitor all that stuff and there is some crazy stuff it looks like to me. I finally downloaded vipre and the firewall settings are way more awesome on that thab my paid Avast. It's showing me some scary stuff. Like all these different usernames remote accesing into my pc or trying to im not sure. There are several backdoor Trojan some th ing or rather coming through. Dude the page is like endless. It's freaking me out. Realtek...yeah..thats just esweird too. I can't uninstall anything it says I dont have permission. I did emisoft and it came up clean. All I've had luck woth is superantispy. And yeah I feel u on downloading from here. This the only place I DL from too for the same reason. Ok but android?? I know it logs everythung i do on my phone and its tied to the pc somehow. But how do I get rid of that. What programs did u use. I have eset and it always come up clean. Oh and i dont have anything to reinstall Windows by or I would have done that. Right now it says the version of Windows im currently using it an unknown build. Nice huh??

#3 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 07:11 PM

I believe I am posting in the right section. I just went through a malware forum with a bleeping mod and everything comes back clean. So he suggested i post here. I really know something is up. It's infiltrated my av and malwarebytes, even the online scanners Dr web and eset. All scans come back clean. I want to wipe my pc and reinstall but i dont have a disk. I'm on Windows 10 professional. Running avast premier. I see shady connections in tp view and firewall shows all these remote backdoor logins and all kinds of stuff. I just need someone to help me sort all this stuff out. Please im begging.

#4 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 07:29 PM

Sorry got ahead of myself. Here are the requirements for posting:

Make and model of computer

 

Dell optiplex 755
 

How the computer is connected (wireless or wired)
I have both ethernet and wifi. Currently connecting with wifi

Make and model of Router

 

Arris tg1672g

Approximate Distance From the router the PC is if its a wireless connection

 

a foot or less

What type of internet you have (Dsl, Cable, T-1,etc..)

 

cable i guess


MiniToolBox by Farbar  Version: 17-06-2016
Ran by Dell Opti 755 (administrator) on 12-10-2017 at 20:22:29
Running from "C:\Users\Dell Opti 755\Desktop"
Microsoft Windows 10 Pro  (X64)
Model: OptiPlex 755 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter = Wi-Fi 2 (Connected)
Intel® 82566DM-2 Gigabit Network Connection = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 12" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-IGH5NP2
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® 82566DM-2 Gigabit Network Connection
   Physical Address. . . . . . . . . : 00-1E-4F-D3-01-A3
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 11:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter #2
   Physical Address. . . . . . . . . : 02-13-EF-83-1C-6C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi 2:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter #2
   Physical Address. . . . . . . . . : 00-13-EF-83-1C-6C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : ::c5f3:c0cb:1ea2:9e70(Preferred) 
   Temporary IPv6 Address. . . . . . : ::cd21:fc31:5ae9:c66b(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::c5f3:c0cb:1ea2:9e70%5(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.0.3(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, October 12, 2017 6:43:51 PM
   Lease Expires . . . . . . . . . . : Thursday, October 12, 2017 9:13:52 PM
   Default Gateway . . . . . . . . . : 192.168.0.1
   DHCP Server . . . . . . . . . . . : 192.168.0.1
   DHCPv6 IAID . . . . . . . . . . . : 301994991
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-20-D9-CA-4C-00-1E-4F-D3-01-A3
   DNS Servers . . . . . . . . . . . : 75.114.81.1
                                       209.18.47.62
                                       75.114.81.2
   NetBIOS over Tcpip. . . . . . . . : Enabled
Server:  75-114-81-1.net.bhntampa.com
Address:  75.114.81.1
 
Name:    google.com
Addresses:  2607:f8b0:4008:809::200e
  216.58.219.174
 
 
Pinging google.com [216.58.219.174] with 32 bytes of data:
Reply from 216.58.219.174: bytes=32 time=49ms TTL=49
Reply from 216.58.219.174: bytes=32 time=48ms TTL=49
 
Ping statistics for 216.58.219.174:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms
Server:  75-114-81-1.net.bhntampa.com
Address:  75.114.81.1
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
  2001:4998:c:a06::2:4008
  2001:4998:44:204::a7
  206.190.36.45
  98.139.180.149
  98.138.253.109
 
 
Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=86ms TTL=46
Reply from 98.138.253.109: bytes=32 time=87ms TTL=46
 
Ping statistics for 98.138.253.109:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 86ms, Maximum = 87ms, Average = 86ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...00 1e 4f d3 01 a3 ......Intel® 82566DM-2 Gigabit Network Connection
 14...02 13 ef 83 1c 6c ......Microsoft Wi-Fi Direct Virtual Adapter #2
  5...00 13 ef 83 1c 6c ......Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter #2
  1...........................Software Loopback Interface 1
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.0.1      192.168.0.3     55
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    331
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    331
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    331
      192.168.0.0    255.255.255.0         On-link       192.168.0.3    311
      192.168.0.3  255.255.255.255         On-link       192.168.0.3    311
    192.168.0.255  255.255.255.255         On-link       192.168.0.3    311
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    331
        224.0.0.0        240.0.0.0         On-link       192.168.0.3    311
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    331
  255.255.255.255  255.255.255.255         On-link       192.168.0.3    311
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  5    311 ::/64                    On-link
  1    331 ::1/128                  On-link
  5    311 ::c5f3:c0cb:1ea2:9e70/128
                                    On-link
  5    311 ::cd21:fc31:5ae9:c66b/128
                                    On-link
  5    311 fe80::/64                On-link
  5    311 fe80::c5f3:c0cb:1ea2:9e70/128
                                    On-link
  1    331 ff00::/8                 On-link
  5    311 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [63488] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\SysWOW64\mswsock.dll [305568] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [66560] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [85504] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31232] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [358600] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (10/12/2017 07:14:38 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVCProxy.exe, version: 10.1.4.33, time stamp: 0x5977c2c3
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000005
Fault offset: 0x0000000000030e01
Faulting process id: 0x94c
Faulting application start time: 0xAVCProxy.exe0
Faulting application path: AVCProxy.exe1
Faulting module path: AVCProxy.exe2
Report Id: AVCProxy.exe3
Faulting package full name: AVCProxy.exe4
Faulting package-relative application ID: AVCProxy.exe5
 
Error: (10/12/2017 07:14:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x000000000001ded4
Faulting process id: 0x2388
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 07:08:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x000000000001ded4
Faulting process id: 0x2058
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 07:03:15 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x0000000000001165
Faulting process id: 0x64
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 07:03:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x000000000001ded4
Faulting process id: 0x64
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 07:03:05 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVCProxy.exe, version: 10.1.4.33, time stamp: 0x5977c2c3
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000005
Fault offset: 0x0000000000030e01
Faulting process id: 0x930
Faulting application start time: 0xAVCProxy.exe0
Faulting application path: AVCProxy.exe1
Faulting module path: AVCProxy.exe2
Report Id: AVCProxy.exe3
Faulting package full name: AVCProxy.exe4
Faulting package-relative application ID: AVCProxy.exe5
 
Error: (10/12/2017 07:02:33 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "*" of attribute "language" in element "assemblyIdentity" is invalid.
 
Error: (10/12/2017 06:51:12 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x0000000000001165
Faulting process id: 0x1dd0
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 06:51:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: VipreEdgeProtection.exe, version: 3.0.0.29, time stamp: 0x5915c026
Faulting module name: combase.dll, version: 10.0.15063.608, time stamp: 0xb66dc19d
Exception code: 0xc0000005
Fault offset: 0x000000000001ded4
Faulting process id: 0x1dd0
Faulting application start time: 0xVipreEdgeProtection.exe0
Faulting application path: VipreEdgeProtection.exe1
Faulting module path: VipreEdgeProtection.exe2
Report Id: VipreEdgeProtection.exe3
Faulting package full name: VipreEdgeProtection.exe4
Faulting package-relative application ID: VipreEdgeProtection.exe5
 
Error: (10/12/2017 06:51:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: AVCProxy.exe, version: 10.1.4.33, time stamp: 0x5977c2c3
Faulting module name: ntdll.dll, version: 10.0.15063.608, time stamp: 0x8274fd8b
Exception code: 0xc0000005
Fault offset: 0x0000000000030e01
Faulting process id: 0x1fb0
Faulting application start time: 0xAVCProxy.exe0
Faulting application path: AVCProxy.exe1
Faulting module path: AVCProxy.exe2
Report Id: AVCProxy.exe3
Faulting package full name: AVCProxy.exe4
Faulting package-relative application ID: AVCProxy.exe5
 
 
System errors:
=============
Error: (10/12/2017 07:19:23 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Advanced Security service terminated unexpectedly.  It has done this 6 time(s).
 
Error: (10/12/2017 07:14:49 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053VipreEdgeProtection-Service{B8653312-46D3-4132-811F-433E762EE0BE}
 
Error: (10/12/2017 07:14:49 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Edge Protection service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
Error: (10/12/2017 07:14:49 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the VIPRE Edge Protection service to connect.
 
Error: (10/12/2017 07:13:26 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Advanced Security service terminated unexpectedly.  It has done this 5 time(s).
 
Error: (10/12/2017 07:07:52 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Advanced Security service terminated unexpectedly.  It has done this 4 time(s).
 
Error: (10/12/2017 07:01:53 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Advanced Security service terminated unexpectedly.  It has done this 3 time(s).
 
Error: (10/12/2017 06:56:11 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Advanced Security service terminated unexpectedly.  It has done this 2 time(s).
 
Error: (10/12/2017 06:51:13 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: 1053VipreEdgeProtection-Service{B8653312-46D3-4132-811F-433E762EE0BE}
 
Error: (10/12/2017 06:51:13 PM) (Source: Service Control Manager) (User: )
Description: The VIPRE Edge Protection service failed to start due to the following error: 
%%1053 = The service did not respond to the start or control request in a timely fashion.
 
 
 
Microsoft Office Sessions:
=========================
Error: (10/12/2017 07:14:38 PM) (Source: Application Error)(User: )
Description: AVCProxy.exe10.1.4.335977c2c3ntdll.dll10.0.15063.6088274fd8bc00000050000000000030e0194c01d343aef9513a89C:\Program Files (x86)\VIPRE\x64\AVCProxy.exeC:\WINDOWS\SYSTEM32\ntdll.dll3c1032fb-bfdc-4969-8add-b3e7d5c2136b
 
Error: (10/12/2017 07:14:26 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc0000005000000000001ded4238801d343aefb4000c3C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dll27becb81-37c4-48a5-9ff7-76cbd5a29bb3
 
Error: (10/12/2017 07:08:13 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc0000005000000000001ded4205801d343ae4a036195C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dlld87d914c-a875-4b78-a295-191e6f1243f7
 
Error: (10/12/2017 07:03:15 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc000000500000000000011656401d343ad684ca8c9C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dll041ff96c-0aec-48c8-9a74-2749dd92077e
 
Error: (10/12/2017 07:03:06 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc0000005000000000001ded46401d343ad684ca8c9C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dll7baf3865-c4bc-4ff6-9f81-ad1a12f3aacf
 
Error: (10/12/2017 07:03:05 PM) (Source: Application Error)(User: )
Description: AVCProxy.exe10.1.4.335977c2c3ntdll.dll10.0.15063.6088274fd8bc00000050000000000030e0193001d343ad65906b07C:\Program Files (x86)\VIPRE\x64\AVCProxy.exeC:\WINDOWS\SYSTEM32\ntdll.dll012b319d-b8e7-4c02-831e-78738984f8a5
 
Error: (10/12/2017 07:02:33 PM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*C:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dllC:\Program Files (x86)\Spybot - Search & Destroy\DelZip179.dll8
 
Error: (10/12/2017 06:51:12 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc000000500000000000011651dd001d343abe99ece79C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dlld53bca75-f355-426a-aed1-24f16b4c88d1
 
Error: (10/12/2017 06:51:03 PM) (Source: Application Error)(User: )
Description: VipreEdgeProtection.exe3.0.0.295915c026combase.dll10.0.15063.608b66dc19dc0000005000000000001ded41dd001d343abe99ece79C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exeC:\WINDOWS\System32\combase.dll9900a3cc-e903-4f24-8e99-34bf2c03b8f9
 
Error: (10/12/2017 06:51:02 PM) (Source: Application Error)(User: )
Description: AVCProxy.exe10.1.4.335977c2c3ntdll.dll10.0.15063.6088274fd8bc00000050000000000030e011fb001d343abcb84dc74C:\Program Files (x86)\VIPRE\x64\AVCProxy.exeC:\WINDOWS\SYSTEM32\ntdll.dll99e8bac9-f2b8-45f1-8a03-2fd726955df0
 
 
CodeIntegrity Errors:
===================================
  Date: 2017-10-05 19:40:47.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\VIPRE\Definitions\aap_sig\1507242969\avcuf64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-10-05 19:40:47.151
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\System32\dllhost.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\VIPRE\Definitions\aap_sig\1507242969\avcuf64.dll that did not meet the Microsoft signing level requirements.
 
  Date: 2017-10-02 01:43:51.826
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-30 11:46:19.805
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-29 03:07:09.548
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-27 23:29:22.545
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-21 12:34:49.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-05 13:30:37.787
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-09-04 13:56:34.165
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-09-04 13:48:13.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume2\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
=========================== Installed Programs ============================
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.012.20098 - Adobe Systems Incorporated)
Avast Premier (HKLM-x32\...\Avast Antivirus) (Version: 17.7.2314 - AVAST Software)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 21.0.25.59 - Bitdefender)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Encarta Search Bar (64-bit) (HKLM\...\{08044040-959A-4B0D-8825-2C533F0DDB19}) (Version: 1.0.0 - Microsoft)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 61.0.3163.100 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.123 - Google Inc.) Hidden
Hoyle Puzzle and Board Games (HKLM-x32\...\{2049C1B1-B5BF-4557-9AF9-2506D835F888}) (Version: 1.00.0000 - Encore Software, Inc.)
HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Learning Essentials for Microsoft Office (HKLM-x32\...\{75F3A4B2-F6E8-434D-A2EF-DBBC016C6CB2}) (Version: 2.0 - Microsoft)
Malwarebytes version 3.2.2.2029 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.2.2.2029 - Malwarebytes)
Microsoft Math (HKLM-x32\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.6998.0830 - Microsoft Corporation)
Microsoft Student 2007 for Learning Essentials (HKLM-x32\...\{Microsoft Student 2007_54A0E938-8390-489F-8F1A-563673334DFE}) (Version:  - )
Microsoft Student with Encarta Premium 2009 (HKLM-x32\...\{09041881-2C94-4A67-8E55-8483C019C7D2}) (Version: 2009 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MiniTool Partition Wizard Free 10.2.1 (HKLM\...\{05D996FA-ADCB-4D23-BA3C-A7C184A8FAC6}_is1) (Version:  - MiniTool Solution Ltd.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SafeZone Stable 4.58.2552.909 (HKLM-x32\...\SafeZone 4.58.2552.909) (Version: 4.58.2552.909 - Avast Software) Hidden
SereneScreen Marine Aquarium 3 (HKLM-x32\...\SereneScreen Marine Aquarium 3_is1) (Version: 3.2 - Prolific Publishing, Inc.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0015-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{835E4BED-E265-4103-AE14-0B4C70CF3FE8}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUSR_{1F7000D3-A917-4AD2-BA55-59E6FDAF062A}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUSR_{4BF13B26-3A95-4E42-900A-DEB16FDA75A0}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-002C-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{C5D14A1B-6E3E-491A-96C6-ABDEEEC4E97D}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0044-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{1931508C-C004-4983-81E3-70BE6252904B}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{E4F470B2-3601-4E1C-B291-D6B580F53136}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E1-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-00E2-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0115-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{D7E879E6-B505-4DA2-BFEE-53A55E7C8E38}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0117-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUSR_{6227D1A8-9E29-463F-8DE6-1CFA1FFF8ECE}) (Version:  - Microsoft) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1248 - SUPERAntiSpyware.com)
VIPRE Advanced Security (HKLM-x32\...\{C1D1FC57-3EB9-4B21-BCA3-F1C927508200}) (Version: 10.1.4.33 - VIPRE Security)
VIPRE Advanced Security (HKLM-x32\...\{E1377055-4C72-404B-80DB-947417085383}) (Version: 10.1.4.33 - ThreatTrack Security, Inc.) Hidden
Windows 10 Update Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.22243 - Microsoft Corporation)
Windows Deployment Tools (HKLM-x32\...\{BFC9778E-9765-C94C-C082-C2514F8DEB9B}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 (HKLM-x32\...\{F89D69CA-6EE1-E037-DD3B-08CDDE1BED1C}) (Version: 8.59.25584 - Microsoft)
Windows PE x86 x64 wims (HKLM-x32\...\{85F4ACB1-E7DC-C3C6-F4FD-BB936DF2695E}) (Version: 8.59.25584 - Microsoft)
 
========================= Devices: ================================
 
Name: System board
Description: System board
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C01\B
 
Name: Intel® Core™2 Duo CPU     E8400  @ 3.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_23_-_INTEL®_CORE™2_DUO_CPU_____E8400__@_3.00GHZ\_1
 
Name: Intel® Core™2 Duo CPU     E8400  @ 3.00GHz
Description: Intel Processor
Class Guid: {50127dc3-0f36-415e-a6cc-4cb3be910b65}
Manufacturer: Intel
Service: intelppm
Device ID: ACPI\GENUINEINTEL_-_INTEL64_FAMILY_6_MODEL_23_-_INTEL®_CORE™2_DUO_CPU_____E8400__@_3.00GHZ\_2
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&3AB45E4D&0
 
Name: Root Print Queue
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\PRINTQUEUES
 
Name: Direct memory access controller
Description: Direct memory access controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0200\4&36D9296C&0
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2934
Description: Intel® ICH9 Family USB Universal Host Controller - 2934
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2934&SUBSYS_02111028&REV_02\3&172E68DD&0&E8
 
Name: Volume Manager
Description: Volume Manager
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: volmgr
Device ID: ROOT\VOLMGR\0000
 
Name: High precision event timer
Description: High precision event timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0103\2&DABA3FF&1
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: Generic- SM/xD-Picture USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1
 
Name: LPC Controller
Description: LPC Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: msisadrv
Device ID: PCI\VEN_8086&DEV_2914&SUBSYS_00000000&REV_02\3&172E68DD&0&F8
 
Name: Fax
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{69DE8A38-460F-452A-8D4B-B558E3623529}
 
Name: Microsoft Basic Display Driver
Description: Microsoft Basic Display Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard display types)
Service: BasicDisplay
Device ID: ROOT\BASICDISPLAY\0000
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&27254C1C&0
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&13C1814E&0
 
Name: Intel® 82566DM-2 Gigabit Network Connection
Description: Intel® 82566DM-2 Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1express
Device ID: PCI\VEN_8086&DEV_10BD&SUBSYS_02111028&REV_02\3&172E68DD&0&C8
 
Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Device ID: USB\VID_04D9&PID_1702\5&1FF1F9E6&0&1
 
Name: H:\
Description: MS/MS-Pro/HG    
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#20060413092100000&3#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1E4840BB&0
 
Name: Composite Bus Enumerator
Description: Composite Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: CompositeBus
Device ID: ROOT\COMPOSITEBUS\0000
 
Name: Microsoft Virtual Drive Enumerator
Description: Microsoft Virtual Drive Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vdrvroot
Device ID: ROOT\VDRVROOT\0000
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293A
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_293A&SUBSYS_02111028&REV_02\3&172E68DD&0&EF
 
Name: F:\
Description: SM/xD-Picture   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SM#XD-PICTURE&REV_1.00#20060413092100000&1#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: Numeric data processor
Description: Numeric data processor
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C04\4&36D9296C&0
 
Name: HP Deskjet 3050 J610 series (NET)
Description: HP Deskjet 3050 J610 series (NET)
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: Hewlett-Packard
Service: StillCam
Device ID: ROOT\SCANNER\0000
 
Name: Microsoft Storage Spaces Controller
Description: Microsoft Storage Spaces Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: spaceport
Device ID: ROOT\SPACEPORT\0000
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_0461&PID_4E22\5&1FF1F9E6&0&2
 
Name: Communications Port (COM1)
Description: Communications Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Serial
Device ID: ACPI\PNP0501\1
 
Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_1984&SUBSYS_10280211&REV_1004\4&178DEBBC&0&0001
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{229B55F8-5516-11E7-B422-806E6F6E6963}#0000000000100000
 
Name: Microsoft Kernel Debug Network Adapter
Description: Microsoft Kernel Debug Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: kdnic
Device ID: ROOT\KDNIC\0000
 
Name: SASKUTIL
Description: SASKUTIL
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer: 
Service: SASKUTIL
Device ID: ROOT\LEGACY_SASKUTIL\0000
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT1
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT2
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT3
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT4
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT5
 
Name: Generic volume shadow copy
Description: Generic volume shadow copy
Class Guid: {533c5b84-ec70-11d2-9505-00c04f79deaf}
Manufacturer: Microsoft
Service: 
Device ID: STORAGE\VOLUMESNAPSHOT\HARDDISKVOLUMESNAPSHOT6
 
Name: Motherboard resources
Description: Motherboard resources
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\INT5400\3&172E68DD&0
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2936
Description: Intel® ICH9 Family USB Universal Host Controller - 2936
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2936&SUBSYS_02111028&REV_02\3&172E68DD&0&EA
 
Name: USB Mass Storage Device
Description: USB Mass Storage Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Compatible USB storage device
Service: USBSTOR
Device ID: USB\VID_0BDA&PID_0181\20060413092100000
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_8086&DEV_29B1&SUBSYS_02111028&REV_02\3&172E68DD&0&08
 
Name: System speaker
Description: System speaker
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0800\4&36D9296C&0
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&38A6C532&0
 
Name: Standard SATA AHCI Controller
Description: Standard SATA AHCI Controller
Class Guid: {4d36e96a-e325-11ce-bfc1-08002be10318}
Manufacturer: Standard SATA AHCI Controller
Service: storahci
Device ID: PCI\VEN_8086&DEV_2922&SUBSYS_02111028&REV_02\3&172E68DD&0&FA
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB\4&1ADC725&0
 
Name: UMBus Root Bus Enumerator
Description: UMBus Root Bus Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: umbus
Device ID: ROOT\UMBUS\0000
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_02111028&REV_92\3&172E68DD&0&F0
 
Name: Microsoft Radio Device Enumeration Bus
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\RADIO\{3DB5895D-CC28-44B3-AD3D-6F01A782B8D2}
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_MS#MS-PRO#HG&REV_1.00#20060413092100000&3#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: Microsoft Device Association Root Enumerator
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MSDAS\{CE958E9A-424F-4C88-86F4-11314821E75A}
 
Name: ACPI x64-based PC
Description: ACPI x64-based PC
Class Guid: {4d36e966-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard computers)
Service: \Driver\ACPI_HAL
Device ID: ROOT\ACPI_HAL\0000
 
Name: PCI Bus
Description: PCI Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: ACPI\PNP0A03\4
 
Name: HP Deskjet 3050 J610 series
Description: HP Deskjet 3050 J610 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Device ID: ROOT\PRINTER\0000
 
Name: System timer
Description: System timer
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0100\4&36D9296C&0
 
Name: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Description: Intel® ICH9 Family USB2 Enhanced Host Controller - 293C
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbehci
Device ID: PCI\VEN_8086&DEV_293C&SUBSYS_02111028&REV_02\3&172E68DD&0&D7
 
Name: Generic- SD/MMC USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SD/MMC&REV_1.00\20060413092100000&2
 
Name: WDC WD2500AAJS-08L7A0
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: SCSI\DISK&VEN_WDC&PROD_WD2500AAJS-08L7A\4&3286F775&0&000000
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: Generic- Compact Flash USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00\20060413092100000&0
 
Name: ACPI Power Button
Description: ACPI Power Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0C0C\2&DABA3FF&1
 
Name: Microsoft ACPI-Compliant System
Description: Microsoft ACPI-Compliant System
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: ACPI
Device ID: ACPI_HAL\PNP0C08\0
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Device ID: HTREE\ROOT\0
 
Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
Device ID: PCI\VEN_8086&DEV_2930&SUBSYS_02111028&REV_02\3&172E68DD&0&FB
 
Name: Microsoft Wi-Fi Direct Virtual Adapter #2
Description: Microsoft Wi-Fi Direct Virtual Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Device ID: {5D624F94-8850-40C3-A3FA-A4FD2080BAF3}\VWIFIMP_WFD\6&17B36708&0&12
 
Name: Microsoft Basic Render Driver
Description: Microsoft Basic Render Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BasicRender
Device ID: ROOT\BASICRENDER\0000
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2938
Description: Intel® ICH9 Family USB Universal Host Controller - 2938
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2938&SUBSYS_02111028&REV_02\3&172E68DD&0&D1
 
Name: ACPI Fixed Feature Button
Description: ACPI Fixed Feature Button
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\FIXEDBUTTON\2&DABA3FF&1
 
Name: ECP Printer Port (LPT1)
Description: ECP Printer Port
Class Guid: {4d36e978-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard port types)
Service: Parport
Device ID: ACPI\PNP0401\4&36D9296C&0
 
Name: Generic PnP Monitor
Description: Generic PnP Monitor
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard monitor types)
Service: monitor
Device ID: DISPLAY\ACI19AE\5&2CCE513C&0&UID256
 
Name: HID Keyboard Device
Description: HID Keyboard Device
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: kbdhid
Device ID: HID\VID_04D9&PID_1702&MI_00\7&2CC26EFA&0&0000
 
Name: E:\
Description: Compact Flash   
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00#20060413092100000&0#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\{229B55F8-5516-11E7-B422-806E6F6E6963}#000000001F500000
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2935
Description: Intel® ICH9 Family USB Universal Host Controller - 2935
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2935&SUBSYS_02111028&REV_02\3&172E68DD&0&E9
 
Name: Wi-Fi 2
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\RADIO\{7F329BC1-3DD2-4A76-A5AD-29368D11F55C}
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_04D9&PID_1702&MI_01\6&7997C92&0&0001
 
Name: Printer Port Logical Interface
Description: Printer Port Logical Interface
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: LPTENUM\MICROSOFTRAWPORT\5&1331615A&0&LPT1
 
Name: Send To OneNote 2013
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{2279C611-2338-4C5C-A58F-0DF27A895F2D}
 
Name: HID-compliant mouse
Description: HID-compliant mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: mouhid
Device ID: HID\VID_0461&PID_4E22\6&29AA44F7&0&0000
 
Name: Microsoft XPS Document Writer
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{E4ED98F9-1534-40F6-A846-F5958301B366}
 
Name: USB Input Device
Description: USB Input Device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: HidUsb
Device ID: USB\VID_04D9&PID_1702&MI_00\6&7997C92&0&0000
 
Name: Microsoft GS Wavetable Synth
Description: Generic software device
Class Guid: {62f9c741-b25a-46ce-b54c-9bccce08b6f2}
Manufacturer: Microsoft
Service: 
Device ID: SWD\MMDEVAPI\MICROSOFTGSWAVETABLESYNTH
 
Name: CPU to IO Controller
Description: CPU to IO Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: 
Device ID: PCI\VEN_8086&DEV_29B0&SUBSYS_02111028&REV_02\3&172E68DD&0&00
 
Name: HID-compliant system controller
Description: HID-compliant system controller
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: (Standard system devices)
Service: 
Device ID: HID\VID_04D9&PID_1702&MI_01&COL01\7&199252BC&0&0000
 
Name: High Definition Audio Controller
Description: High Definition Audio Controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HDAudBus
Device ID: PCI\VEN_8086&DEV_293E&SUBSYS_02111028&REV_02\3&172E68DD&0&D8
 
Name: NDIS Virtual Network Adapter Enumerator
Description: NDIS Virtual Network Adapter Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: NdisVirtualBus
Device ID: ROOT\NDISVIRTUALBUS\0000
 
Name: Volume
Description: Volume
Class Guid: {71a27cdd-812a-11d0-bec7-08002be2092f}
Manufacturer: Microsoft
Service: volume
Device ID: STORAGE\VOLUME\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: ATI Radeon HD 3450
Description: ATI Radeon HD 3450
Class Guid: {4d36e968-e325-11ce-bfc1-08002be10318}
Manufacturer: Advanced Micro Devices, Inc.
Service: amdkmdap
Device ID: PCI\VEN_1002&DEV_95C5&SUBSYS_03421028&REV_00\4&DF7E780&0&0008
 
Name: SASDIFSV
Description: SASDIFSV
Class Guid: {8ecc055d-047f-11d1-a537-0000f8753ed1}
Manufacturer: 
Service: SASDIFSV
Device ID: ROOT\LEGACY_SASDIFSV\0000
 
Name: Microsoft System Management BIOS Driver
Description: Microsoft System Management BIOS Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: mssmbios
Device ID: ROOT\MSSMBIOS\0000
 
Name: USB Root Hub
Description: USB Root Hub
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbhub
Device ID: USB\ROOT_HUB20\4&327F519F&0
 
Name: System CMOS/real time clock
Description: System CMOS/real time clock
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0B00\4&36D9296C&0
 
Name: Microsoft Print to PDF
Description: Local Print Queue
Class Guid: {1ed2bbf9-11f0-4084-b21f-ad83a8e6dcdc}
Manufacturer: Microsoft
Service: 
Device ID: SWD\PRINTENUM\{69B2D6B1-A02A-4B7D-B4E5-03798276D8E7}
 
Name: Plug and Play Software Device Enumerator
Description: Plug and Play Software Device Enumerator
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: swenum
Device ID: ROOT\SYSTEM\0000
 
Name: BitDefender AVC HV
Description: BitDefender AVC HV
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: avchv
Device ID: ROOT\SYSTEM\0001
 
Name: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter #2
Description: Realtek RTL8188EU Wireless LAN 802.11n USB 2.0 Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RtlWlanu
Device ID: USB\VID_0BDA&PID_8179\5&F86E282&0&3
 
Name: Remote Desktop Device Redirector Bus
Description: Remote Desktop Device Redirector Bus
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: rdpbus
Device ID: ROOT\RDPBUS\0000
 
Name: Generic- MS/MS-Pro/HG USB Device
Description: Disk drive
Class Guid: {4d36e967-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard disk drives)
Service: disk
Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_MS/MS-PRO/HG&REV_1.00\20060413092100000&3
 
Name: Intel® ICH9 Family USB Universal Host Controller - 2937
Description: Intel® ICH9 Family USB Universal Host Controller - 2937
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: Intel
Service: usbuhci
Device ID: PCI\VEN_8086&DEV_2937&SUBSYS_02111028&REV_02\3&172E68DD&0&D0
 
Name: G:\
Description: SD/MMC          
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Generic-
Service: WUDFWpdFs
Device ID: SWD\WPDBUSENUM\_??_USBSTOR#DISK&VEN_GENERIC-&PROD_SD#MMC&REV_1.00#20060413092100000&2#{53F56307-B6BF-11D0-94F2-00A0C91EFB8B}
 
Name: PCI-to-PCI Bridge
Description: PCI-to-PCI Bridge
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: pci
Device ID: PCI\VEN_8086&DEV_2940&SUBSYS_02111028&REV_02\3&172E68DD&0&E0
 
Name: Programmable interrupt controller
Description: Programmable interrupt controller
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard system devices)
Service: 
Device ID: ACPI\PNP0000\4&36D9296C&0
 
Name: HID-compliant consumer control device
Description: HID-compliant consumer control device
Class Guid: {745a17a0-74d3-11d0-b6fe-00a0c90f57da}
Manufacturer: Microsoft
Service: 
Device ID: HID\VID_04D9&PID_1702&MI_01&COL02\7&199252BC&0&0001
 
Name: HL-DT-ST DVD+-RW GH50N
Description: CD-ROM Drive
Class Guid: {4d36e965-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard CD-ROM drives)
Service: cdrom
Device ID: SCSI\CDROM&VEN_HL-DT-ST&PROD_DVD+-RW_GH50N\4&3286F775&0&010000
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 61%
Total physical RAM: 3965.61 MB
Available physical RAM: 1514.19 MB
Total Virtual: 5693.61 MB
Available Virtual: 3089.82 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:232.4 GB) (Free:176.5 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-IGH5NP2
 
Administrator            DefaultAccount           Dell Opti 755            
Guest                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
29-09-2017 08:35:59 Removed Nero12EssTSST.
02-10-2017 07:08:55 Installed Sophos Virus Removal Tool.
05-10-2017 21:07:26 JRT Pre-Junkware Removal
05-10-2017 21:09:34 JRT Pre-Junkware Removal
 
**** End of log ****


#5 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:12 AM

Posted 12 October 2017 - 07:55 PM

I have reviewed the thread from the Malware forum and very much doubt that malware (which a RAT would be and should be detected by what you've already used).

 

If you wish to start from scratch and reinstall Windows 10 that's a relatively simple matter, much easier than with earlier versions of Windows.

 

Presuming you have a backup of your user data, and if you suspect a RAT that nothing is finding, then I would pull the drive from your system and reformat it using another computer or boot up from a live CD version of Linux and format it from Linux (and you can ask about how one does that exactly on our Linux forum if that's the route you wish to take).

 

You would then follow the instructions on the Microsoft Windows 10 Download Page  for downloading the Media Creation Tool, creating bootable media, then reinstalling Windows 10 using same.  Since your machine has already had Windows 10 installed on it the license information will be held on Microsoft's servers and you will not be required to enter a license key to reinstall Windows 10 from scratch.

 

If the hard drive is wiped prior to starting the reinstallation of Windows 10 then you should be starting with an entirely clean slate.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#6 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 08:08 PM

well can u look at these firewall logs and tell me what you think? I do not have access to certain files on my c drive, i am just a user and not the administrator. I  have all these virutal wifi adapters that were not there before. My disk space is at 99% memory at like 50%. I do not have a backup of windows. one that isnt infected anyways...i made one after i noticed all this weirdness going one, which, yes i know is retarded but hey..whatever. What can i do in that case? And I heard that Linux is much safer than windows? But I have never used it before let alone seen it. But I would be interested in that possibly. I have to upload the pics from my phone cuz Im not putting my email on this pc anymore. Of funny thing, just now. It just found a new network, which is the wifi that I have been using...and its asking me if I trust location or not. and now requesting a 2nd and third time. First one had no ip address, second request had some random ip address and third just fe80



#7 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 08:21 PM

Hope u can see these

Attached Files



#8 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 08:34 PM

..

Attached Files



#9 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 12 October 2017 - 08:53 PM

This just happened to me trying to download this: We offer RKill under different filenames because some malware will not allow processes to run unless they have a certain filename. Therefore when attempting to run RKill, if a malware terminates it please try a different filename offered below.

 

 

why can i not get anybody to go through step by step what to do? i just found this rkill thing, no one ever mentioned trying that,. but now i know something is up because i tried to download it and chrome shut down. whatever this is is in my antivirus and all that. My paid subscription to Avast premier keeps getting renewed despite me cancelling it. and it keeps getting extended a month at a time. Ive tried to download other AV's (after turning off current one) and it wont let me. I start into safe mode and cant get internet. cant run programs. I am starting in safe mode with networking. I know something is going on...this isnt normal. I just would please like some help.



#10 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:12 AM

Posted 12 October 2017 - 09:17 PM

You are doing everything you shouldn't do if you wish to receive help.

 

You need to WAIT AND GIVE PEOPLE TIME TO DIGEST WHAT YOU'VE WRITTEN, for one thing.   You need to take several very deep breaths for another.  There is nothing unusual that I can see in the Avast information at all.

 

We, none of us, are here to jump at your command.  We have real lives.  You have already received EXTENSIVE assistance.  Have a bit of patience and stop being demanding and you will be very likely to get some more.

 

I have already told you how to wipe your machine and find the step-by-step instructions for reinstalling Windows 10 from scratch, which is precisely what you initially wanted to know about.

 

The membership of BC is not at your personal beck and call and will answer as *we* have time to do so, and if we wish to do so.  We're volunteering our time, which is our time.  Please give that just a tiny bit of consideration before posting again.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#11 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 14 October 2017 - 08:36 AM

My bad. Sorry im just frustrated and I'm sorry i freaked out for a min. However I do realize u guys r not at my beckon call. I dont expect u to be and i do appreciate all the help that I do get and I think it is a really great thing u all got going on helping the community and all.
I guess i just need to start clean with a Windows reinstall, but like I said I dont have a backup. And above it says to take my drive and pull it, and clean and reinstall using another clean computer. I dont think i know how to do that. And what about the Linux route? Would i have to pull the drive doing it that way too?

#12 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:12 AM

Posted 14 October 2017 - 01:22 PM

Were I you, I would do the following, in order (yes, even though you believe the system to be infected):

 

1. Make a copy of all of your user data on to the backup media of your choice, probably an external backup drive or USB thumb drive, depending on how much data you have.

 

2.  If you can download it, get Belarc Advisor, then run it and keep a copy of the report on paper.  This is simply an easy way to get an inventory of what's installed on your system so you can pick and choose what to install again later.

 

3.  Pull the drive from your system (which I cannot tell you exactly how to do, but once the computer is turned off it's easy - you typically just remove the screws that allow you to take off the desktop shell, one or two more that hold the drive in, pull off the power supply line and cable to the motherboard, then slide it out).  Use another computer to reformat the drive, wiping all of the existing partitions on it and creating one huge partition.  If you need help with this then either get it from someone local or ask about how this is done here if/when you reach this step when trying to do it yourself.  You will also need to specify whether you're trying to do this using another desktop (probably easier) or a laptop as the machine doing the reformatting.

 

4.  On some other Windows machine, go to the Microsoft Windows 10 Download Page and use the "Download tool now" button to download the Media Creation Tool program.  Use it to download the latest Windows 10 ISO file then use the method of your choice to create the bootable media of your choice (either DVD or a USB Thumb Drive).  For really extensive instructions regarding this (and even the next step is discussed there, with a link to detailed step-by-step instructions) see:  Updating Windows 10 using the Windows 10 ISO file.

 

5. Put the wiped drive back in your desktop computer reversing the steps you took to remove it in the first place.

 

6.  You will not be updating Windows 10 using the bootable media created from the ISO file, but doing a clean install.  In order to do this you will need to get into the UEFI/BIOS for your machine and set the boot order to look at the bootable media first.  I cannot give you exact instructions for your machine, but I can pretty much guarantee you that someone has created step-by-step instructions for "change boot order" for the Dell Optiplex 755.  Do a web search to find them.  See the previously noted Microsoft webpage related to updating Windows 10 but do a search on it for "clean install."  Instructions for doing a clean install rather than an upgrade are present there.

 

7.  Follow the instructions for doing a clean install on your machine.   After it completes you have a machine that is, for all practical intents and purposes, a completely clean slate.

 

8.  Use the Belarc report to look at the programs you had installed on the machine and to decide which of those you wish to reinstall again.

 

9.  If you are not doing the download of the ISO immediately, if you wait until next Tuesday the very latest version of Windows 10, Version 1709, goes live and you would be getting the ISO for it if you wait until then.

 

10.  Stick with Windows Defender and Windows Firewall rather than third party products.  Microsoft has been beefing up Windows Defender incredibly the past several years and a bunch of added features will debut with Version 1709.

 

11.  Read the following two articles by our own quietman7 before you begin surfing the web again:

                       What you must understand regarding computer security

                       Quietman7's Best Practices for Safe Computing 

       The fact is that most infections do not "sneak on" to any computer but are far more frequently invited in by user actions, whether those actions were intentional at the time or not.  The best defense is knowing the information presented in the above mentioned articles, knowing which really apply to your own honest examination of your own past behavior, and changing that behavior.

 

12.  Manually scan the media on which you put all your user data with Windows Defender and, for good measure, with Malwarebytes or Zemana Antimalware.  If the scans find any infections then let them do what they do to either heal them or quarantine them.  After these scans have been done then you can copy your user data back over to your "fresh, bright, and clean" machine.


Edited by britechguy, 14 October 2017 - 01:24 PM.

Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#13 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:12 AM

Posted 14 October 2017 - 01:30 PM

By the way, I would also cease and desist digging into firewall logs and the antivirus logs if there is no evidence of any misbehavior on your machine.

 

Most people, including myself, do not know how to interpret them accurately and there are always lots of things that "look suspicious" to the uninitiated but are anything but.  The same is true for Windows system error logs.  There are hundreds to thousands of "normal errors" that are not indicative of anything being amiss.

 

If your machine is acting normally and you get clean scan results from Windows Defender and the antimalware scanner of your choosing you can pretty much presume that everything is OK.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 


#14 Xxaimee1433xx

Xxaimee1433xx
  • Topic Starter

  • Members
  • 41 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:05:12 AM

Posted 16 October 2017 - 11:01 AM

Ok, thank you for that detailed process..before i go ahead and do all of that do you think there would be a way to tell why my memory and disk space is running so high. The disk is always running at 99% or close to it. And the memory is always above 50%. It's a relatively new pc (Well new to me) so there isn't anything on it that I must save. It does have office 2013 on it. And i will take your advice and stop digging in the firewall logs. Really the only issues I am having with it is the memory and disk usage being so high and that my administrator rights have been taken away. I cannot access certain files on my pc saying I dont have permission. And i keep seeing something about Windows NT. Not sure if thats an issue. Again thabk u for ur help. I'd really like to try and fix it without having to do all that you explained up there cuz it's not going to be easy for me to find a clean computer and stuff to just use to do all that. And since I lost my job cuz of the hurricane im like broke. Trying to get it running right so i can apply for online positions in customer service.

#15 britechguy

britechguy

    Been there, done that, got the T-shirt


  • Moderator
  • 7,836 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Staunton, VA
  • Local time:05:12 AM

Posted 16 October 2017 - 11:30 AM

If you want to try "the simple" method you can simply do a clean install of Windows 10 without first pulling the drive and wiping it.   That's actually what I would do.  I was simply giving you the "thermonuclear option" since you appear to be convinced that you have an infection of some sort.

 

Reinstalling Windows 10 with the "keep nothing" option makes it reformat the drive as part of the install.  You will still then have to reinstall the programs you use, such as Office 2013, after the fresh Windows 10 install.

 

50% RAM usage is not unusual at all if you don't have massive amounts of RAM.  My machine has 8GB of RAM and, as I type this, is at 82% memory usage.  It's most often well above 50% since Windows is going to maximize RAM usage because that's the fastest access it's going to get, far faster than having to go to either an SSD or HDD to retrieve data.   If you've got RAM you'd might as well use it to the fullest.

 

As far as the disk running at 99%, or close to it, have you ever allowed the machine to just sit and run for a while?   File indexing will eat up a lot of disk I/O and it's not uncommon to get a burst of activity related to building or rebuilding indexes when the machine first starts.  Depending on how much work remains to be done it can stay at high I/O levels for a while.  It's not really a big deal unless you can't do whatever else it is you want to do at the time or if it literally stays that way at all times, even after being running for a while and idle (as far as you doing anything) for a while.

 

Just do the reinstall of Windows 10 at this point as your first step.  If you don't want to wipe the drive first I still think that this is the best approach.


Brian  AKA  Bri the Tech Guy (website in my user profile) - Windows 10 Home, 64-Bit, Version 1803, Build 17134 

      Memory is a crazy woman that hoards rags and throws away food.

                    ~ Austin O'Malley

 

 

 

              

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users