Slow load, scan, browsing

Inactive
By Twinfire
Dec 14, 2013
  1. Hello TechSpot techsupport guru's.

    Got some issues with my notebook.

    Specs:

    Samsung 300V3A
    Core i7 2670QM 2.2ghz
    4GB ram

    A list of what has has happened so far,

    Bluescreen during online gaming,
    Difficulty loading Taskmanager
    Slow at startup
    Slow web browsing
    Slow at running scans with either MSE or MBAM and that is only a quick scan, Trying full
    scans results in odd pauses and eventually "not responding"

    Touch navigation pad becomes unresponsive,
    and the big one...the machine runs silly hot, no gaming, just browsing like I am right now.

    Temps from speedfan place the gpu at 66 degs C and the cpu varies from 68 to 81 degrees C, not normal under light load conditions. Might explain the BSOD's

    There are also several svchost.exe processes running at once, like 13 of em....? Odd?

    The MBAM quick scan showed no issues as did the MSE quick scan yet the notebook still behaves like a snail.

    ComboFix log

    ComboFix 13-12-13.01 - Aidan 14/12/2013 20:26:18.3.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4010.2752 [GMT 8:00]
    Running from: c:\users\Aidan\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-11-14 to 2013-12-14 )))))))))))))))))))))))))))))))
    .
    .
    2013-12-14 12:44 . 2013-12-14 12:44--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2013-12-14 12:44 . 2013-12-14 12:44--------d-----w-c:\users\Default\AppData\Local\temp
    2013-12-14 11:12 . 2013-12-14 11:1275888----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F86C0EB-D67B-40B5-B4DD-DC09FB9EF8B7}\offreg.dll
    2013-12-14 10:54 . 2013-11-08 03:1210285968----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F86C0EB-D67B-40B5-B4DD-DC09FB9EF8B7}\mpengine.dll
    2013-12-14 06:49 . 2013-12-14 06:49--------d-----w-C:\AI_RecycleBin
    2013-12-14 00:05 . 2013-11-08 03:1210285968----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-12-12 07:39 . 2013-10-25 06:172648576----a-w-c:\windows\system32\iertutil.dll
    2013-12-12 07:38 . 2013-10-25 06:1819271168----a-w-c:\windows\system32\mshtml.dll
    2013-12-10 10:59 . 2013-12-10 10:59--------d-----w-c:\program files (x86)\Daring Development
    2013-12-10 10:52 . 2013-12-12 14:02--------d-----w-c:\users\Aidan\AppData\Roaming\F8fbpsK9
    2013-12-10 10:37 . 2013-12-12 14:59--------d-----w-c:\program files (x86)\Optimizer Pro
    2013-12-06 14:40 . 2013-12-06 14:4020080----a-w-c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2013-12-06 14:40 . 2013-12-06 14:402106216----a-w-c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2013-12-06 14:40 . 2013-12-06 14:4075376----a-w-c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2013-12-06 14:40 . 2013-12-06 14:40272496----a-w-c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-12-06 14:40 . 2013-12-06 14:40117360----a-w-c:\program files (x86)\Mozilla Firefox\crashreporter.exe
    2013-12-06 14:40 . 2013-12-06 14:40275568----a-w-c:\program files (x86)\Mozilla Firefox\firefox.exe
    2013-12-06 14:40 . 2013-12-06 14:4064112----a-w-c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2013-12-06 14:40 . 2013-12-06 14:403459696----a-w-c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2013-12-06 14:40 . 2013-12-06 14:40302192----a-w-c:\program files (x86)\Mozilla Firefox\freebl3.dll
    2013-12-06 14:40 . 2013-12-06 14:40549488----a-w-c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2013-12-06 14:40 . 2013-12-06 14:40119408----a-w-c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
    2013-12-06 05:57 . 2013-10-19 00:35965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1718B1E1-3B97-413C-914A-B8BCEA0F4BAA}\gapaengine.dll
    2013-11-26 03:51 . 2013-11-26 03:57--------d-----w-c:\program files\Adobe
    2013-11-26 03:47 . 2013-11-26 03:53--------d-----w-c:\program files\Common Files\Adobe
    2013-11-25 13:53 . 2013-12-12 14:50--------d-----w-c:\users\Aidan\AppData\Roaming\BitTorrent
    2013-11-25 13:44 . 2013-12-12 15:09--------d-----w-c:\program files (x86)\TornTV.com
    2013-11-23 09:04 . 2013-11-23 09:04--------d-----w-c:\users\Aidan\AppData\Roaming\openvr
    2013-11-19 17:50 . 2013-12-13 14:27--------d-----w-C:\coin
    2013-11-16 12:45 . 2009-05-29 08:08--------d-----w-C:\NOOBSCAPE RELEASE
    2013-11-16 12:43 . 2009-06-04 09:20--------d-----w-C:\Noobscape Client
    2013-11-16 09:00 . 2013-11-16 09:00--------d-----w-C:\found.003
    2013-11-16 04:03 . 2013-09-04 12:12343040----a-w-c:\windows\system32\drivers\usbhub.sys
    2013-11-16 04:03 . 2013-09-04 12:11325120----a-w-c:\windows\system32\drivers\usbport.sys
    2013-11-16 04:03 . 2013-09-04 12:1199840----a-w-c:\windows\system32\drivers\usbccgp.sys
    2013-11-16 04:03 . 2013-09-04 12:1152736----a-w-c:\windows\system32\drivers\usbehci.sys
    2013-11-16 04:03 . 2013-09-04 12:1130720----a-w-c:\windows\system32\drivers\usbuhci.sys
    2013-11-16 04:03 . 2013-09-04 12:117808----a-w-c:\windows\system32\drivers\usbd.sys
    2013-11-16 04:03 . 2013-09-04 12:1125600----a-w-c:\windows\system32\drivers\usbohci.sys
    2013-11-15 12:54 . 2012-02-04 17:09--------d-----w-C:\Insidia 2 Package
    2013-11-15 12:50 . 2012-02-17 15:35--------d-----w-C:\InsidiaX.cache
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-12-06 09:43 . 2013-07-20 22:3316152----a-w-c:\windows\system32\drivers\SWDUMon.sys
    2013-11-19 10:21 . 2010-11-21 03:27267936------w-c:\windows\system32\MpSigStub.exe
    2013-10-19 06:13 . 2013-10-19 06:13108968----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
    2013-10-19 06:13 . 2013-10-19 06:14312744----a-w-c:\windows\system32\javaws.exe
    2013-10-19 06:13 . 2013-10-19 06:13189352----a-w-c:\windows\system32\javaw.exe
    2013-10-19 06:13 . 2013-10-19 06:13189352----a-w-c:\windows\system32\java.exe
    2013-10-19 00:35 . 2012-10-02 17:29965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
    2013-10-12 02:30 . 2013-11-13 21:03830464----a-w-c:\windows\system32\nshwfp.dll
    2013-10-12 02:29 . 2013-11-13 21:03859648----a-w-c:\windows\system32\IKEEXT.DLL
    2013-10-12 02:29 . 2013-11-13 21:03324096----a-w-c:\windows\system32\FWPUCLNT.DLL
    2013-10-12 02:03 . 2013-11-13 21:03656896----a-w-c:\windows\SysWow64\nshwfp.dll
    2013-10-12 02:01 . 2013-11-13 21:03216576----a-w-c:\windows\SysWow64\FWPUCLNT.DLL
    2013-10-05 20:25 . 2013-11-13 21:041474048----a-w-c:\windows\system32\crypt32.dll
    2013-10-05 19:57 . 2013-11-13 21:041168384----a-w-c:\windows\SysWow64\crypt32.dll
    2013-10-04 02:28 . 2013-11-13 21:04190464----a-w-c:\windows\system32\SmartcardCredentialProvider.dll
    2013-10-04 02:25 . 2013-11-13 21:04197120----a-w-c:\windows\system32\credui.dll
    2013-10-04 02:24 . 2013-11-13 21:041930752----a-w-c:\windows\system32\authui.dll
    2013-10-04 01:58 . 2013-11-13 21:04152576----a-w-c:\windows\SysWow64\SmartcardCredentialProvider.dll
    2013-10-04 01:56 . 2013-11-13 21:04168960----a-w-c:\windows\SysWow64\credui.dll
    2013-10-04 01:56 . 2013-11-13 21:041796096----a-w-c:\windows\SysWow64\authui.dll
    2013-10-03 02:23 . 2013-11-13 21:03404480----a-w-c:\windows\system32\gdi32.dll
    2013-10-03 02:00 . 2013-11-13 21:03311808----a-w-c:\windows\SysWow64\gdi32.dll
    2013-09-28 01:09 . 2013-11-13 21:04497152----a-w-c:\windows\system32\drivers\afd.sys
    2013-09-27 01:53 . 2013-09-27 01:53248240----a-w-c:\windows\system32\drivers\MpFilter.sys
    2013-09-27 01:53 . 2012-03-21 01:44134944----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
    2013-09-25 02:26 . 2013-11-13 21:04154560----a-w-c:\windows\system32\drivers\ksecpkg.sys
    2013-09-25 02:26 . 2013-11-13 21:0495680----a-w-c:\windows\system32\drivers\ksecdd.sys
    2013-09-25 02:23 . 2013-11-13 21:04135680----a-w-c:\windows\system32\sspicli.dll
    2013-09-25 02:23 . 2013-11-13 21:0428672----a-w-c:\windows\system32\sspisrv.dll
    2013-09-25 02:23 . 2013-11-13 21:0428160----a-w-c:\windows\system32\secur32.dll
    2013-09-25 02:22 . 2013-11-13 21:04340992----a-w-c:\windows\system32\schannel.dll
    2013-09-25 02:21 . 2013-11-13 21:04307200----a-w-c:\windows\system32\ncrypt.dll
    2013-09-25 02:21 . 2013-11-13 21:041447936----a-w-c:\windows\system32\lsasrv.dll
    2013-09-25 01:58 . 2013-11-13 21:0496768----a-w-c:\windows\SysWow64\sspicli.dll
    2013-09-25 01:57 . 2013-11-13 21:0422016----a-w-c:\windows\SysWow64\secur32.dll
    2013-09-25 01:57 . 2013-11-13 21:04247808----a-w-c:\windows\SysWow64\schannel.dll
    2013-09-25 01:56 . 2013-11-13 21:04220160----a-w-c:\windows\SysWow64\ncrypt.dll
    2013-09-25 01:03 . 2013-11-13 21:0430720----a-w-c:\windows\system32\lsass.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
    "Config"="c:\users\Aidan\AppData\Roaming\tasklaunch.exe" [2010-03-18 32592]
    "WindowsNetworkClient"="c:\users\Aidan\AppData\Roaming\AppClient\RascalClient.exe" [2013-07-27 11776]
    "Windows Compact Framework"="c:\users\Aidan\AppData\Roaming\AppClient\mm.exe" [2013-11-19 12800]
    "Windows Miner Client"="c:\coin\xmine.exe" [2013-11-24 12288]
    "p8F6lCgBkp"="c:\users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk" [2013-12-10 874]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
    R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
    R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
    R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120828.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120828.001\IDSvia64.sys [x]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
    S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
    S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
    S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
    S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
    S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
    S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
    S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
    S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
    S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191367178-1998265054-3350178268-1001Core1ce8564e19f1ad5.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 00:51]
    .
    2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191367178-1998265054-3350178268-1001UA1ce8564e50c3aed.job
    - c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 00:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-24 168216]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-24 418584]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
    "IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
    "Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com
    mStart Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={E5362D76-D368-11E2-92A6-B80305750534}
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 10.0.0.138
    FF - ProfilePath - c:\users\Aidan\AppData\Roaming\mozilla\firefox\Profiles\l69zelgy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
    FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=AU&userid=f00e8de3-0b52-100e-2330-fe2d6c2ccd45&searchtype=ds&installDate=30/09/2013&q=
    FF - user.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
    FF - user.js: browser.startup.page - 1
    FF - user.js: browser.newtab.url - file:///c:\users\Aidan\AppData\Local\TNT2\Common\pinnedSearch.htm
    FF - user.js: browser.newtab.url -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-4191367178-1998265054-3350178268-1001_Classes\CLSID\{EA2D459F-DE55-EF43-8404-4162A591C937}]
    @Denied: (A 4) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2013-12-14 20:46:39
    ComboFix-quarantined-files.txt 2013-12-14 12:46
    ComboFix2.txt 2013-12-13 15:11
    .
    Pre-Run: 60,890,644,480 bytes free
    Post-Run: 60,840,312,832 bytes free
    .
    - - End Of File - - 186955FCD4829614969CECCA42ED0332




    Any help would be greatly appreciated here

    Twin
  2. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    You've been to this forum before so you should know better...

    1. Same computer? http://www.techspot.com/community/topics/cannot-install-malwarebytes-pc-acting-up-a-little.186723/

    2. Never run Combofix on your own!

    3. You should know that you can't be running two AV programs, MSE and Norton in this case.
    You must uninstall one of them.
    If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

    4. Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    =========================================

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, you have a good memory (the internet never forgets either)

    Sadly this is a different machine and my bad on the ComboFix faux pas.

    1 - different machine
    2 - *slap!* bad Twinfire
    3 - Uninstalled Norton AV with suggested tools (windows firewall msg "norton updater firewall permission" something....which I cancelled.
    4 - Ok here we go
    .1 - Uninstalled Norton
    .2 - Quick MBAM scan
    .3 - DDS scan
    .4 - Logs are as follows

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org

    Database version: v2013.12.12.04

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 10.0.9200.16750
    Aidan :: AIDAN-PC [administrator]

    15/12/2013 8:17:45 PM
    mbam-log-2013-12-15 (20-17-45).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 240339
    Time elapsed: 10 minute(s), 7 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.17.2
    Run by Aidan at 20:37:37 on 2013-12-15
    #Option Extended Search is enabled.
    #Option Whitelisting is disabled.
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4010.2141 [GMT 8:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\nvvsvc.exe
    C:\windows\system32\svchost.exe -k RPCSS
    C:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
    C:\windows\system32\nvvsvc.exe
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\windows\system32\svchost.exe -k bthsvcs
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Tor\tor.exe
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\System32\rundll32.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe
    C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
    C:\windows\system32\wuauclt.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\windows\notepad.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uLocal Page = C:\windows\System32\blank.htm
    uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    mStart Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={E5362D76-D368-11E2-92A6-B80305750534}
    mLocal Page = C:\Windows\SysWOW64\blank.htm
    mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    uSearchAssistant = hxxp://www.google.com
    uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
    mWinlogon: Shell = explorer.exe
    mWinlogon: Userinit = C:\windows\System32\userinit.exe,
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
    uRun: [Config] C:\Users\Aidan\AppData\Roaming\tasklaunch.exe
    uRun: [WindowsNetworkClient] C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe
    uRun: [Windows Compact Framework] C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe
    uRun: [Windows Miner Client] C:\coin\xmine.exe
    uRun: [p8F6lCgBkp] C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableInstallerDetection = dword:1
    mPolicies-System: EnableLUA = dword:1
    mPolicies-System: EnableSecureUIAPaths = dword:1
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: EnableVirtualization = dword:1
    mPolicies-System: PromptOnSecureDesktop = dword:1
    mPolicies-System: ValidateAdminCodeSignatures = dword:0
    mPolicies-System: dontdisplaylastusername = dword:0
    mPolicies-System: scforceoption = dword:0
    mPolicies-System: shutdownwithoutlogon = dword:1
    mPolicies-System: undockwithoutlogon = dword:1
    mPolicies-System: FilterAdministratorToken = dword:0
    mPolicies-System: DisableRegistryTools = dword:0
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
    LSP: %SystemRoot%\system32\mswsock.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: NameServer = 10.0.0.138
    TCP: Interfaces\{3C2891BE-6943-418A-9998-750EB3ACBF44} : DHCPNameServer = 8.8.8.8 8.8.4.4
    TCP: Interfaces\{6FBCEC1E-41C9-46E8-8439-2137FB27D055} : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{814B41DB-8B5B-4FA2-905D-3E9C5E5D3BB9} : DHCPNameServer = 10.0.0.138
    TCP: Interfaces\{814B41DB-8B5B-4FA2-905D-3E9C5E5D3BB9}\24967605F6E646149353233473 : DHCPNameServer = 10.0.0.138
    Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
    Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
    Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
    Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
    Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
    Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
    Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll
    SSODL: WebCheck - <orphaned>
    SecurityProviders: SecurityProviders = credssp.dll
    LSA: Authentication Packages = msv1_0
    LSA: Notification Packages = scecli
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
    mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
    mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\windows\System32\themeui.dll
    mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
    CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
    x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
    x64-mLocal Page = C:\windows\System32\blank.htm
    x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
    x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
    x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
    x64-mWinlogon: Shell = Explorer.exe
    x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,
    x64-mWinlogon: SFCDisable = dword:0
    x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - <orphaned>
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
    x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
    x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
    x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
    x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
    x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
    x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
    x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
    x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll
    x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\MSVidCtl.dll
    x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
    x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
    x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
    x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
    x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
    x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\MSVidCtl.dll
    x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
    x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
    x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\windows\System32\themeui.dll
    x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\System32\cmd.exe /D /C start C:\windows\System32\ie4uinit.exe -ClearIconCache
    x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
    x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
    x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
    x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\windows\System32\Rundll32.exe C:\windows\System32\mscories.dll,Install
    x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Aidan\AppData\Roaming\mozilla\firefox\Profiles\l69zelgy.default\
    FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
    FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=AU&userid=f00e8de3-0b52-100e-2330-fe2d6c2ccd45&searchtype=ds&installDate=30/09/2013&q=
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
    FF - plugin: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Aidan\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
    FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
    FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
    FF - plugin: C:\windows\SysWOW64\npmproxy.dll
    FF - ExtSQL: 2013-06-06 19:55; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - ExtSQL: 2013-06-25 11:30; news@news.net; C:\Users\Aidan\AppData\Roaming\Mozilla\Firefox\Profiles\l69zelgy.default\extensions\news@news.net.xpi
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
    FF - user.js: browser.startup.page - 1
    FF - user.js: browser.newtab.url - file:///C:\Users\Aidan\AppData\Local\TNT2\Common\pinnedSearch.htm
    FF - user.js: browser.newtab.url -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 ACPI;Microsoft ACPI Driver;C:\windows\System32\drivers\acpi.sys [2010-11-21 334208]
    R0 amdxata;amdxata;C:\windows\System32\drivers\amdxata.sys [2011-7-12 27008]
    R0 atapi;IDE Channel;C:\windows\System32\drivers\atapi.sys [2009-7-14 24128]
    R0 CLFS;Common Log (CLFS);C:\windows\System32\clfs.sys [2009-7-14 367696]
    R0 CNG;CNG;C:\windows\System32\drivers\cng.sys [2013-11-14 458712]
    R0 Compbatt;Microsoft Composite Battery Driver;C:\windows\System32\drivers\compbatt.sys [2009-7-14 21584]
    R0 Disk;Disk Driver;C:\windows\System32\drivers\disk.sys [2009-7-14 73280]
    R0 FileInfo;File Information FS MiniFilter;C:\windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
    R0 FltMgr;FltMgr;C:\windows\System32\drivers\fltMgr.sys [2010-11-21 289664]
    R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\windows\System32\drivers\fvevol.sys [2013-4-11 223752]
    R0 hwpolicy;Hardware Policy Driver;C:\windows\System32\drivers\hwpolicy.sys [2010-11-21 14720]
    R0 iaStor;Intel AHCI Controller;C:\windows\System32\drivers\iaStor.sys [2011-7-12 439320]
    R0 KSecDD;KSecDD;C:\windows\System32\drivers\ksecdd.sys [2013-11-14 95680]
    R0 KSecPkg;KSecPkg;C:\windows\System32\drivers\ksecpkg.sys [2013-11-14 154560]
    R0 mountmgr;Mount Point Manager;C:\windows\System32\drivers\mountmgr.sys [2010-11-21 94592]
    R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
    R0 msahci;msahci;C:\windows\System32\drivers\msahci.sys [2010-11-21 31104]
    R0 msisadrv;msisadrv;C:\windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
    R0 Mup;Mup;C:\windows\System32\drivers\mup.sys [2009-7-14 60496]
    R0 NDIS;NDIS System Driver;C:\windows\System32\drivers\ndis.sys [2012-9-13 950128]
    R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-7-12 25960]
    R0 partmgr;Partition Manager;C:\windows\System32\drivers\partmgr.sys [2012-8-25 75120]
    R0 pci;PCI Bus Driver;C:\windows\System32\drivers\pci.sys [2010-11-21 184704]
    R0 pcw;Performance Counters for Windows Driver;C:\windows\System32\drivers\pcw.sys [2009-7-14 50768]
    R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-1-24 55856]
    R0 rdyboost;ReadyBoost;C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
    R0 spldr;Security Processor Loader Driver;C:\windows\System32\drivers\spldr.sys [2009-7-14 19008]
    R0 Tcpip;TCP/IP Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
    R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
    R0 volmgr;Volume Manager Driver;C:\windows\System32\drivers\volmgr.sys [2010-11-21 71552]
    R0 volmgrx;Dynamic Volume Manager;C:\windows\System32\drivers\volmgrx.sys [2010-11-21 363392]
    R0 volsnap;Storage volumes;C:\windows\System32\drivers\volsnap.sys [2010-11-21 295808]
    R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\windows\System32\drivers\Wdf01000.sys [2013-10-10 785624]
    R1 AFD;Ancillary Function Driver for Winsock;C:\windows\System32\drivers\afd.sys [2013-11-14 497152]
    R1 Beep;Beep;C:\windows\System32\drivers\beep.sys [2009-7-14 6656]
    R1 blbdrive;blbdrive;C:\windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
    R1 cdrom;CD-ROM Driver;C:\windows\System32\drivers\cdrom.sys [2010-11-21 147456]
    R1 DfsC;DFS Namespace Client Driver;C:\windows\System32\drivers\dfsc.sys [2010-11-21 102400]
    R1 discache;System Attribute Cache;C:\windows\System32\drivers\discache.sys [2009-7-14 40448]
    R1 Msfs;Msfs;C:\windows\System32\drivers\msfs.sys [2009-7-14 26112]
    R1 mssmbios;Microsoft System Management BIOS Driver;C:\windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
    R1 NetBIOS;NetBIOS Interface;C:\windows\System32\drivers\netbios.sys [2009-7-14 44544]
    R1 NetBT;NetBT;C:\windows\System32\drivers\netbt.sys [2010-11-21 261632]
    R1 Npfs;Npfs;C:\windows\System32\drivers\npfs.sys [2009-7-14 44032]
    R1 nsiproxy;NSI proxy service driver.;C:\windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
    R1 Null;Null;C:\windows\System32\drivers\null.sys [2009-7-14 6144]
    R1 Psched;QoS Packet Scheduler;C:\windows\System32\drivers\pacer.sys [2010-11-21 131584]
    R1 rdbss;Redirected Buffering Sub Sysytem;C:\windows\System32\drivers\rdbss.sys [2010-11-21 309248]
    R1 RDPCDD;RDPCDD;C:\windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
    R1 RDPENCDD;RDP Encoder Mirror Driver;C:\windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
  4. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-12 13824]
    R1 tdx;NetIO Legacy TDI Support Driver;C:\windows\System32\drivers\tdx.sys [2010-11-21 119296]
    R1 TermDD;Terminal Device Driver;C:\windows\System32\drivers\termdd.sys [2010-11-21 63360]
    R1 VgaSave;VgaSave;C:\windows\System32\drivers\vga.sys [2009-7-14 29184]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2011-7-12 60416]
    R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
    R1 WfpLwf;WFP Lightweight Filter;C:\windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
    R1 ws2ifsl;Winsock IFS Driver;C:\windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
    R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
    R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
    R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 AudioSrv;Windows Audio;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 BFE;Base Filtering Engine;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 BITS;Background Intelligent Transfer Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-31 923984]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-31 1001808]
    R2 CryptSvc;Cryptographic Services;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 DcomLaunch;DCOM Server Process Launcher;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
    R2 Dhcp;DHCP Client;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 Dnscache;DNS Client;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 DPS;Diagnostic Policy Service;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 eventlog;Windows Event Log;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 EventSystem;COM+ Event System;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R2 FDResPub;Function Discovery Resource Publication;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    R2 FontCache;Windows Font Cache Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R2 gpsvc;Group Policy Client;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-6-27 9216]
    R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 iphlpsvc;IP Helper;C:\windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
    R2 LanmanServer;Server;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 LanmanWorkstation;Workstation;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\windows\System32\drivers\lltdio.sys [2009-7-14 60928]
    R2 LMS;Intel(R) Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-7-12 326424]
    R2 luafv;UAC File Virtualization;C:\windows\System32\drivers\luafv.sys [2009-7-14 113152]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-20 418376]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-20 701512]
    R2 MMCSS;Multimedia Class Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 MpsSvc;Windows Firewall;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
    R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-21 134944]
    R2 NlaSvc;Network Location Awareness;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
    R2 nsi;Network Store Interface Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R2 NVSvc;NVIDIA Display Driver Service;C:\windows\System32\nvvsvc.exe [2011-3-6 993896]
    R2 PcaSvc;Program Compatibility Assistant Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 PEAUTH;PEAUTH;C:\windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
    R2 PlugPlay;Plug and Play;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
    R2 Power;Power;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
    R2 ProfSvc;User Profile Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 RichVideo;Cyberlink RichVideo Service(CRVS);C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2011-7-12 244904]
    R2 RpcEptMapper;RPC Endpoint Mapper;C:\windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
    R2 RpcSs;Remote Procedure Call (RPC);C:\windows\System32\svchost.exe -k rpcss [2009-7-14 27136]
    R2 rspndr;Link-Layer Topology Discovery Responder;C:\windows\System32\drivers\rspndr.sys [2009-7-14 76800]
    R2 SamSs;Security Accounts Manager;C:\windows\System32\lsass.exe [2013-11-14 30720]
    R2 Schedule;Task Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 secdrv;Security Driver;C:\windows\System32\drivers\secdrv.sys [2009-7-14 23040]
    R2 seclogon;Secondary Logon;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 SENS;System Event Notification Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 ShellHWDetection;Shell Hardware Detection;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 Spooler;Print Spooler;C:\windows\System32\spoolsv.exe [2012-8-25 559104]
    R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.sys [2011-7-13 11576]
    R2 stisvc;Windows Image Acquisition (WIA);C:\windows\System32\svchost.exe -k imgsvc [2009-7-14 27136]
    R2 SysMain;Superfetch;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 tcpipreg;TCP/IP Registry Compatibility;C:\windows\System32\drivers\tcpipreg.sys [2012-11-15 45568]
    R2 Themes;Themes;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-8-30 3233806]
    R2 TrkWks;Distributed Link Tracking Client;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-12 2656536]
    R2 UxSms;Desktop Window Manager Session Manager;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 Winmgmt;Windows Management Instrumentation;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R2 Wlansvc;WLAN AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-9-21 2286976]
    R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-21 1525248]
    R2 wscsvc;Security Center;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R2 WSearch;Windows Search;C:\windows\System32\SearchIndexer.exe [2012-8-25 591872]
    R2 wuauserv;Windows Update;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 AeLookupSvc;Application Experience;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 Appinfo;Application Information;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-31 1321296]
    R3 bowser;Browser Support Driver;C:\windows\System32\drivers\bowser.sys [2012-8-25 90624]
    R3 Browser;Computer Browser;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 BthEnum;Bluetooth Request Block Driver;C:\windows\System32\drivers\bthenum.sys [2009-7-14 41984]
    R3 BthPan;Bluetooth Device (Personal Area Network);C:\windows\System32\drivers\bthpan.sys [2009-7-14 118784]
    R3 bthserv;Bluetooth Support Service;C:\windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
    R3 BTHUSB;Bluetooth Radio USB Driver;C:\windows\System32\drivers\BTHUSB.SYS [2012-8-27 80384]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-9 51712]
    R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-3-9 274944]
    R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
    R3 CompositeBus;Composite Bus Enumerator Driver;C:\windows\System32\drivers\CompositeBus.sys [2010-11-21 38912]
    R3 DXGKrnl;LDDM Graphics Subsystem;C:\windows\System32\drivers\dxgkrnl.sys [2013-10-10 983488]
    R3 EapHost;Extensible Authentication Protocol;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 fdPHost;Function Discovery Provider Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\windows\System32\drivers\GEARAspiWDM.sys [2013-4-30 33240]
    R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\windows\System32\drivers\hdaudbus.sys [2010-11-21 122368]
    R3 HomeGroupListener;HomeGroup Listener;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 HomeGroupProvider;HomeGroup Provider;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    R3 HTTP;HTTP;C:\windows\System32\drivers\http.sys [2010-11-21 753664]
    R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
    R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-3-23 59904]
    R3 igfx;igfx;C:\windows\System32\drivers\igdkmd64.sys [2011-7-13 12256512]
    R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\windows\System32\drivers\RTKVHD64.sys [2011-7-12 2905320]
    R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-13 317440]
    R3 intelppm;Intel Processor Driver;C:\windows\System32\drivers\intelppm.sys [2009-7-14 62464]
    R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2013-2-20 641352]
    R3 kbdclass;Keyboard Class Driver;C:\windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
    R3 KeyIso;CNG Key Isolation;C:\windows\System32\lsass.exe [2013-11-14 30720]
    R3 ksthunk;Kernel Streaming Thunks;C:\windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
    R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-20 25928]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-7-13 56344]
    R3 monitor;Microsoft Monitor Class Function Driver Service;C:\windows\System32\drivers\monitor.sys [2009-7-14 30208]
    R3 mouclass;Mouse Class Driver;C:\windows\System32\drivers\mouclass.sys [2009-7-14 49216]
    R3 mpsdrv;Windows Firewall Authorization Driver;C:\windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
    R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\windows\System32\drivers\mrxsmb.sys [2011-7-12 158208]
    R3 mrxsmb10;SMB 1.x MiniRedirector;C:\windows\System32\drivers\mrxsmb10.sys [2012-8-25 288768]
    R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\windows\System32\drivers\mrxsmb20.sys [2011-7-12 128000]
    R3 NativeWifiP;NativeWiFi Filter;C:\windows\System32\drivers\nwifi.sys [2009-7-14 318976]
    R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
    R3 Ndisuio;NDIS Usermode I/O Protocol;C:\windows\System32\drivers\ndisuio.sys [2010-11-21 56832]
    R3 NdisWan;Remote Access NDIS WAN Driver;C:\windows\System32\drivers\ndiswan.sys [2010-11-21 164352]
    R3 NDProxy;NDIS Proxy;C:\windows\System32\drivers\ndproxy.sys [2010-11-21 57856]
    R3 Netman;Network Connections;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 netprofm;Network List Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2011-5-1 8593920]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
    R3 Ntfs;Ntfs;C:\windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
    R3 nvlddmkm;nvlddmkm;C:\windows\System32\drivers\nvlddmkm.sys [2011-7-12 13052008]
    R3 p2pimsvc;Peer Networking Identity Manager;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
    R3 p2psvc;Peer Networking Grouping;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
    R3 PNRPsvc;Peer Name Resolution Protocol;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
    R3 PolicyAgent;IPsec Policy Agent;C:\windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-14 27136]
    R3 PptpMiniport;WAN Miniport (PPTP);C:\windows\System32\drivers\raspptp.sys [2010-11-21 111104]
    R3 RasAgileVpn;WAN Miniport (IKEv2);C:\windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
    R3 Rasl2tp;WAN Miniport (L2TP);C:\windows\System32\drivers\rasl2tp.sys [2010-11-21 129536]
    R3 RasMan;Remote Access Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    R3 RasPppoe;Remote Access PPPOE Driver;C:\windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
    R3 RasSstp;WAN Miniport (SSTP);C:\windows\System32\drivers\rassstp.sys [2009-7-14 83968]
    R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-12 471144]
    R3 srv;Server SMB 1.xxx Driver;C:\windows\System32\drivers\srv.sys [2011-7-12 467456]
    R3 srv2;Server SMB 2.xxx Driver;C:\windows\System32\drivers\srv2.sys [2011-7-12 410112]
    R3 srvnet;srvnet;C:\windows\System32\drivers\srvnet.sys [2011-7-12 168448]
    R3 SSDPSRV;SSDP Discovery;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 StillCam;Still Serial Digital Camera Driver;C:\windows\System32\drivers\serscan.sys [2009-7-14 12288]
    R3 swenum;Software Bus Driver;C:\windows\System32\drivers\swenum.sys [2009-7-14 12496]
    R3 SynTP;Synaptics TouchPad Driver;C:\windows\System32\drivers\SynTP.sys [2011-7-13 1424944]
    R3 tap0901;TAP-Win32 Adapter V9;C:\windows\System32\drivers\tap0901.sys [2012-11-22 31232]
    R3 TapiSrv;Telephony;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\windows\System32\drivers\tunnel.sys [2010-11-21 125440]
    R3 umbus;UMBus Enumerator Driver;C:\windows\System32\drivers\umbus.sys [2010-11-21 48640]
    R3 upnphost;UPnP Device Host;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    R3 usbccgp;Microsoft USB Generic Parent Driver;C:\windows\System32\drivers\usbccgp.sys [2013-11-16 99840]
    R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\windows\System32\drivers\usbehci.sys [2013-11-16 52736]
    R3 usbhub;Microsoft USB Standard Hub Driver;C:\windows\System32\drivers\usbhub.sys [2013-11-16 343040]
    R3 usbvideo;USB Video Device (WDM);C:\windows\System32\drivers\usbvideo.sys [2013-10-10 185344]
    R3 vwifibus;Virtual WiFi Bus Driver;C:\windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2011-7-12 18432]
    R3 WdiServiceHost;Diagnostic Service Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    R3 WdiSystemHost;Diagnostic System Host;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 lmhosts;TCP/IP NetBIOS Helper;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-7-21 1258856]
    S2 SharedAccess;Internet Connection Sharing (ICS);C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
    S2 sppsvc;Software Protection;C:\windows\System32\sppsvc.exe [2010-11-21 3524608]
    S3 1394ohci;1394 OHCI Compliant Host Controller;C:\windows\System32\drivers\1394ohci.sys [2010-11-21 229888]
    S3 AcpiPmi;ACPI Power Meter Driver;C:\windows\System32\drivers\acpipmi.sys [2010-11-21 12800]
    S3 adp94xx;adp94xx;C:\windows\System32\drivers\adp94xx.sys [2009-6-11 491088]
    S3 adpahci;adpahci;C:\windows\System32\drivers\adpahci.sys [2009-7-14 339536]
    S3 adpu320;adpu320;C:\windows\System32\drivers\adpu320.sys [2009-7-14 182864]
    S3 agp440;Intel AGP Bus Filter;C:\windows\System32\drivers\AGP440.sys [2009-7-14 61008]
    S3 ALG;Application Layer Gateway Service;C:\windows\System32\alg.exe [2009-7-14 79360]
    S3 aliide;aliide;C:\windows\System32\drivers\aliide.sys [2009-7-14 15440]
    S3 amdide;amdide;C:\windows\System32\drivers\amdide.sys [2009-7-14 15440]
    S3 AmdK8;AMD K8 Processor Driver;C:\windows\System32\drivers\amdk8.sys [2009-7-14 64512]
    S3 AmdPPM;AMD Processor Driver;C:\windows\System32\drivers\amdppm.sys [2009-7-14 60928]
    S3 amdsata;amdsata;C:\windows\System32\drivers\amdsata.sys [2011-7-12 107904]
    S3 amdsbs;amdsbs;C:\windows\System32\drivers\amdsbs.sys [2009-6-11 194128]
    S3 AppID;AppID Driver;C:\windows\System32\drivers\appid.sys [2010-11-21 61440]
    S3 AppIDSvc;Application Identity;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 arc;arc;C:\windows\System32\drivers\arc.sys [2009-7-14 87632]
    S3 arcsas;arcsas;C:\windows\System32\drivers\arcsas.sys [2009-7-14 97856]
    S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-18 44376]
    S3 AsyncMac;RAS Asynchronous Media Driver;C:\windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
    S3 AxInstSV;ActiveX Installer (AxInstSV);C:\windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
    S3 b06bdrv;Broadcom NetXtreme II VBD;C:\windows\System32\drivers\bxvbda.sys [2009-6-11 468480]
    S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\b57nd60a.sys [2009-6-11 270848]
    S3 BDESVC;BitLocker Drive Encryption Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-11 49152]
    S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
    S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
    S3 BridgeMP;MAC Bridge Miniport;C:\windows\System32\drivers\bridge.sys [2009-7-14 95232]
    S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
    S3 BrSerWdm;Brother WDM Serial driver;C:\windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
    S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
    S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
    S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
    S3 BTHPORT;Bluetooth Port Driver;C:\windows\System32\drivers\bthport.sys [2012-8-28 552960]
    S3 CertPropSvc;Certificate Propagation;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 circlass;Consumer IR Devices;C:\windows\System32\drivers\circlass.sys [2009-7-14 45568]
    S3 cmdide;cmdide;C:\windows\System32\drivers\cmdide.sys [2009-7-14 17488]
    S3 COMSysApp;COM+ System Application;C:\windows\System32\dllhost.exe [2009-7-14 9728]
    S3 defragsvc;Disk Defragmenter;C:\windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
    S3 dot3svc;Wired AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 drmkaud;Microsoft Trusted Audio Drivers;C:\windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
    S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\windows\System32\drivers\evbda.sys [2009-6-11 3286016]
    S3 EFS;Encrypting File System (EFS);C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-21 696832]
    S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
    S3 elxstor;elxstor;C:\windows\System32\drivers\elxstor.sys [2009-6-11 530496]
    S3 ErrDev;Microsoft Hardware Error Device Driver;C:\windows\System32\drivers\errdev.sys [2009-7-14 9728]
    S3 exfat;exFAT File System Driver;C:\windows\System32\drivers\exfat.sys [2009-7-14 195072]
    S3 fastfat;FAT12/16/32 File System Driver;C:\windows\System32\drivers\fastfat.sys [2009-7-14 204800]
    S3 Fax;Fax;C:\windows\System32\FXSSVC.exe [2010-11-21 689152]
    S3 fdc;Floppy Disk Controller Driver;C:\windows\System32\drivers\fdc.sys [2009-7-14 29696]
    S3 Filetrace;Filetrace;C:\windows\System32\drivers\filetrace.sys [2009-7-14 34304]
    S3 flpydisk;Floppy Disk Driver;C:\windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
    S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-21 42856]
    S3 FsDepends;File System Dependency Minifilter;C:\windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
    S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
    S3 GameConsoleService;GameConsoleService;C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-6-4 246520]
    S3 hamachi;Hamachi Network Interface;C:\windows\System32\drivers\hamachi.sys [2009-3-19 33856]
    S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\windows\System32\drivers\hcw85cir.sys [2009-7-14 31232]
    S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\windows\System32\drivers\HdAudio.sys [2010-11-21 350208]
    S3 HidBatt;HID UPS Battery Driver;C:\windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
    S3 HidBth;Microsoft Bluetooth HID Miniport;C:\windows\System32\drivers\hidbth.sys [2009-7-14 100864]
    S3 HidIr;Microsoft Infrared HID Driver;C:\windows\System32\drivers\hidir.sys [2009-7-14 46592]
    S3 hidserv;Human Interface Device Access;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 HidUsb;Microsoft HID Class Driver;C:\windows\System32\drivers\hidusb.sys [2010-11-21 30208]
    S3 hkmsvc;Health Key and Certificate Management;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 HpSAMD;HpSAMD;C:\windows\System32\drivers\HpSAMD.sys [2010-11-21 78720]
    S3 iaStorV;Intel RAID Controller Windows 7;C:\windows\System32\drivers\iaStorV.sys [2011-7-12 410496]
    S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-21 856400]
    S3 iirsp;iirsp;C:\windows\System32\drivers\iirsp.sys [2009-7-14 44112]
    S3 intelide;intelide;C:\windows\System32\drivers\intelide.sys [2009-7-14 16960]
    S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 IpFilterDriver;IP Traffic Filter Driver;C:\windows\System32\drivers\ipfltdrv.sys [2010-11-21 82944]
    S3 IPMIDRV;IPMIDRV;C:\windows\System32\drivers\IPMIDrv.sys [2010-11-21 78848]
    S3 IPNAT;IP Network Address Translator;C:\windows\System32\drivers\ipnat.sys [2009-7-14 116224]
    S3 IRENUM;IR Bus Enumerator;C:\windows\System32\drivers\irenum.sys [2009-7-14 17920]
    S3 isapnp;isapnp;C:\windows\System32\drivers\isapnp.sys [2009-7-14 20544]
    S3 iScsiPrt;iScsiPort Driver;C:\windows\System32\drivers\msiscsi.sys [2010-11-21 273792]
    S3 kbdhid;Keyboard HID Driver;C:\windows\System32\drivers\kbdhid.sys [2010-11-21 33280]
    S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
    S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 LSI_FC;LSI_FC;C:\windows\System32\drivers\lsi_fc.sys [2009-7-14 114752]
    S3 LSI_SAS;LSI_SAS;C:\windows\System32\drivers\lsi_sas.sys [2009-7-14 106560]
    S3 LSI_SAS2;LSI_SAS2;C:\windows\System32\drivers\lsi_sas2.sys [2009-7-14 65600]
    S3 LSI_SCSI;LSI_SCSI;C:\windows\System32\drivers\lsi_scsi.sys [2009-7-14 115776]
    S3 megasas;megasas;C:\windows\System32\drivers\megasas.sys [2009-6-11 35392]
    S3 MegaSR;MegaSR;C:\windows\System32\drivers\MegaSR.sys [2009-7-14 284736]
    S3 Modem;Modem;C:\windows\System32\drivers\modem.sys [2009-7-14 40448]
    S3 mouhid;Mouse HID Driver;C:\windows\System32\drivers\mouhid.sys [2009-7-14 31232]
    S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-6-6 119408]
    S3 mpio;mpio;C:\windows\System32\drivers\mpio.sys [2010-11-21 155008]
    S3 MRxDAV;WebDav Client Redirector Driver;C:\windows\System32\drivers\mrxdav.sys [2013-10-10 140800]
    S3 msdsm;msdsm;C:\windows\System32\drivers\msdsm.sys [2010-11-21 140672]
    S3 MSDTC;Distributed Transaction Coordinator;C:\windows\System32\msdtc.exe [2009-7-14 141824]
    S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
    S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 msiserver;Windows Installer;C:\windows\System32\msiexec.exe [2010-11-21 128000]
    S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
    S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\windows\System32\drivers\mspclock.sys [2009-7-14 7168]
    S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\windows\System32\drivers\mspqm.sys [2009-7-14 6784]
    S3 MsRPC;MsRPC;C:\windows\System32\drivers\msrpc.sys [2010-11-21 366976]
    S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\windows\System32\drivers\mstee.sys [2009-7-14 8064]
    S3 MTConfig;Microsoft Input Configuration Driver;C:\windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
    S3 napagent;Network Access Protection Agent;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
    S3 Netlogon;Netlogon;C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
    S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
    S3 nvraid;nvraid;C:\windows\System32\drivers\nvraid.sys [2011-7-12 148352]
    S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2011-7-12 166272]
    S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
    S3 Parport;Parallel port driver;C:\windows\System32\drivers\parport.sys [2009-7-14 97280]
    S3 pciide;pciide;C:\windows\System32\drivers\pciide.sys [2009-7-14 12352]
    S3 pcmcia;pcmcia;C:\windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
    S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
    S3 Processor;Processor Driver;C:\windows\System32\drivers\processr.sys [2009-7-14 60416]
    S3 ProtectedStorage;Protected Storage;C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
    S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
    S3 QWAVE;Quality Windows Audio Video Experience;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 QWAVEdrv;QWAVE driver;C:\windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
    S3 RasAcd;Remote Access Auto Connection Driver;C:\windows\System32\drivers\rasacd.sys [2009-7-14 14848]
    S3 RasAuto;Remote Access Auto Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
  5. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
    S3 Netlogon;Netlogon;C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
    S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
    S3 nvraid;nvraid;C:\windows\System32\drivers\nvraid.sys [2011-7-12 148352]
    S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2011-7-12 166272]
    S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
    S3 Parport;Parallel port driver;C:\windows\System32\drivers\parport.sys [2009-7-14 97280]
    S3 pciide;pciide;C:\windows\System32\drivers\pciide.sys [2009-7-14 12352]
    S3 pcmcia;pcmcia;C:\windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
    S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
    S3 Processor;Processor Driver;C:\windows\System32\drivers\processr.sys [2009-7-14 60416]
    S3 ProtectedStorage;Protected Storage;C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
    S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
    S3 QWAVE;Quality Windows Audio Video Experience;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 QWAVEdrv;QWAVE driver;C:\windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
    S3 RasAcd;Remote Access Auto Connection Driver;C:\windows\System32\drivers\rasacd.sys [2009-7-14 14848]
    S3 RasAuto;Remote Access Auto Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
    S3 RDPWD;RDP Winstation Driver;C:\windows\System32\drivers\rdpwd.sys [2012-8-25 210944]
    S3 RemoteRegistry;Remote Registry;C:\windows\System32\svchost.exe -k regsvc [2009-7-14 27136]
    S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\windows\System32\Locator.exe [2009-7-14 10240]
    S3 rtport;rtport;C:\Windows\SysWOW64\drivers\rtport.sys [2012-4-13 15144]
    S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-13 166704]
    S3 sbp2port;sbp2port;C:\windows\System32\drivers\sbp2port.sys [2010-11-21 103808]
    S3 SCardSvr;Smart Card;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 scfilter;Smart card PnP Class Filter Driver;C:\windows\System32\drivers\scfilter.sys [2010-11-21 29696]
    S3 SCPolicySvc;Smart Card Removal Policy;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 SDRSVC;Windows Backup;C:\windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
    S3 SensrSvc;Adaptive Brightness;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 Serenum;Serenum Filter Driver;C:\windows\System32\drivers\serenum.sys [2009-7-14 23552]
    S3 Serial;Serial;C:\windows\System32\drivers\serial.sys [2009-7-14 94208]
    S3 sermouse;Serial Mouse Driver;C:\windows\System32\drivers\sermouse.sys [2009-7-14 26624]
    S3 SessionEnv;Remote Desktop Configuration;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 sffdisk;SFF Storage Class Driver;C:\windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
    S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
    S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\windows\System32\drivers\sffp_sd.sys [2010-11-21 14336]
    S3 sfloppy;High-Capacity Floppy Disk Drive;C:\windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
    S3 SiSRaid2;SiSRaid2;C:\windows\System32\drivers\sisraid2.sys [2009-6-11 43584]
    S3 SiSRaid4;SiSRaid4;C:\windows\System32\drivers\sisraid4.sys [2009-7-14 80464]
    S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\windows\System32\drivers\smb.sys [2009-7-14 93184]
    S3 SNMPTRAP;SNMP Trap;C:\windows\System32\snmptrap.exe [2009-7-14 14336]
    S3 sppuinotify;SPP Notification Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-8-25 569768]
    S3 stexstor;stexstor;C:\windows\System32\drivers\stexstor.sys [2009-7-14 24656]
    S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2013-7-21 16152]
    S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 swprv;Microsoft Software Shadow Copy Provider;C:\windows\System32\svchost.exe -k swprv [2009-7-14 27136]
    S3 TabletInputService;Tablet PC Input Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 TBS;TPM Base Services;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
    S3 TDPIPE;TDPIPE;C:\windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
    S3 TDTCP;TDTCP;C:\windows\System32\drivers\tdtcp.sys [2012-8-25 23552]
    S3 TermService;Remote Desktop Services;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    S3 THREADORDER;Thread Ordering Server;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-21 194048]
    S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\windows\System32\drivers\tssecsrv.sys [2013-8-15 39936]
    S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
    S3 uagp35;Microsoft AGPv3.5 Filter;C:\windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
    S3 UI0Detect;Interactive Services Detection;C:\windows\System32\UI0Detect.exe [2009-7-14 40960]
    S3 uliagpkx;Uli AGP Bus Filter;C:\windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
    S3 UmPass;Microsoft UMPass Driver;C:\windows\System32\drivers\umpass.sys [2009-7-14 9728]
    S3 usbcir;eHome Infrared Receiver (USBCIR);C:\windows\System32\drivers\usbcir.sys [2013-10-10 100864]
    S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\windows\System32\drivers\usbohci.sys [2013-11-16 25600]
    S3 usbprint;Microsoft USB PRINTER Class;C:\windows\System32\drivers\usbprint.sys [2009-7-14 25088]
    S3 USBSTOR;USB Mass Storage Driver;C:\windows\System32\drivers\USBSTOR.SYS [2011-7-12 91648]
    S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\windows\System32\drivers\usbuhci.sys [2013-11-16 30720]
    S3 VaultSvc;Credential Manager;C:\windows\System32\lsass.exe [2013-11-14 30720]
    S3 vds;Virtual Disk;C:\windows\System32\vds.exe [2010-11-21 533504]
    S3 vga;vga;C:\windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
    S3 vhdmp;vhdmp;C:\windows\System32\drivers\vhdmp.sys [2010-11-21 215936]
    S3 viaide;viaide;C:\windows\System32\drivers\viaide.sys [2009-7-14 17488]
    S3 vsmraid;vsmraid;C:\windows\System32\drivers\vsmraid.sys [2009-6-11 161872]
    S3 VSS;Volume Shadow Copy;C:\windows\System32\VSSVC.exe [2010-11-21 1600512]
    S3 W32Time;Windows Time;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 WacomPen;Wacom Serial Pen HID Driver;C:\windows\System32\drivers\wacompen.sys [2009-7-14 27776]
    S3 WANARP;Remote Access IP ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-26 1255736]
    S3 wbengine;Block Level Backup Engine Service;C:\windows\System32\wbengine.exe [2010-11-21 1504256]
    S3 WbioSrvc;Windows Biometric Service;C:\windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136]
    S3 wcncsvc;Windows Connect Now - Config Registrar;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S3 WcsPlugInService;Windows Color System;C:\windows\System32\svchost.exe -k wcssvc [2009-7-14 27136]
    S3 Wd;Wd;C:\windows\System32\drivers\wd.sys [2009-7-14 21056]
    S3 WebClient;WebClient;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
    S3 Wecsvc;Windows Event Collector;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S3 WerSvc;Windows Error Reporting Service;C:\windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136]
    S3 WIMMount;WIMMount;C:\windows\System32\drivers\wimmount.sys [2009-7-14 22096]
    S3 WinDefend;Windows Defender;C:\windows\System32\svchost.exe -k secsvcs [2009-7-14 27136]
    S3 WinRM;Windows Remote Management (WS-Management);C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
    S3 WinUsb;WinUsb;C:\windows\System32\drivers\winusb.sys [2010-11-21 41984]
    S3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
    S3 wmiApSrv;WMI Performance Adapter;C:\windows\System32\wbem\WmiApSrv.exe [2009-7-14 203264]
    S3 WPCSvc;Parental Controls;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
    S3 WPDBusEnum;Portable Device Enumerator Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\windows\System32\drivers\WUDFPf.sys [2012-11-15 87040]
    S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
    S3 WwanSvc;WWAN AutoConfig;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
    S4 cdfs;CD/DVD File System Reader;C:\windows\System32\drivers\cdfs.sys [2009-7-14 92160]
    S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-14 66384]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-14 89920]
    S4 crcdisk;Crcdisk Filter Driver;C:\windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
    S4 Mcx2Svc;Media Center Extender Service;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
    S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
    S4 RemoteAccess;Routing and Remote Access;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
    S4 udfs;udfs;C:\windows\System32\drivers\udfs.sys [2010-11-21 328192]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== File Associations ===============
    .
    FileExt: .bat: batfile="%1" %*
    FileExt: .cmd: cmdfile="%1" %*
    FileExt: .com: ComFile="%1" %*
    FileExt: .exe: exefile="%1" %*
    FileExt: .pif: piffile="%1" %*
    FileExt: .scr: scrfile="%1" /S
    FileExt: .reg: regfile=regedit.exe "%1"
    FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1
    FileExt: .chm: chm.file="C:\windows\hh.exe" %1
    FileExt: .ini: inifile=C:\windows\System32\NOTEPAD.EXE %1
    FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1
    ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
    ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
    ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
    ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
    ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
    ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
    ShellExec: mspaint.exe: edit="C:\windows\System32\mspaint.exe" "%1"
    ShellExec: notepad.exe: edit=C:\windows\System32\NOTEPAD.EXE %1
    ShellExec: notepad.exe: open=C:\windows\System32\NOTEPAD.EXE %1
    ShellExec: Photoshop.exe: edit="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
    ShellExec: Photoshop.exe: open="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
    ShellExec: PhotoshopElementsEditor.exe: edit="C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe" "%1"
    ShellExec: PhotoshopElementsEditor.exe: Open="C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe" "%1"
    ShellExec: photoviewer.dll: open=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: photoviewer.dll: print=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
    ShellExec: Skype.exe: open="C:\Program Files (x86)\Skype\Phone\Skype.exe" "%1"
    ShellExec: SnagItEditor.exe: open="C:\Program Files (x86)\TechSmith\Snagit 11\SnagItEditor.exe" "%1"
    ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
    ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
    ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
    ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
    .
    =============== Created Last 60 ================
    .
    2013-12-15 12:00:27 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4244C59F-48E3-403D-AFD3-1BE1B3D7AEA6}\offreg.dll
    2013-12-15 11:53:01 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4244C59F-48E3-403D-AFD3-1BE1B3D7AEA6}\mpengine.dll
    2013-12-15 03:06:23 -------- d-----w- C:\Users\Aidan\AppData\Local\PMB Files
    2013-12-15 03:06:21 -------- d-----w- C:\ProgramData\PMB Files
    2013-12-14 13:04:22 -------- d-----w- C:\Program Files (x86)\SpeedFan
    2013-12-14 12:47:57 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2013-12-14 12:46:44 -------- d-sh--w- C:\$RECYCLE.BIN
    2013-12-14 12:46:41 -------- d-----w- C:\windows\temp
    2013-12-14 06:49:52 -------- d-sh--w- C:\AI_RecycleBin
    2013-12-13 14:40:11 98816 ----a-w- C:\windows\sed.exe
    2013-12-13 14:40:11 80412 ----a-w- C:\windows\grep.exe
    2013-12-13 14:40:11 68096 ----a-w- C:\windows\zip.exe
    2013-12-13 14:40:11 60416 ----a-w- C:\windows\NIRCMD.exe
    2013-12-13 14:40:11 518144 ----a-w- C:\windows\SWREG.exe
    2013-12-13 14:40:11 406528 ----a-w- C:\windows\SWSC.exe
    2013-12-13 14:40:11 256000 ----a-w- C:\windows\PEV.exe
    2013-12-13 14:40:11 208896 ----a-w- C:\windows\MBR.exe
    2013-12-13 14:35:51 -------- d---a-w- C:\Qoobox
    2013-12-13 14:35:33 -------- d-----w- C:\windows\erdnt
    2013-12-12 07:40:10 2706432 ----a-w- C:\windows\System32\mshtml.tlb
    2013-12-12 07:40:09 391168 ----a-w- C:\windows\SysWow64\ieui.dll
    2013-12-12 07:40:09 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2013-12-12 07:40:07 526336 ----a-w- C:\windows\System32\ieui.dll
    2013-12-12 07:40:07 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
    2013-12-12 07:40:06 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
    2013-12-12 07:40:06 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
    2013-12-12 07:40:06 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2013-12-12 07:40:05 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
    2013-12-12 07:40:05 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2013-12-12 07:40:04 67072 ----a-w- C:\windows\System32\iesetup.dll
    2013-12-12 07:40:04 39936 ----a-w- C:\windows\System32\iernonce.dll
    2013-12-12 07:40:04 33280 ----a-w- C:\windows\SysWow64\iernonce.dll
    2013-12-12 07:40:03 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
    2013-12-12 07:40:03 51712 ----a-w- C:\windows\System32\ie4uinit.exe
    2013-12-12 07:40:03 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
    2013-12-12 07:40:02 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
    2013-12-12 07:40:02 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
    2013-12-12 07:40:02 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
    2013-12-12 07:40:02 136704 ----a-w- C:\windows\System32\iesysprep.dll
    2013-12-12 07:40:01 2049024 ----a-w- C:\windows\SysWow64\iertutil.dll
    2013-12-12 07:39:59 2648576 ----a-w- C:\windows\System32\iertutil.dll
    2013-12-12 07:39:57 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2013-12-12 07:39:57 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
    2013-12-12 07:39:56 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
    2013-12-12 07:39:56 603136 ----a-w- C:\windows\System32\msfeeds.dll
    2013-12-12 07:39:56 493056 ----a-w- C:\windows\SysWow64\msfeeds.dll
    2013-12-12 07:39:55 855552 ----a-w- C:\windows\System32\jscript.dll
    2013-12-12 07:39:54 690688 ----a-w- C:\windows\SysWow64\jscript.dll
    2013-12-12 07:39:52 3959808 ----a-w- C:\windows\System32\jscript9.dll
    2013-12-12 07:39:48 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
    2013-12-12 07:39:47 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
    2013-12-12 07:39:46 1140736 ----a-w- C:\windows\SysWow64\urlmon.dll
    2013-12-12 07:39:44 1365504 ----a-w- C:\windows\System32\urlmon.dll
    2013-12-12 07:39:43 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-12-12 07:39:43 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
    2013-12-12 07:39:41 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
    2013-12-12 07:39:40 53248 ----a-w- C:\windows\System32\jsproxy.dll
    2013-12-12 07:39:39 39424 ----a-w- C:\windows\SysWow64\jsproxy.dll
    2013-12-12 07:39:38 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
    2013-12-12 07:39:36 2241536 ----a-w- C:\windows\System32\wininet.dll
    2013-12-12 07:39:35 13761536 ----a-w- C:\windows\SysWow64\ieframe.dll
    2013-12-12 07:39:12 15404032 ----a-w- C:\windows\System32\ieframe.dll
    2013-12-12 07:39:06 14356992 ----a-w- C:\windows\SysWow64\mshtml.dll
    2013-12-12 07:38:54 19271168 ----a-w- C:\windows\System32\mshtml.dll
    2013-12-11 08:25:54 3155968 ----a-w- C:\windows\System32\win32k.sys
    2013-12-11 08:25:53 81408 ----a-w- C:\windows\System32\imagehlp.dll
    2013-12-11 08:25:52 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
    2013-12-11 08:25:49 2048 ----a-w- C:\windows\System32\tzres.dll
    2013-12-11 08:25:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
    2013-12-11 08:25:42 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
    2013-12-11 08:25:42 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
    2013-12-11 08:25:40 202752 ----a-w- C:\windows\System32\scrrun.dll
    2013-12-11 08:25:40 168960 ----a-w- C:\windows\System32\wscript.exe
    2013-12-11 08:25:40 156160 ----a-w- C:\windows\System32\cscript.exe
    2013-12-11 08:25:40 150016 ----a-w- C:\windows\System32\wshom.ocx
    2013-12-11 08:25:40 141824 ----a-w- C:\windows\SysWow64\wscript.exe
    2013-12-11 08:25:40 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
    2013-12-11 08:25:39 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
    2013-12-11 08:25:39 126976 ----a-w- C:\windows\SysWow64\cscript.exe
    2013-12-10 10:59:34 -------- d-----w- C:\Program Files (x86)\Daring Development
    2013-12-10 10:52:30 -------- d-----w- C:\Users\Aidan\AppData\Roaming\F8fbpsK9
    2013-12-10 10:37:21 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
    2013-12-06 14:40:38 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2013-12-06 14:40:37 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
    2013-12-06 14:40:37 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
    2013-12-06 14:40:37 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2013-12-06 14:40:34 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
    2013-12-06 14:40:33 64112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2013-12-06 14:40:33 3459696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2013-12-06 14:40:33 302192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
    2013-12-06 14:40:33 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    2013-12-06 14:40:32 549488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2013-12-06 14:40:32 119408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
    2013-12-06 05:57:06 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1718B1E1-3B97-413C-914A-B8BCEA0F4BAA}\gapaengine.dll
    2013-11-26 03:51:35 -------- d-----w- C:\Program Files\Adobe
    2013-11-26 03:47:20 -------- d-----w- C:\Program Files\Common Files\Adobe
    2013-11-25 13:53:05 -------- d-----w- C:\Users\Aidan\AppData\Roaming\BitTorrent
    2013-11-25 13:44:49 -------- d-----w- C:\Program Files (x86)\TornTV.com
    2013-11-23 09:04:32 -------- d-----w- C:\Users\Aidan\AppData\Roaming\openvr
    2013-11-21 01:10:28 -------- d-----w- C:\Users\Aidan\AppData\Local\{6D3560A6-7638-47F5-B1C9-CF4D0A17A135}
    2013-11-19 17:50:23 -------- d-----w- C:\coin
    2013-11-16 12:45:17 -------- d-----w- C:\NOOBSCAPE RELEASE
    2013-11-16 12:43:27 -------- d-----w- C:\Noobscape Client
    2013-11-16 09:00:44 -------- d-----w- C:\found.003
    2013-11-16 08:14:52 -------- d-----w- C:\Users\Aidan\AppData\Local\{0B3C6929-4F76-4EEB-815B-509E4E93DC21}
    2013-11-16 04:03:24 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
    2013-11-16 04:03:24 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
    2013-11-16 04:03:24 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
    2013-11-16 04:03:24 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
    2013-11-16 04:03:24 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
    2013-11-16 04:03:24 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
    2013-11-16 04:03:23 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
    2013-11-15 12:54:01 -------- d-----w- C:\Insidia 2 Package
    2013-11-15 12:50:44 -------- d-----w- C:\InsidiaX.cache
    2013-11-13 21:04:41 1474048 ----a-w- C:\windows\System32\crypt32.dll
    2013-11-13 21:04:41 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
    2013-11-13 21:04:27 497152 ----a-w- C:\windows\System32\drivers\afd.sys
    2013-11-13 21:04:26 1930752 ----a-w- C:\windows\System32\authui.dll
    2013-11-13 21:04:26 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
    2013-11-13 21:04:26 1796096 ----a-w- C:\windows\SysWow64\authui.dll
    2013-11-13 21:04:25 197120 ----a-w- C:\windows\System32\credui.dll
    2013-11-13 21:04:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
    2013-11-13 21:04:25 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
    2013-11-13 21:04:08 458712 ----a-w- C:\windows\System32\drivers\cng.sys
    2013-11-13 21:04:08 340992 ----a-w- C:\windows\System32\schannel.dll
    2013-11-13 21:04:08 247808 ----a-w- C:\windows\SysWow64\schannel.dll
    2013-11-13 21:04:08 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
    2013-11-13 21:04:07 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
    2013-11-13 21:04:07 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
    2013-11-13 21:04:07 307200 ----a-w- C:\windows\System32\ncrypt.dll
    2013-11-13 21:04:07 30720 ----a-w- C:\windows\System32\lsass.exe
    2013-11-13 21:04:07 28160 ----a-w- C:\windows\System32\secur32.dll
    2013-11-13 21:04:07 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
    2013-11-13 21:04:07 22016 ----a-w- C:\windows\SysWow64\secur32.dll
    2013-11-13 21:04:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
    2013-11-13 21:04:07 135680 ----a-w- C:\windows\System32\sspicli.dll
    2013-11-13 21:04:06 28672 ----a-w- C:\windows\System32\sspisrv.dll
    2013-11-13 21:03:53 404480 ----a-w- C:\windows\System32\gdi32.dll
    2013-11-13 21:03:53 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
    2013-11-13 21:03:52 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
    2013-11-13 21:03:52 830464 ----a-w- C:\windows\System32\nshwfp.dll
    2013-11-13 21:03:52 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
    2013-11-13 21:03:52 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
    2013-11-13 21:03:51 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
    2013-11-03 03:28:25 -------- d-----w- C:\Program Files (x86)\RIFT
    2013-11-01 09:57:26 -------- d-----w- C:\Users\Aidan\AppData\Local\Unity
    2013-10-27 06:44:56 -------- d-----w- C:\Users\Aidan\AppData\Local\{7ADA229C-CCF6-4811-BCDE-4034CBDB19CF}
    2013-10-19 06:14:22 312744 ----a-w- C:\windows\System32\javaws.exe
    2013-10-19 06:13:48 189352 ----a-w- C:\windows\System32\javaw.exe
    2013-10-19 06:13:48 189352 ----a-w- C:\windows\System32\java.exe
    2013-10-19 06:13:48 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
    2013-10-19 06:09:50 -------- d-----w- C:\Program Files\Java
    .
    ==================== Find6M ====================
    .
    2013-12-06 09:43:32 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
    2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
    2013-09-27 01:53:06 248240 ----a-w- C:\windows\System32\drivers\MpFilter.sys
    2013-09-27 01:53:06 134944 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
    2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
    2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
    2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
    2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
    2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
    2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
    2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
    2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
    2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
    2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
    2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
    2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
    2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
    2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
    2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
    2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
    2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
    2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
    2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
    2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
    2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
    2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
    2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
    2013-08-02 02:13:34 1161216 ----a-w- C:\windows\System32\kernel32.dll
    2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
    2013-08-02 01:50:41 1114112 ----a-w- C:\windows\SysWow64\kernel32.dll
    2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
    2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
    2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
    2013-07-26 02:24:57 14172672 ----a-w- C:\windows\System32\shell32.dll
    2013-07-26 02:24:56 197120 ----a-w- C:\windows\System32\shdocvw.dll
    2013-07-26 01:55:59 180224 ----a-w- C:\windows\SysWow64\shdocvw.dll
    2013-07-26 01:55:59 12872704 ----a-w- C:\windows\SysWow64\shell32.dll
    2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
    2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
    2013-07-20 10:33:12 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2013-07-20 10:33:08 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
    2013-07-12 10:41:35 185344 ----a-w- C:\windows\System32\drivers\usbvideo.sys
    2013-07-12 10:41:12 100864 ----a-w- C:\windows\System32\drivers\usbcir.sys
    2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
    2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
    2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
    2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
    2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
    2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
    2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
    2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
    2013-07-04 12:57:22 259584 ----a-w- C:\windows\System32\WebClnt.dll
    2013-07-04 12:50:46 102400 ----a-w- C:\windows\System32\davclnt.dll
    2013-07-04 12:50:39 633856 ----a-w- C:\windows\System32\comctl32.dll
    2013-07-04 11:57:28 205824 ----a-w- C:\windows\SysWow64\WebClnt.dll
    2013-07-04 11:51:04 81920 ----a-w- C:\windows\SysWow64\davclnt.dll
    2013-07-04 11:50:56 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
    2013-07-04 10:11:35 140800 ----a-w- C:\windows\System32\drivers\mrxdav.sys
    2013-07-03 04:05:05 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys
    2013-07-03 04:05:04 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys
    2013-06-25 22:55:52 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
    .
    ============= FINISH: 20:39:41.04 ===============
  6. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Thanks for your assistance with this little problem.

    P.S This is for my son
  7. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    At this moment the board seem to have serious posting issue. We'll have to wait until the problem is fixed.
  8. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    The issue is only partially fixed so we have to use workaround to communicate here.
    Before posting make sure to switch Rich Text Editor of by clicking on this icon:
    [​IMG]

    [​IMG] Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download Malwarebytes Anti-Rootkit (MBAR) from HERE
    • Unzip downloaded file.
    • Open the folder where the contents were unzipped and run mbar.exe
    • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
    • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
    • Wait while the system shuts down and the cleanup process is performed.
    • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
    • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
  9. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, thank you for your assistance with this issue :)

    Here is the Rogue Killer report

    RogueKiller V8.7.12 _x64_ [Nov 25 2013] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.adlice.com/forum/
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Aidan [Admin rights]
    Mode : Remove -- Date : 12/18/2013 13:03:11
    | ARK || FAK || MBR |

    ¤¤¤ Bad processes : 2 ¤¤¤
    [SUSP PATH] RascalClient.exe -- C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-] -> KILLED [TermProc]
    [SUSP PATH] mm.exe -- C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-] -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 12 ¤¤¤
    [RUN][SUSP PATH] HKCU\[...]\Run : Config (C:\Users\Aidan\AppData\Roaming\tasklaunch.exe [7]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : WindowsNetworkClient (C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : Windows Compact Framework (C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-]) -> DELETED
    [RUN][SUSP PATH] HKCU\[...]\Run : p8F6lCgBkp (C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk [-]) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : Config (C:\Users\Aidan\AppData\Roaming\tasklaunch.exe [7]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : WindowsNetworkClient (C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : Windows Compact Framework (C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-]) -> [0x2] The system cannot find the file specified.
    [RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : p8F6lCgBkp (C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk [-]) -> [0x2] The system cannot find the file specified.
    [HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
    [HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Scheduled tasks : 1 ¤¤¤
    [V2][SUSP PATH] FRAPS : C:\Users\Aidan\Desktop\fraps.exe [x] -> DELETED

    ¤¤¤ Startup Entries : 0 ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

    ¤¤¤ External Hives: ¤¤¤

    ¤¤¤ Infection : ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> %SystemRoot%\System32\drivers\etc\hosts


    127.0.0.1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
    --- User ---
    [MBR] 36c8f0f132f478d0149ee19cc93d4431
    [BSP] 8478360f9d9b6c4d159f05a4c467fa83 : KIWI Image system MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 277504 Mo
    2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 568535040 | Size: 415875 Mo
    3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1420247040 | Size: 21924 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[0]_D_121820

    13_130311.txt >>
    RKreport[0]_S_12182013_130210.txt
  10. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Double post....:-(my bad
  11. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

     
  12. Broni

    Broni Malware Annihilator Posts: 46,339   +252

  13. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, bad news to report, the laptop in question has fallen quite ill.

    I managed to do the scan but was unable to post it. The text box to type in the reply was not appearing on the other machine yet it would appear on this machine....? I don't get why it was doing that.

    Now for reasons unknown the laptop won't proceed past the "Starting Windows" splash with the icon pulsing slowly and when trying safe mode it hangs at

    Loaded: \windows\system32\drivers\CLASSPNP.SYS

    With no recovery disk or recognised restore point (even called it Laptop Cleanup), even LKGC doesn't work. Start up repair shows corrupted registry...:-( Where to now besides the trash can?

    My son didn't notice the signs of impending doom, what is done is done.

    Twin
  14. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
    NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

    If you are using Vista or Windows 7 enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note:
      Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  15. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Thank you again for your time,

    I think it's dead, can't even access the advanced boot options now despite tapping F8 button...It goes straight to windows recovery with a "windows failed to start". F8 doesn't work from here either.

    .I thinks she'a gonner captain
  16. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Use the second option:

    To enter System Recovery Options by using Windows installation disc:
  17. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Still with me?
  18. Twinfire

    Twinfire Newcomer, in training Topic Starter Posts: 31

    Hello Broni, sorry for late reply.

    Long story short, the machine has been sent to a local computer store for repairs. My son was growing impatient so mom sent it off (which will be weeks because of the holidays). All the hassling in the world won't hurry these guys :)

    Thank you for your valuable time Broni, a donation will be forthcoming.
  19. Broni

    Broni Malware Annihilator Posts: 46,339   +252

    Thanks for letting me know :)

    [​IMG]


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.