nimdnsResponder.exe是什么进程，NI_ZEROCONF_SERVICE 软件信息 ID:0222035
进程文件信息网页
这个进程可以说是病毒，也可以说不是病毒。建议您咨询相关领域专业人士。本词条内容仅供参考。
[nimdnsResponder.exe] 进程文件信息
分类进程详细信息
位置ID:0222035
C:\Archivos de programa\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
&ID:0020034
National Instruments Zeroconf Service
National Instruments Corporation
NI_ZEROCONF_SERVICE
11:05:44 nimdnsResponder/win32U/i386/msvc90/release
Copyright (C)
National Instruments Corporation. All Rights Reserved.
2e6be65f13bb9f546ab38e
WindowexeAllkiller Download :
WindowexeAllkiller is a free software which can remove unwanted software from your computer at once. WindowexeAllkiller is able to easily remove all Startup, Browser Helper Object, Toolbar, Service, Task Scheduler, malware, trojan, ad-popup and so on.
Easy to use, Very simple, Very Powerful.
No Viruses, No Spyware, No Adware, It's free!
System Requirements : .Net framework 2.0 , Windows 2000, xp, vista, 7, 8 32/64bit
dll exe ocx sys files free download -
轻易的杀死所有的进程，并轻松地删除启动，浏览器辅助对象，工具栏，服务，调度与点击
无病毒，无间谍软件，无广告，这是免费的！
&& && && && && && && && && && && && && && && && && && && && && && && && && && && &&
Copyright (c) . All rights reserved. | 进程文件信息网页文件位置：
nimdnsresponder.exe文件是什么?
文件路径:C:\Windows\system32\
感谢您发表评论！
键入图片中的字符:
如果您的系统软件或游戏提示“找不到nimdnsresponder.exe”或“nimdnsresponder.exe缺失损坏” 或者“exe等错误,在本页下载nimdnsresponder.RAR文件包,解压缩后找到适合的版本文件,直接拷贝到原目录即可解决错误提示！默认解压密码:www.wenjian.net
联系人工(解决Windows系统各类软件故障)
声明：由于文件众多,本站的某些文件可能还无法下载，因为各种各样的文件达到几十万之多,所以我们还无法为每个文件一一提供下载，但是我们为此在做努力，每天坚持更新,相信在不久，网站的任意一个安全文件都可以顺利下载，真正解决大家因丢失、缺少文件导致程序无法运行的烦恼。
nimdnsresponder.exe 是 未知文件&文件百科 WenJian.Net&&&&nimdnsResponder.dll文件下载
当前位置：
» nimdnsResponder.dll下载页面
&&文件详细信息&&
文件位置:&&C:\WINDOWS\system32\
文件描述:&&National Instruments Zeroconf Library
默认解压密码:
常见的错误：文件未找到、丢失或损坏,软件冲突,病毒感染。exe/dll文件: 未响应，意外的错误，CPU使用率过高、文件遇到问题需要关闭、应用程序发生异常未知的软件异常(0xxxxxxxx),位置为0xxxxxxxx、0xxxxxxx指令引用的0xxxxxxx内存,该内存不能为read、系统资源不足，无法完成请求的服务,WINDOWS 找不到文件C:\WINDOWS\system32\xxx.exe,无法定位程序输入点 xxx 于动态链接库 xxx.dll 上。”或“xxx.exe - 无法找到组件,没有找到xxx.dll,因此这个应用程序未能启动。重新安装应用程序可能会修复此问题。应用程序或DLL X:\xx\xxx\xxx.dll为无效的windows映像。
&如何注册DLL文件
将您下载的 "*. DLL" 文件复制到 "C:\Windows\system32\" 系统目录下
然后按 "Win键+R" 或单击 "开始"->"运行" 输入 "regsvr32 *.dll" 命令注册到系统文件。适用于Windows XP/2003/vista/win7/win8.
如何注册Windows\system32\下的所有.dll和.ocx文件?在开始->运行(win+r)下输入命令:
cmd /c for %i in (%windir%\system32\*.dll) do regsvr32.exe /s %i
cmd /c for %i in (%windir%\system32\*.ocx) do regsvr32.exe /s %i
注：如出现 “xxx.exe - 无法找到入口,无法定位程序输入点 xxx 于动态链接库 xxx.dll上。” 或是
“损坏的图像 应用程序或 DLL X:\xxx.DLL 为无效的 Windows 映像。请再检测一遍您的安装盘。”
的问题一般是由于dll文件版本与exe文件版本不同造成,此时可在你的系统内搜索该DLL文件,将搜索到的DLL同名文件全部删除,然后更换本站压缩包内的其他版本dll文件,再放进程序的目录或系统目录。
联系(系统运行及各类软件故障免费咨询)
文件下载有问题?
xp/vista/win7/8 进程文件信息。协助您修复.exe/.dll/.ocx 和其他系统文件错误，提高计算机效率。
1.如果Windows提示不能删除该文件，这表明该文件正在使用中。在这种情况下，重新启动计算机并按F8键进入安全模式，然后删除该文件。
2.如果在安全模式下文件仍然不能被删除，使用一些防病毒软件自带的顽固文件强行删除工具,强行删除该文件。
Windows XP sp2 5.1.
Windows XP sp3 5.1.
Windows Server 2003 sp2 5.2.
Windows Vista Ultimate 6.0.
Windows 7 Ultimate 6.1.Javascript Disabled Detected
You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.
Register a free account to unlock additional features
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
or read our
to learn how to use this site.
infected with unknown malware
Started by
This topic is locked
22 replies to this topic
I hope this request is appropriate for this board, if not I apologize in advance.
Machine resides in an unmanaged lab environment with access to the internet. This machine was infected with various malware over the preceding 6 months.
Following adware applications were noted as being installed before I became involved:
APPLICATION    VENDOR                 INSTALL DATE
Assistant            Verified Publisher    3/25/2014
BItSaVVeir          BItSaver                  7/2/2014
RoboSSaver      RoboSavEru            6/12/2014
Recently (10-24-2014), the machine began causing a DNS flood, making DNS requests to an assortment of websites (thousands of DNS requests per second). Based on DNS logs, the machine constantly attempts to access various websites, periodically bursting to a large enough number to trigger DNS flood detection mechanisms.
This is the activity that caught my attention. I discovered and disconnected this machine from LAN and internet on 11-3-2014.
Before the machine was discovered by me, malwarebytes and Avast! free antivirus were ran on it, removing some malware. The periodic DNS floods continued after this attempted "fix". I did run malwarebytes on the machine again after discovering it, and it did not detect anything. There are currently no readily apparrant signs of infection, aside from the DNS queries.
I considered wiping the machine, but I would very much like to determine the root cause of this infection for future reference.
DDS logs are pasted below and attached per board instructions. I also attached a list of the websites that were queried in 1 second during one of the detected DNS floods.
DDS (Ver_.01) - NTFS_AMD64
Internet Explorer: 11.0.  BrowserJavaVersion: 10.71.2
Run by tubbs-diag at 14:05:19 on
Microsoft Windows 7 Ultimate   6.1.2.1.38.13519 [GMT -6:00]
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
============== Running Processes ===============
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Windows\SysWOW64\lkads.exe
C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe
C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\SysWOW64\lkcitdl.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\lktsrv.exe
C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel& Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Intel\Intel& Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Program Files\Common Files\SPBA\upeksvr.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files (x86)\Intel\Intel& USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\cscript.exe
============== Pseudo HJT Report ===============
mSearch Bar = hxxps:///?fr=hp-avast&type=odc179
mSearch Page = hxxps:///yhs/search?type=odc179&hspart=avast&hsimp=yhs-001&p={searchTerms}
mWinlogon: Userinit = userinit.exe,
BHO: {F9-4efb-9B51-7695ECA05670} - &orphaned&
BHO: Groove GFS Browser Helper: {C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {C02-4ABF-8ECC-C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC85b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Adblock Plus for IE Browser Helper Object: {FFCB-4E8B-ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel& USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~2.LNK - C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NIERRO~1.LNK - C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: DisableCAD = dword:1
mPolicies-System: SoftwareSASGeneration = dword:1
IE: {219C-491a-A3C7-D9FCDDC9D600} - {5F7B-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: Interfaces\{ADC568AF-BC50-47E6-97A1-17C5FD192834} : NameServer = 10.96.15.40
Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - &orphaned&
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Authentication Packages =  msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {C02-4ABF-8ECC-C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Adblock Plus for IE Browser Helper Object: {FFCB-4E8B-ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
x64-Run: [TdmNotify] C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {50-4f3c-EE0C6C49} - {48E7-C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {--A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - &orphaned&
x64-Notify: spba - C:\Program Files\Common Files\SPBA\homefus2.dll
x64-SSODL: WebCheck - &orphaned&
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 10.112.15.41    MRTSRV2        mrtsrv2
================= FIREFOX ===================
FF - ProfilePath -
============= SERVICES / DRIVERS ===============
R0 aswRavast! RC:\Windows\System32\drivers\aswRvrt.sys [ 65776]
R0 aswVavast! VM MC:\Windows\System32\drivers\aswVmm.sys [ 267632]
R0 iusb3Intel& USB 3.0 Host Controller Switch DC:\Windows\System32\drivers\iusb3hcs.sys [ 20464]
R0National Instruments Class Upper Filter DC:\Windows\System32\drivers\nipbcfk.sys [ 16984]
R1 aswSaswSC:\Windows\System32\drivers\aswsnx.sys [ 1050432]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [ 436624]
R2 aswHavast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [ 29208]
R2 aswMonFaswMonFC:\Windows\System32\drivers\aswmonflt.sys [ 83280]
R2 aswSaswSC:\Windows\System32\drivers\aswStm.sys [ 116728]
R2 avast! Aavast! AC:\Program Files\AVAST Software\Avast\AvastSvc.exe [ 50344]
R2 bh560Blackhawk 560 Ethernet JTAG Emulator DC:\Windows\System32\drivers\bh560eth.sys [ 105072]
R2 EmbassySEmbassySC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [ 218504]
R2 GfExperienceSNVIDIA GeForce Experience SC:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [ 1148744]
R2 IAStorDataMgrSIntel& Rapid Storage TC:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe [ 13632]
R2 Intel& Capability Licensing Service IIntel& Capability Licensing Service IC:\Program Files\Intel\iCLS Client\HeciServer.exe [ 733696]
R2 Intel& PROSet Monitoring SIntel& PROSet Monitoring SC:\Windows\System32\IPROSetMonitor.exe [ 189608]
R2 jhi_Intel& Dynamic Application Loader Host Interface SC:\Program Files (x86)\Intel\Intel& Management Engine Components\DAL\Jhi_service.exe [ 169432]
R2 NIApplicationWebSNI Application Web SC:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [ 57184]
R2NI Authentication SC:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [ 569152]
R2 niLXIDNI LXI Discovery SC:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [ 236768]
R2 nimDNSRNI mDNS Responder SC:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [ 320368]
R2 NINetworkDNI Network DC:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [ 177536]
R2 NISystemWebSNI System Web SC:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [ 57168]
R2 NiViPxiK;NI-VISA PXI DC:\Windows\System32\drivers\NiViPxiKl.sys [ 15200]
R2 NvNetworkSNVIDIA Network SC:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [ 1795912]
R2 NvStreamSNVIDIA Streamer SC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [ ]
R2 Sentinel64;Sentinel64;C:\Windows\System32\drivers\sentinel64.sys [ 145448]
R2 VBoxAswDVBoxAsw Support DC:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [ 270728]
R2 vToolbarUpdater15.4.0;vToolbarUpdater15.4.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [ 1616048]
R2 Wave Authentication Manager SWave Authentication Manager SC:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [ 1679872]
R3 AvastVBoxSAvastVBox COM SC:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [ 4012248]
R3 iusb3Intel& USB 3.0 Hub DC:\Windows\System32\drivers\iusb3hub.sys [ 358896]
R3 iusb3Intel& USB 3.0 eXtensible Host Controller DC:\Windows\System32\drivers\iusb3xhc.sys [ 792560]
R3 NvStreamKNvStreamKC:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [ 19272]
R3 nvvad_WaveENVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [ 38048]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [ 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [ 124088]
S3 BazisPortableCDBPortable WinCDEC:\Windows\System32\drivers\BazisPortableCDBus.sys [ 268896]
S3 BrlAPI;BrlAPI;C:\cygwin\bin\cygrunsrv.exe --& C:\cygwin\bin\cygrunsrv.exe [?]
S3C:\Windows\System32\drivers\dmvsc.sys [ 71168]
S3 IEEtwCollectorSInternet Explorer ETW Collector SC:\Windows\System32\ieetwcollector.exe [ 111616]
S3 Intel& Capability Licensing Service TCP IP IIntel& Capability Licensing Service TCP IP IC:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [ 822232]
S3J-LC:\Windows\System32\drivers\jlinkx64.sys [ 24448]
S3 MCHPUSB;MCHPUSB;C:\Windows\System32\drivers\mchpusb64.sys [ 64512]
S3C:\Windows\System32\drivers\netvsc60.sys [ 168448]
S3C:\Windows\System32\drivers\nidimkl.sys [ 15200]
S3C:\Windows\System32\drivers\nipalfwedl.sys [ 13624]
S3C:\Windows\System32\drivers\nipalusbedl.sys [ 13624]
S3 NiViPciK;NI-VISA PCI DC:\Windows\System32\drivers\NiViPciKl.sys [ 15200]
S3 ose64;Office 64 Source EC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [ 174440]
S3 RdpVideoMRemote Desktop Video Miniport DC:\Windows\System32\drivers\rdpvideominiport.sys [ 19456]
S3 Synth3dVMicrosoft Virtual 3D Video Transport DC:\Windows\System32\drivers\Synth3dVsc.sys [ 88960]
S3 SynthVSynthVC:\Windows\System32\drivers\VMBusVideoM.sys [ 22528]
S3Microsoft Remote Desktop Input DC:\Windows\System32\drivers\terminpt.sys [ 29696]
S3 TPDIBUS;TPDIBUS.SYS Total Phase Aardvark DC:\Windows\System32\drivers\tpdibus.sys [ 74376]
S3 TsUsbFTsUsbFC:\Windows\System32\drivers\TsUsbFlt.sys [ 56832]
S3 TsUsbGD;Remote Desktop Generic USB DC:\Windows\System32\drivers\TsUsbGD.sys [ 30208]
S3Remote Deskotop USB HC:\Windows\System32\drivers\tsusbhub.sys [ 117248]
S3 WatAdminSWindows Activation Technologies SC:\Windows\System32\Wat\WatAdminSvc.exe [ 1255736]
S3 WvPCR;WvPCR;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [ 198144]
S3 XilinxFirmwareLpLXilinxFirmwareLpLC:\Windows\System32\drivers\xusb_xlp.sys [ 19200]
S4 NIApplicationWebServer64;NI Application Web Server (64-bit);C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [ 80736]
S4Windows Live Mesh remoteC:\Program Files\Windows Live\Mesh\wlcrasvc.exe [ 57184]
=============== Created Last 30 ================
17:20:31    --------    d-----w-    C:\Users\tubbs-diag\AppData\Roaming\Intel Corporation
20:12:58    0;   ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E75F3C47-223A-430D-CC62F1E10}\mpengine.dll
21:43:45    --------    d-----w-    C:\ProgramData\AVG SafeGuard toolbar
19:12:06    0;   ----a-w-    C:\Windows\SysWow64\elshyph.dll
18:44:37    --------    d-----w-    C:\Program Files\GIMP 2
15:52:07    0;   ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
15:51:49    9;   ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
15:51:49    6;   ----a-w-    C:\Windows\System32\drivers\mwac.sys
15:51:49    2;   ----a-w-    C:\Windows\System32\drivers\mbam.sys
15:51:49    --------    d-----w-    C:\ProgramData\Malwarebytes
15:51:49    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
15:45:51    --------    d-----w-    C:\Program Files\Adblock Plus for IE
15:37:20    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
19:38:32    --------    d-----w-    C:\Windows\SysWow64\vbox
19:38:32    --------    d-----w-    C:\Windows\System32\vbox
16:24:05    9;   ----a-w-    C:\Windows\System32\drivers\aswRdr2.sys
16:24:05    8;   ----a-w-    C:\Windows\System32\drivers\aswmonflt.sys
16:24:05    6;   ----a-w-    C:\Windows\System32\drivers\aswRvrt.sys
16:24:05    2;   ----a-w-    C:\Windows\System32\drivers\aswHwid.sys
16:24:05    0;   ----a-w-    C:\Windows\System32\drivers\aswVmm.sys
16:24:05    0;   ----a-w-    C:\Windows\System32\drivers\aswStm.sys
16:24:05    0;   ----a-w-    C:\Windows\System32\drivers\aswsnx.sys
16:24:03    4;   ----a-w-    C:\Windows\avastSS.scr
16:23:33    --------    d-----w-    C:\Program Files\AVAST Software
16:23:08    --------    d-----w-    C:\ProgramData\AVAST Software
21:02:22    3;   ----a-w-    C:\Windows\System32\drivers\nvvad64v.sys
21:02:22    3;   ----a-w-    C:\Windows\SysWow64\nvaudcap32v.dll
20:59:47    9;   ----a-w-    C:\Windows\SysWow64\WindowsAccessBridge-32.dll
08:05:20    --------    d-----w-    C:\Program Files (x86)\Microsoft ASP.NET
02:26:20    8;   ----a-w-    C:\Windows\SysWow64\mscories.dll
02:26:20    7;   ----a-w-    C:\Windows\System32\mscories.dll
02:26:20    0;   ----a-w-    C:\Windows\System32\win32k.sys
02:26:20    0;   ----a-w-    C:\Windows\System32\dfshim.dll
02:26:20    0;   ----a-w-    C:\Windows\SysWow64\mscorier.dll
02:26:20    0;   ----a-w-    C:\Windows\System32\mscorier.dll
02:26:20    0;   ----a-w-    C:\Windows\SysWow64\dfshim.dll
02:26:04    0;   ----a-w-    C:\Windows\System32\msi.dll
02:26:04    0;   ----a-w-    C:\Windows\SysWow64\msi.dll
02:26:03    0;   ----a-w-    C:\Windows\System32\rdpcorets.dll
==================== Find3M  ====================
11:34:58    0;   ------w-    C:\Windows\System32\MpSigStub.exe
15:16:57    7;   ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
15:16:57    0;   ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
15:28:50    0;   ----a-w-    C:\Windows\System32\drivers\BazisPortableCDBus.sys
02:08:38    0;   ----a-w-    C:\Windows\System32\qdvd.dll
01:40:50    0;   ----a-w-    C:\Windows\SysWow64\qdvd.dll
01:18:02    0;   ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
02:13:36    0;   ----a-w-    C:\Windows\SysWow64\nvspcap.dll
02:13:36    0;   ----a-w-    C:\Windows\SysWow64\nvspbridge.dll
02:12:40    0;   ----a-w-    C:\Windows\System32\nvspcap64.dll
02:12:39    0;   ----a-w-    C:\Windows\System32\nvspbridge64.dll
01:58:18    7;   ----a-w-    C:\Windows\System32\packager.dll
01:40:05    6;   ----a-w-    C:\Windows\SysWow64\packager.dll
22:11:04    ;   ----a-w-    C:\Windows\System32\tzres.dll
21:47:10    ;   ----a-w-    C:\Windows\SysWow64\tzres.dll
02:11:09    0;   ----a-w-    C:\Windows\System32\mstscax.dll
01:52:41    0;   ----a-w-    C:\Windows\SysWow64\mstscax.dll
19:14:38    3;   ----a-w-    C:\Windows\System32\nvaudcap64v.dll
05:23:20    0;   ----a-w-    C:\Windows\System32\rastls.dll
05:04:15    0;   ----a-w-    C:\Windows\SysWow64\rastls.dll
02:07:00    0;   ----a-w-    C:\Windows\System32\gdi32.dll
01:45:55    0;   ----a-w-    C:\Windows\SysWow64\gdi32.dll
============= FINISH: 14:06:04.50 ===============
Attached Files
& &&19.85KB
&&1 downloads
& &&11.56KB
&&0 downloads
Back to top
BC AdBot (Login to Remove)
Hello and welcome to Bleeping Computer! I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.
We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.
To help Bleeping Computer better assist you please perform the following steps:
*************************************************** In order to continue receiving help , YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.CLICK THIS LINK &&&
&&& CLICK THIS LINK
If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.
***************************************************If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.Please do this even if you have previously posted logs for us.If you were unable to produce the logs originally please try once more.If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.If you are unsure about any of these characteristics just post what you can and we will guide you.Please tell us if you have your original Windows CD/DVD available. Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.
Thank you for your patience, and again sorry for the delay.
***************************************************
We need to see some information about what is happening in your machine. Please perform the following scan again: Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.Double click on the DDS icon, allow it to run. A small box will open, with an explanation about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop.Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control can be found .As I am just a silly little program running on
servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!
Back to top
Oh My!
Greetings niado
to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.If you would allow me to call you by your first name I would prefer to do that. ===================================================Ground Rules:First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.When you post your reply, use the
button instead.In the upper right hand corner of the topic you will see the
button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.I would like to remind you to make no further changes to your computer unless I direct you to do so.Now let's get started ===================================================Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.Thank you for your patience thus far. While I review our situation please run the below for me.===================================================Farbar Recovery Scan Tool (FRST)--------------------Download Farbar Recover Scan Tool for either
systems and save it to your desktop &&& ImportantIf you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one shouldDouble click the iconClick Yes to the disclaimerMake sure the Addition.txt box is checkedClick Scan and allow the program to runClick OK on the Scan complete screen, then OK on the Addition.txt pop up screen2 Notepad documents should now be open on your desktop.Please copy and paste the contents of both in your reply===================================================System Summary Information--------------------Press the windows key
+ r on your keyboard at the same timeType msinfo32 and press EnterLeft click on System SummaryClick File, Save, and name the file Summary and
the file to your reply===================================================Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. FRST resultsAddition logSystem Summary Information
Gary If I do not reply within 24 hours please send me a ."Lord, to whom shall we go? You have the words that give eternal life. We believe, and know that you are the Holy One of God."
Back to top
Hi Gary, thank you for looking into this for me. See logs pasted below and attached.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-11-2014
Ran by tubbs-diag (administrator) on TAZ on 20-11-:38
Running from C:\Users\tubbs-diag\Desktop
Loaded Profile: tubbs-diag (Available profiles: pmcorr & gerced & mloker & hjroder & jbrajo & dlgna & hceller & clorbit & tubbs-diag)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(UPEK Inc.) C:\Program Files\Common Files\SPBA\upeksvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe
() C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Intel& Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\nisvcloc\nisvcloc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\loggingserver.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\NIWebServiceContainer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel& Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel& Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe
() C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
(Wave Systems Corp.) C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe
(National Instruments Corporation) C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel& USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe
() C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] =& C:\Program Files\Realtek\Audio\HDA\RtDCpl64.exe [3-08-15] (Realtek Semiconductor Corp.)
HKLM\...\Run: [TdmNotify] =& C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmNotify.exe [1-12-08] (Wave Systems Corp.)
HKLM\...\Run: [BCSSync] =& C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2-11-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] =& C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [4-09-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] =& C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [USB3MON] =& C:\Program Files (x86)\Intel\Intel& USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [3-02-22] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] =& C:\Program Files (x86)\Intel\Intel& Rapid Storage Technology\IAStorIcon.exe [2-05-30] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] =& C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [4-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] =& C:\Program Files (x86)\AVG SafeGuard toolbar\vprot.exe [3-09-19] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] =& C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] =& C:\Program Files\AVAST Software\Avast\AvastUI.exe [4-10-31] (AVAST Software)
Winlogon\Notify\spba: C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting (64-bit).lnk
ShortcutTarget: NI Error Reporting (64-bit).lnk -& C:\Program Files\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NI Error Reporting.lnk
ShortcutTarget: NI Error Reporting.lnk -& C:\Program Files (x86)\National Instruments\Shared\NI Error Reporting\nierserver.exe (National Instruments Corporation)
ShellIconOverlayIdentifiers: [00avast] -& {-C522-11CF-CC02F24} =& C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [1TortoiseNormal] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [2TortoiseModified] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [3TortoiseConflict] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [4TortoiseLocked] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [5TortoiseReadOnly] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [6TortoiseDeleted] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [7TortoiseAdded] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [8TortoiseIgnored] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [9TortoiseUnversioned] -& {CD9--F193FC689CB2} =& C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers: [EnabledUnlockedFDEIconOverlay] -& {30D3C2AF--9CF4-E4A} =& C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers: [UninitializedFdeIconOverlay] -& {CF08DA3E-C97D-4891-A66B-E39B28DD270F} =& C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmIconOverlay.dll (Wave Systems Corp.)
ShellIconOverlayIdentifiers-x32: [1TortoiseNormal] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [2TortoiseModified] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [3TortoiseConflict] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [4TortoiseLocked] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [5TortoiseReadOnly] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [6TortoiseDeleted] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [7TortoiseAdded] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [8TortoiseIgnored] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
ShellIconOverlayIdentifiers-x32: [9TortoiseUnversioned] -& {CD9--F193FC689CB2} =& C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction &======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar =
SearchScopes: HKLM -& DefaultScope {8D6E89F1--919D-4EC1A43B78FC} URL =
SearchScopes: HKLM -& {6-472f-A0FF-EE3A} URL =
SearchScopes: HKLM -& {8D6E89F1--919D-4EC1A43B78FC} URL =
SearchScopes: HKLM-x32 -& DefaultScope {9CB-4D44-90EF-01466EFCF7BB} URL =
SearchScopes: HKLM-x32 -& {6-472f-A0FF-EE3A} URL =
SearchScopes: HKLM-x32 -& {8D6E89F1--919D-4EC1A43B78FC} URL =
SearchScopes: HKLM-x32 -& {9CB-4D44-90EF-01466EFCF7BB} URL =
BHO: Groove GFS Browser Helper -& {C5-4D22-B7F9-0BBC1D38A37E} -& C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security -& {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -& C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -& {C02-4ABF-8ECC-C6} -& C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -& {B4F3A835-0E21-4959-BA22-42B3008E02FF} -& C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -& {FFCB-4E8B-ED664} -& C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll (Adblock Plus)
BHO-x32: No Name -& {F9-4efb-9B51-7695ECA05670} -&  No File
BHO-x32: Groove GFS Browser Helper -& {C5-4D22-B7F9-0BBC1D38A37E} -& C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -& {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -& C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -& {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -& C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -& {C02-4ABF-8ECC-C6} -& C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -& {B4F3A835-0E21-4959-BA22-42B3008E02FF} -& C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -& {DBC85b-BC74-9C25C1C588A9} -& C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -& {FFCB-4E8B-ED664} -& C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll (Adblock Plus)
Winsock: Catalog5 09 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26512] (National Instruments Corporation)
Winsock: Catalog5-x64 09 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [28560] (National Instruments Corporation)
Hosts: 192.168.112.41    proctest        proctest
Tcpip\..\Interfaces\{ADC568AF-BC50-47E6-97A1-17C5FD192834}: [NameServer] 192.168.112.40
FF Plugin: @/FlashPlayer -& C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_189.dll ()
FF Plugin: @/GENUINE -& disabled No File
FF Plugin: @/NpCtrl,version=1.0 -& c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @/OfficeAuthz,version=14.0 -& C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @/FlashPlayer -& C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_189.dll ()
FF Plugin-x32: @intel-/Intel WebAPIversion=4.0.5 -& C:\Program Files (x86)\Intel\Intel& Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-/Intel WebAPI updater -& C:\Program Files (x86)\Intel\Intel& Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @/DTPlugin,version=10.71.2 -& C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @/JavaPlugin,version=10.71.2 -& C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @/GENUINE -& disabled No File
FF Plugin-x32: @/NpCtrl,version=1.0 -& c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @/OfficeAuthz,version=14.0 -& C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @/SharePoint,version=14.0 -& C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @/WLPG,version=15.4. -& C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @/WLPG,version=15.4. -& C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @/Google Uversion=3 -& C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @/Google Uversion=9 -& C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -& C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF []
CHR HKLM-x32\...\Chrome\Extension: [bpfboklmeiefoedekjeigdcnfbpjeaii] - C:\Users\hjroder\AppData\Local\CRE\bpfboklmeiefoedekjeigdcnfbpjeaii.crx []
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\\ChromeExt\\avg.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! A C:\Program Files\AVAST Software\Avast\AvastSvc.exe [-10-24] (AVAST Software)
R3 AvastVBoxS C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4-10-24] (Avast Software)
R2 EmbassyS C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\EMBASSY Client Core\EmbassyServer.exe [2-01-17] ()
S3 FLEXnet Licensing S C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [3-09-19] (Macrovision Europe Ltd.) [File not signed]
R2 GfExperienceS C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [4-09-16] (NVIDIA Corporation)
R2 Intel& Capability Licensing Service I C:\Program Files\Intel\iCLS Client\HeciServer.exe [3-05-11] (Intel& Corporation) [File not signed]
S3 Intel& Capability Licensing Service TCP IP I C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [3-05-11] (Intel& Corporation)
R2 jhi_ C:\Program Files (x86)\Intel\Intel& Management Engine Components\DAL\jhi_service.exe [3-09-12] (Intel Corporation)
R2 LkCitadelS C:\Windows\SysWOW64\lkcitdl.exe [4-01-14] (National Instruments, Inc.)
R2 lkClassA C:\Windows\SysWOW64\lkads.exe [-06-09] (National Instruments Corporation)
R2 lkTimeS C:\Windows\SysWOW64\lktsrv.exe [-06-09] (National Instruments Corporation)
R2 C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [-06-07] (National Instruments Corporation)
R2 NIApplicationWebS C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [-06-10] (National Instruments Corporation)
S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [-06-10] (National Instruments Corporation)
R2 C:\Program Files (x86)\National Instruments\Shared\niauth\niauth_daemon.exe [4-06-20] (National Instruments Corporation)
R2 NIDomainS C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [4-06-09] (National Instruments Corporation)
S3 NILM License M C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [0-08-02] (Macrovision Corporation)
R2 niLXID C:\Program Files (x86)\IVI Foundation\VISA\WinNT\NIvisa\niLxiDiscovery.exe [3-11-22] (National Instruments Corporation)
R2 nimDNSR C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [4-06-06] (National Instruments Corporation)
R2 NINetworkD C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [4-06-19] (National Instruments Corporation)
R2 NiSvcL C:\Program Files (x86)\National Instruments\Shared\niSvcLoc\nisvcloc.exe [-06-06] (National Instruments Corporation)
R2 NISystemWebS C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [-06-10] (National Instruments Corporation)
R2 NITaggerS C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [4-06-10] (National Instruments Corporation)
R2 NvNetworkS C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [4-09-16] (NVIDIA Corporation)
R2 NvStreamS C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [4-09-16] (NVIDIA Corporation)
S2 tcsd_win32. C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1-10-08] () [File not signed]
R2 vToolbarUpdater15.4.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.4.0\ToolbarUpdater.exe [3-09-19] (AVG Secure Search)
R2 Wave Authentication Manager S C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2-01-05] (Wave Systems Corp.) [File not signed]
S3 WvPCR; C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Common\WvPCR.exe [2-01-16] (Wave Systems Corp.) [File not signed]
S3 BrlAPI; C:\cygwin\bin\cygrunsrv.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswH C:\Windows\system32\drivers\aswHwid.sys [-10-24] ()
R2 aswMonF C:\Windows\system32\drivers\aswMonFlt.sys [-10-31] (AVAST Software)
R1 aswR C:\Windows\system32\drivers\aswRdr2.sys [-10-24] (AVAST Software)
R0 aswR C:\Windows\System32\Drivers\aswRvrt.sys [-10-24] ()
R1 aswS C:\Windows\system32\drivers\aswSnx.sys [4-10-31] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [4-10-24] (AVAST Software)
R2 aswS C:\Windows\system32\drivers\aswStm.sys [4-10-24] (AVAST Software)
R0 aswV C:\Windows\System32\Drivers\aswVmm.sys [4-10-24] ()
S3 BazisPortableCDB C:\Windows\System32\drivers\BazisPortableCDBus.sys [4-10-03] (SysProgs.org)
R2 bh560 C:\Windows\System32\Drivers\bh560eth.sys [0-11-17] (Blackhawk)
R3 IntcAzAudAddS C:\Windows\System32\drivers\RTDVHD64.sys [3-08-15] (Realtek Semiconductor Corp.)
S3 C:\Windows\System32\Drivers\jlinkx64.sys [-10-04] (SEGGER Microcontroller Systeme GmbH)
S3 MCHPUSB; C:\Windows\System32\DRIVERS\mchpusb64.sys [-05-12] (Microchip Technology, Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [-09-12] (Intel Corporation)
S3 C:\Windows\system32\drivers\nidimkl.sys [-09-14] (National Instruments Corporation)
S3 C:\Windows\system32\drivers\niorbkl.sys [-06-28] (National Instruments Corporation)
S3 C:\Windows\System32\drivers\nipalfwedl.sys [-12-19] (National Instruments Corporation)
R0 NIPALK; C:\Windows\System32\drivers\nipalk.sys [2-12-19] (National Instruments Corporation)
S3 C:\Windows\System32\drivers\nipalusbedl.sys [-12-19] (National Instruments Corporation)
R0 C:\Windows\System32\drivers\nipbcfk.sys [-12-18] (National Instruments Corporation)
S3 NiViPciK; C:\Windows\System32\drivers\NiViPciKl.sys [-12-11] (National Instruments Corporation)
R2 NiViPxiK; C:\Windows\System32\drivers\NiViPxiKl.sys [-12-11] (National Instruments Corporation)
R3 NvStreamK C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [-09-16] (NVIDIA Corporation)
R3 nvvad_WaveE C:\Windows\System32\drivers\nvvad64v.sys [-09-04] (NVIDIA Corporation)
R2 Sentinel64; C:\Windows\System32\Drivers\Sentinel64.sys [9-09-17] (SafeNet, Inc.)
S3 TPDIBUS; C:\Windows\System32\drivers\tpdibus.sys [-09-25] (FTDI Ltd.)
R2 VBoxAswD C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [4-10-24] (Avast Software)
R3 WinDriver6; C:\Windows\System32\drivers\windrvr6.sys [2-12-05] (Jungo)
S3 XilinxFirmwareLpL C:\Windows\System32\Drivers\xusb_xlp.sys [-12-05] (Xilinx, Inc.)
R2 XilinxPC4D C:\Windows\System32\drivers\xpc4drvr.sys [-12-05] (Xilinx, Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
_____ () C:\Users\tubbs-diag\Desktop\FRST.txt
____D () C:\FRST
_____ (Farbar) C:\Users\tubbs-diag\Desktop\FRST.exe
_____ (Farbar) C:\Users\tubbs-diag\Desktop\FRST64.exe
_____ (Sysinternals - ) C:\Users\tubbs-diag\Desktop\RAMMap.exe
_____ (Sysinternals - ) C:\Users\tubbs-diag\Desktop\RootkitRevealer.exe
_____ (Sysinternals - ) C:\Users\tubbs-diag\Desktop\Tcpview.exe
_____ (Sysinternals - ) C:\Users\tubbs-diag\Desktop\Procmon.exe
_____ (Sysinternals - ) C:\Users\tubbs-diag\Desktop\ProcExp.exe
_____ () C:\Users\tubbs-diag\Desktop\dds.txt
_____ () C:\Users\tubbs-diag\Desktop\attach.txt
____D () C:\Users\tubbs-diag\AppData\Roaming\Intel Corporation
____D () C:\Users\tubbs-diag\AppData\Local\TSVNCache
____D () C:\Users\tubbs-diag\AppData\Local\NVIDIA Corporation
_____ () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
__RSH () C:\Users\tubbs-diag\ntuser.pol
___SH () C:\Users\tubbs-diag\ntuser.ini
___RD () C:\Users\tubbs-diag\Virtual Machines
____D () C:\Users\tubbs-diag\AppData\Roaming\Subversion
____D () C:\Users\tubbs-diag\AppData\Roaming\AVAST Software
____D () C:\Users\tubbs-diag\AppData\Roaming\Adobe
____D () C:\Users\tubbs-diag\AppData\Local\NVIDIA
____D () C:\Users\tubbs-diag\AppData\Local\National Instruments
____D () C:\Users\tubbs-diag\AppData\Local\Google
____D () C:\Users\tubbs-diag\AppData\Local\AVG Secure Search
____D () C:\Users\tubbs-diag\AppData\Local\AVG SafeGuard toolbar
____D () C:\Users\tubbs-diag
_____ () C:\Users\tubbs-diag\AppData\Local\GDIPFONTCACHEV1.DAT
____D () C:\Users\tubbs-diag\Documents\Visual Studio 2012
____D () C:\Users\tubbs-diag\AppData\Local\Microsoft Help
____D () C:\Users\tubbs-diag\Documents\Visual Studio 2010
___RD () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
___RD () C:\Users\tubbs-diag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
____D () C:\Users\jbrajo\AppData\Roaming\AVAST Software
____D () C:\Users\jbrajo\AppData\Local\AVG Secure Search
____D () C:\Users\jbrajo\AppData\Local\AVG SafeGuard toolbar
_____ () C:\Users\hjroder\Desktop\Taz_software.txt
_____ () C:\Windows\system32\-04-28-56.067-AvastVBoxSVC.exe-7584.log
_____ () C:\Windows\system32\-04-26-54.077