Inactive Slow load, scan, browsing

T

Twinfire

Posts: 53   +0
Hello TechSpot techsupport guru's.

Got some issues with my notebook.

Specs:

Samsung 300V3A
Core i7 2670QM 2.2ghz
4GB ram

A list of what has has happened so far,

Bluescreen during online gaming,
Difficulty loading Taskmanager
Slow at startup
Slow web browsing
Slow at running scans with either MSE or MBAM and that is only a quick scan, Trying full
scans results in odd pauses and eventually "not responding"

Touch navigation pad becomes unresponsive,
and the big one...the machine runs silly hot, no gaming, just browsing like I am right now.

Temps from speedfan place the gpu at 66 degs C and the cpu varies from 68 to 81 degrees C, not normal under light load conditions. Might explain the BSOD's

There are also several svchost.exe processes running at once, like 13 of em....? Odd?

The MBAM quick scan showed no issues as did the MSE quick scan yet the notebook still behaves like a snail.

ComboFix log

ComboFix 13-12-13.01 - Aidan 14/12/2013 20:26:18.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4010.2752 [GMT 8:00]
Running from: c:\users\Aidan\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-14 to 2013-12-14 )))))))))))))))))))))))))))))))
.
.
2013-12-14 12:44 . 2013-12-14 12:44--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2013-12-14 12:44 . 2013-12-14 12:44--------d-----w-c:\users\Default\AppData\Local\temp
2013-12-14 11:12 . 2013-12-14 11:1275888----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F86C0EB-D67B-40B5-B4DD-DC09FB9EF8B7}\offreg.dll
2013-12-14 10:54 . 2013-11-08 03:1210285968----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6F86C0EB-D67B-40B5-B4DD-DC09FB9EF8B7}\mpengine.dll
2013-12-14 06:49 . 2013-12-14 06:49--------d-----w-C:\AI_RecycleBin
2013-12-14 00:05 . 2013-11-08 03:1210285968----a-w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-12 07:39 . 2013-10-25 06:172648576----a-w-c:\windows\system32\iertutil.dll
2013-12-12 07:38 . 2013-10-25 06:1819271168----a-w-c:\windows\system32\mshtml.dll
2013-12-10 10:59 . 2013-12-10 10:59--------d-----w-c:\program files (x86)\Daring Development
2013-12-10 10:52 . 2013-12-12 14:02--------d-----w-c:\users\Aidan\AppData\Roaming\F8fbpsK9
2013-12-10 10:37 . 2013-12-12 14:59--------d-----w-c:\program files (x86)\Optimizer Pro
2013-12-06 14:40 . 2013-12-06 14:4020080----a-w-c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-12-06 14:40 . 2013-12-06 14:402106216----a-w-c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-12-06 14:40 . 2013-12-06 14:4075376----a-w-c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-12-06 14:40 . 2013-12-06 14:40272496----a-w-c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-12-06 14:40 . 2013-12-06 14:40117360----a-w-c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2013-12-06 14:40 . 2013-12-06 14:40275568----a-w-c:\program files (x86)\Mozilla Firefox\firefox.exe
2013-12-06 14:40 . 2013-12-06 14:4064112----a-w-c:\program files (x86)\Mozilla Firefox\libEGL.dll
2013-12-06 14:40 . 2013-12-06 14:403459696----a-w-c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2013-12-06 14:40 . 2013-12-06 14:40302192----a-w-c:\program files (x86)\Mozilla Firefox\freebl3.dll
2013-12-06 14:40 . 2013-12-06 14:40549488----a-w-c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2013-12-06 14:40 . 2013-12-06 14:40119408----a-w-c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-12-06 05:57 . 2013-10-19 00:35965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1718B1E1-3B97-413C-914A-B8BCEA0F4BAA}\gapaengine.dll
2013-11-26 03:51 . 2013-11-26 03:57--------d-----w-c:\program files\Adobe
2013-11-26 03:47 . 2013-11-26 03:53--------d-----w-c:\program files\Common Files\Adobe
2013-11-25 13:53 . 2013-12-12 14:50--------d-----w-c:\users\Aidan\AppData\Roaming\BitTorrent
2013-11-25 13:44 . 2013-12-12 15:09--------d-----w-c:\program files (x86)\TornTV.com
2013-11-23 09:04 . 2013-11-23 09:04--------d-----w-c:\users\Aidan\AppData\Roaming\openvr
2013-11-19 17:50 . 2013-12-13 14:27--------d-----w-C:\coin
2013-11-16 12:45 . 2009-05-29 08:08--------d-----w-C:\NOOBSCAPE RELEASE
2013-11-16 12:43 . 2009-06-04 09:20--------d-----w-C:\Noobscape Client
2013-11-16 09:00 . 2013-11-16 09:00--------d-----w-C:\found.003
2013-11-16 04:03 . 2013-09-04 12:12343040----a-w-c:\windows\system32\drivers\usbhub.sys
2013-11-16 04:03 . 2013-09-04 12:11325120----a-w-c:\windows\system32\drivers\usbport.sys
2013-11-16 04:03 . 2013-09-04 12:1199840----a-w-c:\windows\system32\drivers\usbccgp.sys
2013-11-16 04:03 . 2013-09-04 12:1152736----a-w-c:\windows\system32\drivers\usbehci.sys
2013-11-16 04:03 . 2013-09-04 12:1130720----a-w-c:\windows\system32\drivers\usbuhci.sys
2013-11-16 04:03 . 2013-09-04 12:117808----a-w-c:\windows\system32\drivers\usbd.sys
2013-11-16 04:03 . 2013-09-04 12:1125600----a-w-c:\windows\system32\drivers\usbohci.sys
2013-11-15 12:54 . 2012-02-04 17:09--------d-----w-C:\Insidia 2 Package
2013-11-15 12:50 . 2012-02-17 15:35--------d-----w-C:\InsidiaX.cache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-12-06 09:43 . 2013-07-20 22:3316152----a-w-c:\windows\system32\drivers\SWDUMon.sys
2013-11-19 10:21 . 2010-11-21 03:27267936------w-c:\windows\system32\MpSigStub.exe
2013-10-19 06:13 . 2013-10-19 06:13108968----a-w-c:\windows\system32\WindowsAccessBridge-64.dll
2013-10-19 06:13 . 2013-10-19 06:14312744----a-w-c:\windows\system32\javaws.exe
2013-10-19 06:13 . 2013-10-19 06:13189352----a-w-c:\windows\system32\javaw.exe
2013-10-19 06:13 . 2013-10-19 06:13189352----a-w-c:\windows\system32\java.exe
2013-10-19 00:35 . 2012-10-02 17:29965000------w-c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:30 . 2013-11-13 21:03830464----a-w-c:\windows\system32\nshwfp.dll
2013-10-12 02:29 . 2013-11-13 21:03859648----a-w-c:\windows\system32\IKEEXT.DLL
2013-10-12 02:29 . 2013-11-13 21:03324096----a-w-c:\windows\system32\FWPUCLNT.DLL
2013-10-12 02:03 . 2013-11-13 21:03656896----a-w-c:\windows\SysWow64\nshwfp.dll
2013-10-12 02:01 . 2013-11-13 21:03216576----a-w-c:\windows\SysWow64\FWPUCLNT.DLL
2013-10-05 20:25 . 2013-11-13 21:041474048----a-w-c:\windows\system32\crypt32.dll
2013-10-05 19:57 . 2013-11-13 21:041168384----a-w-c:\windows\SysWow64\crypt32.dll
2013-10-04 02:28 . 2013-11-13 21:04190464----a-w-c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 02:25 . 2013-11-13 21:04197120----a-w-c:\windows\system32\credui.dll
2013-10-04 02:24 . 2013-11-13 21:041930752----a-w-c:\windows\system32\authui.dll
2013-10-04 01:58 . 2013-11-13 21:04152576----a-w-c:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-10-04 01:56 . 2013-11-13 21:04168960----a-w-c:\windows\SysWow64\credui.dll
2013-10-04 01:56 . 2013-11-13 21:041796096----a-w-c:\windows\SysWow64\authui.dll
2013-10-03 02:23 . 2013-11-13 21:03404480----a-w-c:\windows\system32\gdi32.dll
2013-10-03 02:00 . 2013-11-13 21:03311808----a-w-c:\windows\SysWow64\gdi32.dll
2013-09-28 01:09 . 2013-11-13 21:04497152----a-w-c:\windows\system32\drivers\afd.sys
2013-09-27 01:53 . 2013-09-27 01:53248240----a-w-c:\windows\system32\drivers\MpFilter.sys
2013-09-27 01:53 . 2012-03-21 01:44134944----a-w-c:\windows\system32\drivers\NisDrvWFP.sys
2013-09-25 02:26 . 2013-11-13 21:04154560----a-w-c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:26 . 2013-11-13 21:0495680----a-w-c:\windows\system32\drivers\ksecdd.sys
2013-09-25 02:23 . 2013-11-13 21:04135680----a-w-c:\windows\system32\sspicli.dll
2013-09-25 02:23 . 2013-11-13 21:0428672----a-w-c:\windows\system32\sspisrv.dll
2013-09-25 02:23 . 2013-11-13 21:0428160----a-w-c:\windows\system32\secur32.dll
2013-09-25 02:22 . 2013-11-13 21:04340992----a-w-c:\windows\system32\schannel.dll
2013-09-25 02:21 . 2013-11-13 21:04307200----a-w-c:\windows\system32\ncrypt.dll
2013-09-25 02:21 . 2013-11-13 21:041447936----a-w-c:\windows\system32\lsasrv.dll
2013-09-25 01:58 . 2013-11-13 21:0496768----a-w-c:\windows\SysWow64\sspicli.dll
2013-09-25 01:57 . 2013-11-13 21:0422016----a-w-c:\windows\SysWow64\secur32.dll
2013-09-25 01:57 . 2013-11-13 21:04247808----a-w-c:\windows\SysWow64\schannel.dll
2013-09-25 01:56 . 2013-11-13 21:04220160----a-w-c:\windows\SysWow64\ncrypt.dll
2013-09-25 01:03 . 2013-11-13 21:0430720----a-w-c:\windows\system32\lsass.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-12-11 1823656]
"Config"="c:\users\Aidan\AppData\Roaming\tasklaunch.exe" [2010-03-18 32592]
"WindowsNetworkClient"="c:\users\Aidan\AppData\Roaming\AppClient\RascalClient.exe" [2013-07-27 11776]
"Windows Compact Framework"="c:\users\Aidan\AppData\Roaming\AppClient\mm.exe" [2013-11-19 12800]
"Windows Miner Client"="c:\coin\xmine.exe" [2013-11-24 12288]
"p8F6lCgBkp"="c:\users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk" [2013-12-10 874]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
R3 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe;c:\windows\SYSNATIVE\SUPDSvc.exe [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys;c:\windows\SYSNATIVE\DRIVERS\SWDUMon.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys;c:\windows\SYSNATIVE\DRIVERS\nvpciflt.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120828.001\IDSvia64.sys;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120828.001\IDSvia64.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1207020.003\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1207020.003\SYMNETS.SYS [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [x]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe;c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [x]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys;c:\windows\SYSNATIVE\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys;c:\windows\SYSNATIVE\DRIVERS\btmhsf.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys;c:\windows\SYSNATIVE\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191367178-1998265054-3350178268-1001Core1ce8564e19f1ad5.job
- c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 00:51]
.
2013-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4191367178-1998265054-3350178268-1001UA1ce8564e50c3aed.job
- c:\users\Aidan\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-25 00:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-25 11895400]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-24 168216]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-24 418584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]
"Logitech Download Assistant"="c:\windows\System32\LogiLDA.dll" [2012-09-20 1832760]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-19 444904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={E5362D76-D368-11E2-92A6-B80305750534}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Aidan\AppData\Roaming\mozilla\firefox\Profiles\l69zelgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=AU&userid=f00e8de3-0b52-100e-2330-fe2d6c2ccd45&searchtype=ds&installDate=30/09/2013&q=
FF - user.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - file:///c:\users\Aidan\AppData\Local\TNT2\Common\pinnedSearch.htm
FF - user.js: browser.newtab.url -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
BHO-{BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.2.3\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-4191367178-1998265054-3350178268-1001_Classes\CLSID\{EA2D459F-DE55-EF43-8404-4162A591C937}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-12-14 20:46:39
ComboFix-quarantined-files.txt 2013-12-14 12:46
ComboFix2.txt 2013-12-13 15:11
.
Pre-Run: 60,890,644,480 bytes free
Post-Run: 60,840,312,832 bytes free
.
- - End Of File - - 186955FCD4829614969CECCA42ED0332




Any help would be greatly appreciated here

Twin
 
You've been to this forum before so you should know better...

1. Same computer? https://www.techspot.com/community/topics/cannot-install-malwarebytes-pc-acting-up-a-little.186723/

2. Never run Combofix on your own!

3. You should know that you can't be running two AV programs, MSE and Norton in this case.
You must uninstall one of them.
If Norton use this tool: http://www.majorgeeks.com/files/details/norton_removal_tool.html

4. Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

=========================================

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
Hello Broni, you have a good memory (the internet never forgets either)

Sadly this is a different machine and my bad on the ComboFix faux pas.

1 - different machine
2 - *slap!* bad Twinfire
3 - Uninstalled Norton AV with suggested tools (windows firewall msg "norton updater firewall permission" something....which I cancelled.
4 - Ok here we go
.1 - Uninstalled Norton
.2 - Quick MBAM scan
.3 - DDS scan
.4 - Logs are as follows

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.12.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16750
Aidan :: AIDAN-PC [administrator]

15/12/2013 8:17:45 PM
mbam-log-2013-12-15 (20-17-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 240339
Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16750 BrowserJavaVersion: 10.17.2
Run by Aidan at 20:37:37 on 2013-12-15
#Option Extended Search is enabled.
#Option Whitelisting is disabled.
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.4010.2141 [GMT 8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\windows\system32\nvvsvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Tor\tor.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\windows\System32\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe
C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\windows\notepad.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uLocal Page = C:\windows\System32\blank.htm
uSearch Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
mStart Page = hxxp://home.sweetim.com/?ptr=100&crg=3.1010000.10039&barid={E5362D76-D368-11E2-92A6-B80305750534}
mLocal Page = C:\Windows\SysWOW64\blank.htm
mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
uSearchAssistant = hxxp://www.google.com
uURLSearchHooks: Microsoft Url Search Hook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll
mWinlogon: Shell = explorer.exe
mWinlogon: Userinit = C:\windows\System32\userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Samsung BHO Class: {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Config] C:\Users\Aidan\AppData\Roaming\tasklaunch.exe
uRun: [WindowsNetworkClient] C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe
uRun: [Windows Compact Framework] C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe
uRun: [Windows Miner Client] C:\coin\xmine.exe
uRun: [p8F6lCgBkp] C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableInstallerDetection = dword:1
mPolicies-System: EnableLUA = dword:1
mPolicies-System: EnableSecureUIAPaths = dword:1
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: EnableVirtualization = dword:1
mPolicies-System: PromptOnSecureDesktop = dword:1
mPolicies-System: ValidateAdminCodeSignatures = dword:0
mPolicies-System: dontdisplaylastusername = dword:0
mPolicies-System: scforceoption = dword:0
mPolicies-System: shutdownwithoutlogon = dword:1
mPolicies-System: undockwithoutlogon = dword:1
mPolicies-System: FilterAdministratorToken = dword:0
mPolicies-System: DisableRegistryTools = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {328ECD19-C167-40eb-A0C7-16FE7634105E} - {94BB0C4C-B957-479A-85E4-42F53B89F681} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll
LSP: %SystemRoot%\system32\mswsock.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{3C2891BE-6943-418A-9998-750EB3ACBF44} : DHCPNameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{6FBCEC1E-41C9-46E8-8439-2137FB27D055} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{814B41DB-8B5B-4FA2-905D-3E9C5E5D3BB9} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{814B41DB-8B5B-4FA2-905D-3E9C5E5D3BB9}\24967605F6E646149353233473 : DHCPNameServer = 10.0.0.138
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll
Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll
Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll
Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll
Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
AppInit_DLLs= c:\Windows\SysWOW64\nvinit.dll
SSODL: WebCheck - <orphaned>
SecurityProviders: SecurityProviders = credssp.dll
LSA: Authentication Packages = msv1_0
LSA: Notification Packages = scecli
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 winsrv:ConServerDllInitialization,2 sxssrv,4
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\windows\System32\themeui.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
x64-mStart Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
x64-mLocal Page = C:\windows\System32\blank.htm
x64-mSearch Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mDefault_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
x64-mDefault_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
x64-mSearchAssistant = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
x64-mCustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
x64-mWinlogon: Shell = Explorer.exe
x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe,
x64-mWinlogon: SFCDisable = dword:0
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} - <orphaned>
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
x64-Run: [Logitech Download Assistant] C:\windows\System32\rundll32.exe C:\windows\System32\LogiLDA.dll,LogiFetch
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} -
x64-Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\windows\System32\urlmon.dll
x64-Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\windows\System32\MSVidCtl.dll
x64-Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\windows\System32\inetcomm.dll
x64-Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\windows\System32\urlmon.dll
x64-Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - <orphaned>
x64-Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\windows\System32\MSVidCtl.dll
x64-Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\windows\System32\mshtml.dll
x64-Handler: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Name-Space Handler: mk\* - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\windows\System32\itss.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - C:\windows\System32\regsvr32.exe /s /n /I:/UserInstall C:\windows\System32\themeui.dll
x64-mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\System32\cmd.exe /D /C start C:\windows\System32\ie4uinit.exe -ClearIconCache
x64-mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "C:\Program Files (x86)\Windows Mail\WinMail.exe" OCInstallUserConfigOE
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /I:U shell32.dll
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\windows\System32\ie4uinit.exe -UserConfig
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\windows\System32\Rundll32.exe C:\windows\System32\mscories.dll,Install
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\windows\System32\shell32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Aidan\AppData\Roaming\mozilla\firefox\Profiles\l69zelgy.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=QuickObrw&dpid=QuickObrw&co=AU&userid=f00e8de3-0b52-100e-2330-fe2d6c2ccd45&searchtype=ds&installDate=30/09/2013&q=
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\browser\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll
FF - plugin: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Aidan\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2013-06-06 19:55; {972ce4c6-7e08-4474-a285-3208198ce6fd}; C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - ExtSQL: 2013-06-25 11:30; news@news.net; C:\Users\Aidan\AppData\Roaming\Mozilla\Firefox\Profiles\l69zelgy.default\extensions\news@news.net.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: browser.startup.homepage - hxxp://start.search.us.com/v/2/?guid={7B4F761D-914B-4129-80D3-5852CD28A139}&serpv=5
FF - user.js: browser.startup.page - 1
FF - user.js: browser.newtab.url - file:///C:\Users\Aidan\AppData\Local\TNT2\Common\pinnedSearch.htm
FF - user.js: browser.newtab.url -
.
============= SERVICES / DRIVERS ===============
.
R0 ACPI;Microsoft ACPI Driver;C:\windows\System32\drivers\acpi.sys [2010-11-21 334208]
R0 amdxata;amdxata;C:\windows\System32\drivers\amdxata.sys [2011-7-12 27008]
R0 atapi;IDE Channel;C:\windows\System32\drivers\atapi.sys [2009-7-14 24128]
R0 CLFS;Common Log (CLFS);C:\windows\System32\clfs.sys [2009-7-14 367696]
R0 CNG;CNG;C:\windows\System32\drivers\cng.sys [2013-11-14 458712]
R0 Compbatt;Microsoft Composite Battery Driver;C:\windows\System32\drivers\compbatt.sys [2009-7-14 21584]
R0 Disk;Disk Driver;C:\windows\System32\drivers\disk.sys [2009-7-14 73280]
R0 FileInfo;File Information FS MiniFilter;C:\windows\System32\drivers\fileinfo.sys [2009-7-14 70224]
R0 FltMgr;FltMgr;C:\windows\System32\drivers\fltMgr.sys [2010-11-21 289664]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\windows\System32\drivers\fvevol.sys [2013-4-11 223752]
R0 hwpolicy;Hardware Policy Driver;C:\windows\System32\drivers\hwpolicy.sys [2010-11-21 14720]
R0 iaStor;Intel AHCI Controller;C:\windows\System32\drivers\iaStor.sys [2011-7-12 439320]
R0 KSecDD;KSecDD;C:\windows\System32\drivers\ksecdd.sys [2013-11-14 95680]
R0 KSecPkg;KSecPkg;C:\windows\System32\drivers\ksecpkg.sys [2013-11-14 154560]
R0 mountmgr;Mount Point Manager;C:\windows\System32\drivers\mountmgr.sys [2010-11-21 94592]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R0 msahci;msahci;C:\windows\System32\drivers\msahci.sys [2010-11-21 31104]
R0 msisadrv;msisadrv;C:\windows\System32\drivers\msisadrv.sys [2009-7-14 15424]
R0 Mup;Mup;C:\windows\System32\drivers\mup.sys [2009-7-14 60496]
R0 NDIS;NDIS System Driver;C:\windows\System32\drivers\ndis.sys [2012-9-13 950128]
R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2011-7-12 25960]
R0 partmgr;Partition Manager;C:\windows\System32\drivers\partmgr.sys [2012-8-25 75120]
R0 pci;PCI Bus Driver;C:\windows\System32\drivers\pci.sys [2010-11-21 184704]
R0 pcw;Performance Counters for Windows Driver;C:\windows\System32\drivers\pcw.sys [2009-7-14 50768]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-1-24 55856]
R0 rdyboost;ReadyBoost;C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 spldr;Security Processor Loader Driver;C:\windows\System32\drivers\spldr.sys [2009-7-14 19008]
R0 Tcpip;TCP/IP Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\windows\System32\drivers\vdrvroot.sys [2009-7-14 36432]
R0 volmgr;Volume Manager Driver;C:\windows\System32\drivers\volmgr.sys [2010-11-21 71552]
R0 volmgrx;Dynamic Volume Manager;C:\windows\System32\drivers\volmgrx.sys [2010-11-21 363392]
R0 volsnap;Storage volumes;C:\windows\System32\drivers\volsnap.sys [2010-11-21 295808]
R0 Wdf01000;Kernel Mode Driver Frameworks service;C:\windows\System32\drivers\Wdf01000.sys [2013-10-10 785624]
R1 AFD;Ancillary Function Driver for Winsock;C:\windows\System32\drivers\afd.sys [2013-11-14 497152]
R1 Beep;Beep;C:\windows\System32\drivers\beep.sys [2009-7-14 6656]
R1 blbdrive;blbdrive;C:\windows\System32\drivers\blbdrive.sys [2009-7-14 45056]
R1 cdrom;CD-ROM Driver;C:\windows\System32\drivers\cdrom.sys [2010-11-21 147456]
R1 DfsC;DFS Namespace Client Driver;C:\windows\System32\drivers\dfsc.sys [2010-11-21 102400]
R1 discache;System Attribute Cache;C:\windows\System32\drivers\discache.sys [2009-7-14 40448]
R1 Msfs;Msfs;C:\windows\System32\drivers\msfs.sys [2009-7-14 26112]
R1 mssmbios;Microsoft System Management BIOS Driver;C:\windows\System32\drivers\mssmbios.sys [2009-7-14 32320]
R1 NetBIOS;NetBIOS Interface;C:\windows\System32\drivers\netbios.sys [2009-7-14 44544]
R1 NetBT;NetBT;C:\windows\System32\drivers\netbt.sys [2010-11-21 261632]
R1 Npfs;Npfs;C:\windows\System32\drivers\npfs.sys [2009-7-14 44032]
R1 nsiproxy;NSI proxy service driver.;C:\windows\System32\drivers\nsiproxy.sys [2009-7-14 24576]
R1 Null;Null;C:\windows\System32\drivers\null.sys [2009-7-14 6144]
R1 Psched;QoS Packet Scheduler;C:\windows\System32\drivers\pacer.sys [2010-11-21 131584]
R1 rdbss;Redirected Buffering Sub Sysytem;C:\windows\System32\drivers\rdbss.sys [2010-11-21 309248]
R1 RDPCDD;RDPCDD;C:\windows\System32\drivers\RDPCDD.sys [2009-7-14 7680]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\windows\System32\drivers\RDPENCDD.sys [2009-7-14 7680]
 
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\windows\System32\drivers\RDPREFMP.sys [2009-7-14 8192]
R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2011-7-12 13824]
R1 tdx;NetIO Legacy TDI Support Driver;C:\windows\System32\drivers\tdx.sys [2010-11-21 119296]
R1 TermDD;Terminal Device Driver;C:\windows\System32\drivers\termdd.sys [2010-11-21 63360]
R1 VgaSave;VgaSave;C:\windows\System32\drivers\vga.sys [2009-7-14 29184]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\System32\drivers\vwififlt.sys [2011-7-12 60416]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\windows\System32\drivers\wfplwf.sys [2009-7-14 12800]
R1 ws2ifsl;Winsock IFS Driver;C:\windows\System32\drivers\ws2ifsl.sys [2009-7-14 21504]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Apple Mobile Device;Apple Mobile Device;C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-12-21 57008]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 AudioSrv;Windows Audio;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 BFE;Base Filtering Engine;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 BITS;Background Intelligent Transfer Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-3-31 923984]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-3-31 1001808]
R2 CryptSvc;Cryptographic Services;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DcomLaunch;DCOM Server Process Launcher;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Dhcp;DHCP Client;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 Dnscache;DNS Client;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 DPS;Diagnostic Policy Service;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 eventlog;Windows Event Log;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 EventSystem;COM+ Event System;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R2 FontCache;Windows Font Cache Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 gpsvc;Group Policy Client;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2013-6-27 9216]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 iphlpsvc;IP Helper;C:\windows\System32\svchost.exe -k NetSvcs [2009-7-14 27136]
R2 LanmanServer;Server;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 LanmanWorkstation;Workstation;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\windows\System32\drivers\lltdio.sys [2009-7-14 60928]
R2 LMS;Intel(R) Management and Security Application Local Management Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-7-12 326424]
R2 luafv;UAC File Virtualization;C:\windows\System32\drivers\luafv.sys [2009-7-14 113152]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-20 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-20 701512]
R2 MMCSS;Multimedia Class Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 MpsSvc;Windows Firewall;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
R2 MsMpSvc;Microsoft Antimalware Service;C:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-10-23 23808]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2012-3-21 134944]
R2 NlaSvc;Network Location Awareness;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 nsi;Network Store Interface Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R2 NVSvc;NVIDIA Display Driver Service;C:\windows\System32\nvvsvc.exe [2011-3-6 993896]
R2 PcaSvc;Program Compatibility Assistant Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 PEAUTH;PEAUTH;C:\windows\System32\drivers\PEAuth.sys [2009-7-14 651264]
R2 PlugPlay;Plug and Play;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 Power;Power;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-14 27136]
R2 ProfSvc;User Profile Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS);C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2011-7-12 244904]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\windows\System32\svchost.exe -k RPCSS [2009-7-14 27136]
R2 RpcSs;Remote Procedure Call (RPC);C:\windows\System32\svchost.exe -k rpcss [2009-7-14 27136]
R2 rspndr;Link-Layer Topology Discovery Responder;C:\windows\System32\drivers\rspndr.sys [2009-7-14 76800]
R2 SamSs;Security Accounts Manager;C:\windows\System32\lsass.exe [2013-11-14 30720]
R2 Schedule;Task Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 secdrv;Security Driver;C:\windows\System32\drivers\secdrv.sys [2009-7-14 23040]
R2 seclogon;Secondary Logon;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 SENS;System Event Notification Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 ShellHWDetection;Shell Hardware Detection;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Spooler;Print Spooler;C:\windows\System32\spoolsv.exe [2012-8-25 559104]
R2 SSPORT;SSPORT;C:\windows\System32\drivers\SSPORT.sys [2011-7-13 11576]
R2 stisvc;Windows Image Acquisition (WIA);C:\windows\System32\svchost.exe -k imgsvc [2009-7-14 27136]
R2 SysMain;Superfetch;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\windows\System32\drivers\tcpipreg.sys [2012-11-15 45568]
R2 Themes;Themes;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 tor;Tor Win32 Service;C:\Program Files (x86)\Tor\tor.exe [2013-8-30 3233806]
R2 TrkWks;Distributed Link Tracking Client;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-7-12 2656536]
R2 UxSms;Desktop Window Manager Session Manager;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 Winmgmt;Windows Management Instrumentation;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R2 Wlansvc;WLAN AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-9-21 2286976]
R2 WMPNetworkSvc;Windows Media Player Network Sharing Service;C:\Program Files\Windows Media Player\wmpnetwk.exe [2010-11-21 1525248]
R2 wscsvc;Security Center;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R2 WSearch;Windows Search;C:\windows\System32\SearchIndexer.exe [2012-8-25 591872]
R2 wuauserv;Windows Update;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 AeLookupSvc;Application Experience;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 Appinfo;Application Information;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-3-31 1321296]
R3 bowser;Browser Support Driver;C:\windows\System32\drivers\bowser.sys [2012-8-25 90624]
R3 Browser;Computer Browser;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 BthEnum;Bluetooth Request Block Driver;C:\windows\System32\drivers\bthenum.sys [2009-7-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network);C:\windows\System32\drivers\bthpan.sys [2009-7-14 118784]
R3 bthserv;Bluetooth Support Service;C:\windows\System32\svchost.exe -k bthsvcs [2009-7-14 27136]
R3 BTHUSB;Bluetooth Radio USB Driver;C:\windows\System32\drivers\BTHUSB.SYS [2012-8-27 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2011-3-9 51712]
R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2011-3-9 274944]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver;C:\windows\System32\drivers\CmBatt.sys [2009-7-14 17664]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\windows\System32\drivers\CompositeBus.sys [2010-11-21 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\windows\System32\drivers\dxgkrnl.sys [2013-10-10 983488]
R3 EapHost;Extensible Authentication Protocol;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 fdPHost;Function Discovery Provider Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 GEARAspiWDM;GEAR ASPI Filter Driver;C:\windows\System32\drivers\GEARAspiWDM.sys [2013-4-30 33240]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio;C:\windows\System32\drivers\hdaudbus.sys [2010-11-21 122368]
R3 HomeGroupListener;HomeGroup Listener;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 HomeGroupProvider;HomeGroup Provider;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
R3 HTTP;HTTP;C:\windows\System32\drivers\http.sys [2010-11-21 753664]
R3 i8042prt;i8042 Keyboard and PS/2 Mouse Port Driver;C:\windows\System32\drivers\i8042prt.sys [2009-7-14 105472]
R3 iBtFltCoex;iBtFltCoex;C:\windows\System32\drivers\iBtFltCoex.sys [2011-3-23 59904]
R3 igfx;igfx;C:\windows\System32\drivers\igdkmd64.sys [2011-7-13 12256512]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM);C:\windows\System32\drivers\RTKVHD64.sys [2011-7-12 2905320]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-7-13 317440]
R3 intelppm;Intel Processor Driver;C:\windows\System32\drivers\intelppm.sys [2009-7-14 62464]
R3 iPod Service;iPod Service;C:\Program Files\iPod\bin\iPodService.exe [2013-2-20 641352]
R3 kbdclass;Keyboard Class Driver;C:\windows\System32\drivers\kbdclass.sys [2009-7-14 50768]
R3 KeyIso;CNG Key Isolation;C:\windows\System32\lsass.exe [2013-11-14 30720]
R3 ksthunk;Kernel Streaming Thunks;C:\windows\System32\drivers\ksthunk.sys [2009-7-14 20992]
R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-12-20 25928]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-7-13 56344]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\windows\System32\drivers\monitor.sys [2009-7-14 30208]
R3 mouclass;Mouse Class Driver;C:\windows\System32\drivers\mouclass.sys [2009-7-14 49216]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\windows\System32\drivers\mpsdrv.sys [2009-7-14 77312]
R3 mrxsmb;SMB MiniRedirector Wrapper and Engine;C:\windows\System32\drivers\mrxsmb.sys [2011-7-12 158208]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\windows\System32\drivers\mrxsmb10.sys [2012-8-25 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\windows\System32\drivers\mrxsmb20.sys [2011-7-12 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\windows\System32\drivers\nwifi.sys [2009-7-14 318976]
R3 NdisTapi;Remote Access NDIS TAPI Driver;C:\windows\System32\drivers\ndistapi.sys [2009-7-14 24064]
R3 Ndisuio;NDIS Usermode I/O Protocol;C:\windows\System32\drivers\ndisuio.sys [2010-11-21 56832]
R3 NdisWan;Remote Access NDIS WAN Driver;C:\windows\System32\drivers\ndiswan.sys [2010-11-21 164352]
R3 NDProxy;NDIS Proxy;C:\windows\System32\drivers\ndproxy.sys [2010-11-21 57856]
R3 Netman;Network Connections;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 netprofm;Network List Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\System32\drivers\NETwNs64.sys [2011-5-1 8593920]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 Ntfs;Ntfs;C:\windows\System32\drivers\ntfs.sys [2013-4-24 1656680]
R3 nvlddmkm;nvlddmkm;C:\windows\System32\drivers\nvlddmkm.sys [2011-7-12 13052008]
R3 p2pimsvc;Peer Networking Identity Manager;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 p2psvc;Peer Networking Grouping;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 PNRPsvc;Peer Name Resolution Protocol;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
R3 PolicyAgent;IPsec Policy Agent;C:\windows\System32\svchost.exe -k NetworkServiceNetworkRestricted [2009-7-14 27136]
R3 PptpMiniport;WAN Miniport (PPTP);C:\windows\System32\drivers\raspptp.sys [2010-11-21 111104]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\windows\System32\drivers\agilevpn.sys [2009-7-14 60416]
R3 Rasl2tp;WAN Miniport (L2TP);C:\windows\System32\drivers\rasl2tp.sys [2010-11-21 129536]
R3 RasMan;Remote Access Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
R3 RasPppoe;Remote Access PPPOE Driver;C:\windows\System32\drivers\raspppoe.sys [2009-7-14 92672]
R3 RasSstp;WAN Miniport (SSTP);C:\windows\System32\drivers\rassstp.sys [2009-7-14 83968]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI);C:\windows\System32\drivers\rfcomm.sys [2009-7-14 158720]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-7-12 471144]
R3 srv;Server SMB 1.xxx Driver;C:\windows\System32\drivers\srv.sys [2011-7-12 467456]
R3 srv2;Server SMB 2.xxx Driver;C:\windows\System32\drivers\srv2.sys [2011-7-12 410112]
R3 srvnet;srvnet;C:\windows\System32\drivers\srvnet.sys [2011-7-12 168448]
R3 SSDPSRV;SSDP Discovery;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 SstpSvc;Secure Socket Tunneling Protocol Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 StillCam;Still Serial Digital Camera Driver;C:\windows\System32\drivers\serscan.sys [2009-7-14 12288]
R3 swenum;Software Bus Driver;C:\windows\System32\drivers\swenum.sys [2009-7-14 12496]
R3 SynTP;Synaptics TouchPad Driver;C:\windows\System32\drivers\SynTP.sys [2011-7-13 1424944]
R3 tap0901;TAP-Win32 Adapter V9;C:\windows\System32\drivers\tap0901.sys [2012-11-22 31232]
R3 TapiSrv;Telephony;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\windows\System32\drivers\tunnel.sys [2010-11-21 125440]
R3 umbus;UMBus Enumerator Driver;C:\windows\System32\drivers\umbus.sys [2010-11-21 48640]
R3 upnphost;UPnP Device Host;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
R3 usbccgp;Microsoft USB Generic Parent Driver;C:\windows\System32\drivers\usbccgp.sys [2013-11-16 99840]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver;C:\windows\System32\drivers\usbehci.sys [2013-11-16 52736]
R3 usbhub;Microsoft USB Standard Hub Driver;C:\windows\System32\drivers\usbhub.sys [2013-11-16 343040]
R3 usbvideo;USB Video Device (WDM);C:\windows\System32\drivers\usbvideo.sys [2013-10-10 185344]
R3 vwifibus;Virtual WiFi Bus Driver;C:\windows\System32\drivers\vwifibus.sys [2009-7-14 24576]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\System32\drivers\vwifimp.sys [2011-7-12 18432]
R3 WdiServiceHost;Diagnostic Service Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
R3 WdiSystemHost;Diagnostic System Host;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
R3 WinHttpAutoProxySvc;WinHTTP Web Proxy Auto-Discovery Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 lmhosts;TCP/IP NetBIOS Helper;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-7-21 1258856]
S2 SharedAccess;Internet Connection Sharing (ICS);C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-3-1 161384]
S2 sppsvc;Software Protection;C:\windows\System32\sppsvc.exe [2010-11-21 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\windows\System32\drivers\1394ohci.sys [2010-11-21 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\windows\System32\drivers\acpipmi.sys [2010-11-21 12800]
S3 adp94xx;adp94xx;C:\windows\System32\drivers\adp94xx.sys [2009-6-11 491088]
S3 adpahci;adpahci;C:\windows\System32\drivers\adpahci.sys [2009-7-14 339536]
S3 adpu320;adpu320;C:\windows\System32\drivers\adpu320.sys [2009-7-14 182864]
S3 agp440;Intel AGP Bus Filter;C:\windows\System32\drivers\AGP440.sys [2009-7-14 61008]
S3 ALG;Application Layer Gateway Service;C:\windows\System32\alg.exe [2009-7-14 79360]
S3 aliide;aliide;C:\windows\System32\drivers\aliide.sys [2009-7-14 15440]
S3 amdide;amdide;C:\windows\System32\drivers\amdide.sys [2009-7-14 15440]
S3 AmdK8;AMD K8 Processor Driver;C:\windows\System32\drivers\amdk8.sys [2009-7-14 64512]
S3 AmdPPM;AMD Processor Driver;C:\windows\System32\drivers\amdppm.sys [2009-7-14 60928]
S3 amdsata;amdsata;C:\windows\System32\drivers\amdsata.sys [2011-7-12 107904]
S3 amdsbs;amdsbs;C:\windows\System32\drivers\amdsbs.sys [2009-6-11 194128]
S3 AppID;AppID Driver;C:\windows\System32\drivers\appid.sys [2010-11-21 61440]
S3 AppIDSvc;Application Identity;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 arc;arc;C:\windows\System32\drivers\arc.sys [2009-7-14 87632]
S3 arcsas;arcsas;C:\windows\System32\drivers\arcsas.sys [2009-7-14 97856]
S3 aspnet_state;ASP.NET State Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-3-18 44376]
S3 AsyncMac;RAS Asynchronous Media Driver;C:\windows\System32\drivers\asyncmac.sys [2009-7-14 23040]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\windows\System32\svchost.exe -k AxInstSVGroup [2009-7-14 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\windows\System32\drivers\bxvbda.sys [2009-6-11 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\b57nd60a.sys [2009-6-11 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-4-11 49152]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\windows\System32\drivers\BrFiltLo.sys [2009-7-14 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\windows\System32\drivers\BrFiltUp.sys [2009-7-14 8704]
S3 BridgeMP;MAC Bridge Miniport;C:\windows\System32\drivers\bridge.sys [2009-7-14 95232]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\windows\System32\drivers\BrSerId.sys [2009-7-14 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\windows\System32\drivers\BrSerWdm.sys [2009-7-14 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\windows\System32\drivers\BrUsbMdm.sys [2009-7-14 14976]
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\windows\System32\drivers\BrUsbSer.sys [2009-7-14 14720]
S3 BTHMODEM;Bluetooth Serial Communications Driver;C:\windows\System32\drivers\bthmodem.sys [2009-7-14 72192]
S3 BTHPORT;Bluetooth Port Driver;C:\windows\System32\drivers\bthport.sys [2012-8-28 552960]
S3 CertPropSvc;Certificate Propagation;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 circlass;Consumer IR Devices;C:\windows\System32\drivers\circlass.sys [2009-7-14 45568]
S3 cmdide;cmdide;C:\windows\System32\drivers\cmdide.sys [2009-7-14 17488]
S3 COMSysApp;COM+ System Application;C:\windows\System32\dllhost.exe [2009-7-14 9728]
S3 defragsvc;Disk Defragmenter;C:\windows\System32\svchost.exe -k defragsvc [2009-7-14 27136]
S3 dot3svc;Wired AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 drmkaud;Microsoft Trusted Audio Drivers;C:\windows\System32\drivers\drmkaud.sys [2009-7-14 5632]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\windows\System32\drivers\evbda.sys [2009-6-11 3286016]
S3 EFS;Encrypting File System (EFS);C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 ehRecvr;Windows Media Center Receiver Service;C:\Windows\ehome\ehrecvr.exe [2010-11-21 696832]
S3 ehSched;Windows Media Center Scheduler Service;C:\Windows\ehome\ehsched.exe [2009-7-14 127488]
S3 elxstor;elxstor;C:\windows\System32\drivers\elxstor.sys [2009-6-11 530496]
S3 ErrDev;Microsoft Hardware Error Device Driver;C:\windows\System32\drivers\errdev.sys [2009-7-14 9728]
S3 exfat;exFAT File System Driver;C:\windows\System32\drivers\exfat.sys [2009-7-14 195072]
S3 fastfat;FAT12/16/32 File System Driver;C:\windows\System32\drivers\fastfat.sys [2009-7-14 204800]
S3 Fax;Fax;C:\windows\System32\FXSSVC.exe [2010-11-21 689152]
S3 fdc;Floppy Disk Controller Driver;C:\windows\System32\drivers\fdc.sys [2009-7-14 29696]
S3 Filetrace;Filetrace;C:\windows\System32\drivers\filetrace.sys [2009-7-14 34304]
S3 flpydisk;Floppy Disk Driver;C:\windows\System32\drivers\flpydisk.sys [2009-7-14 24576]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0;C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe [2010-11-21 42856]
S3 FsDepends;File System Dependency Minifilter;C:\windows\System32\drivers\fsdepends.sys [2009-7-14 55376]
S3 gagp30kx;Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms;C:\windows\System32\drivers\GAGP30KX.SYS [2009-7-14 65088]
S3 GameConsoleService;GameConsoleService;C:\Program Files (x86)\WildGames\Game Console - WildGames\GameConsoleService.exe [2010-6-4 246520]
S3 hamachi;Hamachi Network Interface;C:\windows\System32\drivers\hamachi.sys [2009-3-19 33856]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\windows\System32\drivers\hcw85cir.sys [2009-7-14 31232]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service;C:\windows\System32\drivers\HdAudio.sys [2010-11-21 350208]
S3 HidBatt;HID UPS Battery Driver;C:\windows\System32\drivers\hidbatt.sys [2009-7-14 26624]
S3 HidBth;Microsoft Bluetooth HID Miniport;C:\windows\System32\drivers\hidbth.sys [2009-7-14 100864]
S3 HidIr;Microsoft Infrared HID Driver;C:\windows\System32\drivers\hidir.sys [2009-7-14 46592]
S3 hidserv;Human Interface Device Access;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 HidUsb;Microsoft HID Class Driver;C:\windows\System32\drivers\hidusb.sys [2010-11-21 30208]
S3 hkmsvc;Health Key and Certificate Management;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 HpSAMD;HpSAMD;C:\windows\System32\drivers\HpSAMD.sys [2010-11-21 78720]
S3 iaStorV;Intel RAID Controller Windows 7;C:\windows\System32\drivers\iaStorV.sys [2011-7-12 410496]
S3 idsvc;Windows CardSpace;C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2010-11-21 856400]
S3 iirsp;iirsp;C:\windows\System32\drivers\iirsp.sys [2009-7-14 44112]
S3 intelide;intelide;C:\windows\System32\drivers\intelide.sys [2009-7-14 16960]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 IpFilterDriver;IP Traffic Filter Driver;C:\windows\System32\drivers\ipfltdrv.sys [2010-11-21 82944]
S3 IPMIDRV;IPMIDRV;C:\windows\System32\drivers\IPMIDrv.sys [2010-11-21 78848]
S3 IPNAT;IP Network Address Translator;C:\windows\System32\drivers\ipnat.sys [2009-7-14 116224]
S3 IRENUM;IR Bus Enumerator;C:\windows\System32\drivers\irenum.sys [2009-7-14 17920]
S3 isapnp;isapnp;C:\windows\System32\drivers\isapnp.sys [2009-7-14 20544]
S3 iScsiPrt;iScsiPort Driver;C:\windows\System32\drivers\msiscsi.sys [2010-11-21 273792]
S3 kbdhid;Keyboard HID Driver;C:\windows\System32\drivers\kbdhid.sys [2010-11-21 33280]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-14 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 LSI_FC;LSI_FC;C:\windows\System32\drivers\lsi_fc.sys [2009-7-14 114752]
S3 LSI_SAS;LSI_SAS;C:\windows\System32\drivers\lsi_sas.sys [2009-7-14 106560]
S3 LSI_SAS2;LSI_SAS2;C:\windows\System32\drivers\lsi_sas2.sys [2009-7-14 65600]
S3 LSI_SCSI;LSI_SCSI;C:\windows\System32\drivers\lsi_scsi.sys [2009-7-14 115776]
S3 megasas;megasas;C:\windows\System32\drivers\megasas.sys [2009-6-11 35392]
S3 MegaSR;MegaSR;C:\windows\System32\drivers\MegaSR.sys [2009-7-14 284736]
S3 Modem;Modem;C:\windows\System32\drivers\modem.sys [2009-7-14 40448]
S3 mouhid;Mouse HID Driver;C:\windows\System32\drivers\mouhid.sys [2009-7-14 31232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-6-6 119408]
S3 mpio;mpio;C:\windows\System32\drivers\mpio.sys [2010-11-21 155008]
S3 MRxDAV;WebDav Client Redirector Driver;C:\windows\System32\drivers\mrxdav.sys [2013-10-10 140800]
S3 msdsm;msdsm;C:\windows\System32\drivers\msdsm.sys [2010-11-21 140672]
S3 MSDTC;Distributed Transaction Coordinator;C:\windows\System32\msdtc.exe [2009-7-14 141824]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\windows\System32\drivers\mshidkmdf.sys [2009-7-14 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 msiserver;Windows Installer;C:\windows\System32\msiexec.exe [2010-11-21 128000]
S3 MSKSSRV;Microsoft Streaming Service Proxy;C:\windows\System32\drivers\mskssrv.sys [2009-7-14 11136]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy;C:\windows\System32\drivers\mspclock.sys [2009-7-14 7168]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy;C:\windows\System32\drivers\mspqm.sys [2009-7-14 6784]
S3 MsRPC;MsRPC;C:\windows\System32\drivers\msrpc.sys [2010-11-21 366976]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter;C:\windows\System32\drivers\mstee.sys [2009-7-14 8064]
S3 MTConfig;Microsoft Input Configuration Driver;C:\windows\System32\drivers\MTConfig.sys [2009-7-14 15360]
S3 napagent;Network Access Protection Agent;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Netlogon;Netlogon;C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvraid;nvraid;C:\windows\System32\drivers\nvraid.sys [2011-7-12 148352]
S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2011-7-12 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 Parport;Parallel port driver;C:\windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pciide;pciide;C:\windows\System32\drivers\pciide.sys [2009-7-14 12352]
S3 pcmcia;pcmcia;C:\windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Processor;Processor Driver;C:\windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 QWAVEdrv;QWAVE driver;C:\windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
 
S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-14 35328]
S3 Netlogon;Netlogon;C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-14 51264]
S3 nv_agp;NVIDIA nForce AGP Bus Filter;C:\windows\System32\drivers\NV_AGP.SYS [2009-7-14 122960]
S3 nvraid;nvraid;C:\windows\System32\drivers\nvraid.sys [2011-7-12 148352]
S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2011-7-12 166272]
S3 ohci1394;1394 OHCI Compliant Host Controller (Legacy);C:\windows\System32\drivers\ohci1394.sys [2009-7-14 72832]
S3 Parport;Parallel port driver;C:\windows\System32\drivers\parport.sys [2009-7-14 97280]
S3 pciide;pciide;C:\windows\System32\drivers\pciide.sys [2009-7-14 12352]
S3 pcmcia;pcmcia;C:\windows\System32\drivers\pcmcia.sys [2009-7-14 220752]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-14 20992]
S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-14 27136]
S3 Processor;Processor Driver;C:\windows\System32\drivers\processr.sys [2009-7-14 60416]
S3 ProtectedStorage;Protected Storage;C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-11 1524816]
S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-14 128592]
S3 QWAVE;Quality Windows Audio Video Experience;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 QWAVEdrv;QWAVE driver;C:\windows\System32\drivers\qwavedrv.sys [2009-7-14 46592]
S3 RasAcd;Remote Access Auto Connection Driver;C:\windows\System32\drivers\rasacd.sys [2009-7-14 14848]
S3 RasAuto;Remote Access Auto Connection Manager;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\windows\System32\drivers\rdpbus.sys [2009-7-14 24064]
S3 RDPWD;RDP Winstation Driver;C:\windows\System32\drivers\rdpwd.sys [2012-8-25 210944]
S3 RemoteRegistry;Remote Registry;C:\windows\System32\svchost.exe -k regsvc [2009-7-14 27136]
S3 RpcLocator;Remote Procedure Call (RPC) Locator;C:\windows\System32\Locator.exe [2009-7-14 10240]
S3 rtport;rtport;C:\Windows\SysWOW64\drivers\rtport.sys [2012-4-13 15144]
S3 Samsung UPD Service;Samsung UPD Service;C:\windows\System32\SUPDSvc.exe [2011-7-13 166704]
S3 sbp2port;sbp2port;C:\windows\System32\drivers\sbp2port.sys [2010-11-21 103808]
S3 SCardSvr;Smart Card;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 scfilter;Smart card PnP Class Filter Driver;C:\windows\System32\drivers\scfilter.sys [2010-11-21 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 SDRSVC;Windows Backup;C:\windows\System32\svchost.exe -k SDRSVC [2009-7-14 27136]
S3 SensrSvc;Adaptive Brightness;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 Serenum;Serenum Filter Driver;C:\windows\System32\drivers\serenum.sys [2009-7-14 23552]
S3 Serial;Serial;C:\windows\System32\drivers\serial.sys [2009-7-14 94208]
S3 sermouse;Serial Mouse Driver;C:\windows\System32\drivers\sermouse.sys [2009-7-14 26624]
S3 SessionEnv;Remote Desktop Configuration;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 sffdisk;SFF Storage Class Driver;C:\windows\System32\drivers\sffdisk.sys [2009-7-14 14336]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\windows\System32\drivers\sffp_mmc.sys [2009-7-14 13824]
S3 sffp_sd;SFF Storage Protocol Driver for SDBus;C:\windows\System32\drivers\sffp_sd.sys [2010-11-21 14336]
S3 sfloppy;High-Capacity Floppy Disk Drive;C:\windows\System32\drivers\sfloppy.sys [2009-7-14 16896]
S3 SiSRaid2;SiSRaid2;C:\windows\System32\drivers\sisraid2.sys [2009-6-11 43584]
S3 SiSRaid4;SiSRaid4;C:\windows\System32\drivers\sisraid4.sys [2009-7-14 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\windows\System32\drivers\smb.sys [2009-7-14 93184]
S3 SNMPTRAP;SNMP Trap;C:\windows\System32\snmptrap.exe [2009-7-14 14336]
S3 sppuinotify;SPP Notification Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 Steam Client Service;Steam Client Service;C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-8-25 569768]
S3 stexstor;stexstor;C:\windows\System32\drivers\stexstor.sys [2009-7-14 24656]
S3 SWDUMon;SWDUMon;C:\windows\System32\drivers\SWDUMon.sys [2013-7-21 16152]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 swprv;Microsoft Software Shadow Copy Provider;C:\windows\System32\svchost.exe -k swprv [2009-7-14 27136]
S3 TabletInputService;Tablet PC Input Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TBS;TPM Base Services;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 TCPIP6;Microsoft IPv6 Protocol Driver;C:\windows\System32\drivers\tcpip.sys [2013-10-10 1903552]
S3 TDPIPE;TDPIPE;C:\windows\System32\drivers\tdpipe.sys [2009-7-14 15872]
S3 TDTCP;TDTCP;C:\windows\System32\drivers\tdtcp.sys [2012-8-25 23552]
S3 TermService;Remote Desktop Services;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 THREADORDER;Thread Ordering Server;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-21 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\windows\System32\drivers\tssecsrv.sys [2013-8-15 39936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 uagp35;Microsoft AGPv3.5 Filter;C:\windows\System32\drivers\UAGP35.SYS [2009-7-14 64080]
S3 UI0Detect;Interactive Services Detection;C:\windows\System32\UI0Detect.exe [2009-7-14 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\windows\System32\drivers\ULIAGPKX.SYS [2009-7-14 64592]
S3 UmPass;Microsoft UMPass Driver;C:\windows\System32\drivers\umpass.sys [2009-7-14 9728]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\windows\System32\drivers\usbcir.sys [2013-10-10 100864]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver;C:\windows\System32\drivers\usbohci.sys [2013-11-16 25600]
S3 usbprint;Microsoft USB PRINTER Class;C:\windows\System32\drivers\usbprint.sys [2009-7-14 25088]
S3 USBSTOR;USB Mass Storage Driver;C:\windows\System32\drivers\USBSTOR.SYS [2011-7-12 91648]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver;C:\windows\System32\drivers\usbuhci.sys [2013-11-16 30720]
S3 VaultSvc;Credential Manager;C:\windows\System32\lsass.exe [2013-11-14 30720]
S3 vds;Virtual Disk;C:\windows\System32\vds.exe [2010-11-21 533504]
S3 vga;vga;C:\windows\System32\drivers\vgapnp.sys [2009-7-14 29184]
S3 vhdmp;vhdmp;C:\windows\System32\drivers\vhdmp.sys [2010-11-21 215936]
S3 viaide;viaide;C:\windows\System32\drivers\viaide.sys [2009-7-14 17488]
S3 vsmraid;vsmraid;C:\windows\System32\drivers\vsmraid.sys [2009-6-11 161872]
S3 VSS;Volume Shadow Copy;C:\windows\System32\VSSVC.exe [2010-11-21 1600512]
S3 W32Time;Windows Time;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\windows\System32\drivers\wacompen.sys [2009-7-14 27776]
S3 WANARP;Remote Access IP ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-21 88576]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-26 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\windows\System32\wbengine.exe [2010-11-21 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\windows\System32\svchost.exe -k WbioSvcGroup [2009-7-14 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S3 WcsPlugInService;Windows Color System;C:\windows\System32\svchost.exe -k wcssvc [2009-7-14 27136]
S3 Wd;Wd;C:\windows\System32\drivers\wd.sys [2009-7-14 21056]
S3 WebClient;WebClient;C:\windows\System32\svchost.exe -k LocalService [2009-7-14 27136]
S3 Wecsvc;Windows Event Collector;C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S3 WerSvc;Windows Error Reporting Service;C:\windows\System32\svchost.exe -k WerSvcGroup [2009-7-14 27136]
S3 WIMMount;WIMMount;C:\windows\System32\drivers\wimmount.sys [2009-7-14 22096]
S3 WinDefend;Windows Defender;C:\windows\System32\svchost.exe -k secsvcs [2009-7-14 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\windows\System32\svchost.exe -k NetworkService [2009-7-14 27136]
S3 WinUsb;WinUsb;C:\windows\System32\drivers\winusb.sys [2010-11-21 41984]
S3 WmiAcpi;Microsoft Windows Management Interface for ACPI;C:\windows\System32\drivers\wmiacpi.sys [2009-7-14 14336]
S3 wmiApSrv;WMI Performance Adapter;C:\windows\System32\wbem\WmiApSrv.exe [2009-7-14 203264]
S3 WPCSvc;Parental Controls;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-14 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WudfPf;User Mode Driver Frameworks Platform Driver;C:\windows\System32\drivers\WUDFPf.sys [2012-11-15 87040]
S3 wudfsvc;Windows Driver Foundation - User-mode Driver Framework;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 WwanSvc;WWAN AutoConfig;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-14 27136]
S4 cdfs;CD/DVD File System Reader;C:\windows\System32\drivers\cdfs.sys [2009-7-14 92160]
S4 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86;C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-7-14 66384]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-14 89920]
S4 crcdisk;Crcdisk Filter Driver;C:\windows\System32\drivers\crcdisk.sys [2009-7-14 24144]
S4 Mcx2Svc;Media Center Extender Service;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-14 27136]
S4 NetMsmqActivator;Net.Msmq Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetPipeActivator;Net.Pipe Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpActivator;Net.Tcp Listener Adapter;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-3-18 124240]
S4 RemoteAccess;Routing and Remote Access;C:\windows\System32\svchost.exe -k netsvcs [2009-7-14 27136]
S4 udfs;udfs;C:\windows\System32\drivers\udfs.sys [2010-11-21 328192]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
FileExt: .bat: batfile="%1" %*
FileExt: .cmd: cmdfile="%1" %*
FileExt: .com: ComFile="%1" %*
FileExt: .exe: exefile="%1" %*
FileExt: .pif: piffile="%1" %*
FileExt: .scr: scrfile="%1" /S
FileExt: .reg: regfile=regedit.exe "%1"
FileExt: .txt: txtfile=C:\windows\System32\NOTEPAD.EXE %1
FileExt: .chm: chm.file="C:\windows\hh.exe" %1
FileExt: .ini: inifile=C:\windows\System32\NOTEPAD.EXE %1
FileExt: .inf: inffile=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: AcroRD32.exe: Read="C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe" "%1"
ShellExec: ehshell.exe: open="C:\Windows\eHome\ehshell.exe" "%1"
ShellExec: iexplore.exe: open="C:\Program Files\Internet Explorer\iexplore.exe" %1
ShellExec: iTunes.exe: open="C:\Program Files (x86)\iTunes\iTunes.exe" /open "%L"
ShellExec: iTunes.exe: play="C:\Program Files (x86)\iTunes\iTunes.exe" /play "%L"
ShellExec: MovieMaker.exe: Open="C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe" "%1"
ShellExec: mspaint.exe: edit="C:\windows\System32\mspaint.exe" "%1"
ShellExec: notepad.exe: edit=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: notepad.exe: open=C:\windows\System32\NOTEPAD.EXE %1
ShellExec: Photoshop.exe: edit="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: Photoshop.exe: open="C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe" "%1"
ShellExec: PhotoshopElementsEditor.exe: edit="C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe" "%1"
ShellExec: PhotoshopElementsEditor.exe: Open="C:\Program Files (x86)\Adobe\Photoshop Elements 9\PhotoshopElementsEditor.exe" "%1"
ShellExec: photoviewer.dll: open=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: photoviewer.dll: print=C:\windows\System32\rundll32.exe "C:\Program Files (x86)\Windows Photo Viewer\PhotoViewer.dll", ImageView_Fullscreen %1
ShellExec: Skype.exe: open="C:\Program Files (x86)\Skype\Phone\Skype.exe" "%1"
ShellExec: SnagItEditor.exe: open="C:\Program Files (x86)\TechSmith\Snagit 11\SnagItEditor.exe" "%1"
ShellExec: WLXPhotoViewer.dll: open="C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe" /LaunchPhotoViewer /v "%1"
ShellExec: wmplayer.exe: open="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "%L"
ShellExec: wmplayer.exe: play="C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play "%L"
ShellExec: wordpad.exe: open="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1"
.
=============== Created Last 60 ================
.
2013-12-15 12:00:27 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4244C59F-48E3-403D-AFD3-1BE1B3D7AEA6}\offreg.dll
2013-12-15 11:53:01 10285968 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4244C59F-48E3-403D-AFD3-1BE1B3D7AEA6}\mpengine.dll
2013-12-15 03:06:23 -------- d-----w- C:\Users\Aidan\AppData\Local\PMB Files
2013-12-15 03:06:21 -------- d-----w- C:\ProgramData\PMB Files
2013-12-14 13:04:22 -------- d-----w- C:\Program Files (x86)\SpeedFan
2013-12-14 12:47:57 10285968 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-14 12:46:44 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-14 12:46:41 -------- d-----w- C:\windows\temp
2013-12-14 06:49:52 -------- d-sh--w- C:\AI_RecycleBin
2013-12-13 14:40:11 98816 ----a-w- C:\windows\sed.exe
2013-12-13 14:40:11 80412 ----a-w- C:\windows\grep.exe
2013-12-13 14:40:11 68096 ----a-w- C:\windows\zip.exe
2013-12-13 14:40:11 60416 ----a-w- C:\windows\NIRCMD.exe
2013-12-13 14:40:11 518144 ----a-w- C:\windows\SWREG.exe
2013-12-13 14:40:11 406528 ----a-w- C:\windows\SWSC.exe
2013-12-13 14:40:11 256000 ----a-w- C:\windows\PEV.exe
2013-12-13 14:40:11 208896 ----a-w- C:\windows\MBR.exe
2013-12-13 14:35:51 -------- d---a-w- C:\Qoobox
2013-12-13 14:35:33 -------- d-----w- C:\windows\erdnt
2013-12-12 07:40:10 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-12-12 07:40:09 391168 ----a-w- C:\windows\SysWow64\ieui.dll
2013-12-12 07:40:09 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-12-12 07:40:07 526336 ----a-w- C:\windows\System32\ieui.dll
2013-12-12 07:40:07 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-12-12 07:40:06 365568 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-12-12 07:40:06 245248 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-12-12 07:40:06 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-12-12 07:40:05 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-12-12 07:40:05 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-12-12 07:40:04 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-12-12 07:40:04 39936 ----a-w- C:\windows\System32\iernonce.dll
2013-12-12 07:40:04 33280 ----a-w- C:\windows\SysWow64\iernonce.dll
2013-12-12 07:40:03 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-12 07:40:03 51712 ----a-w- C:\windows\System32\ie4uinit.exe
2013-12-12 07:40:03 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-12-12 07:40:02 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-12-12 07:40:02 484352 ----a-w- C:\Program Files\Internet Explorer\ieinstal.exe
2013-12-12 07:40:02 469504 ----a-w- C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-12-12 07:40:02 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-12-12 07:40:01 2049024 ----a-w- C:\windows\SysWow64\iertutil.dll
2013-12-12 07:39:59 2648576 ----a-w- C:\windows\System32\iertutil.dll
2013-12-12 07:39:57 770736 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-12-12 07:39:57 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-12-12 07:39:56 775344 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-12-12 07:39:56 603136 ----a-w- C:\windows\System32\msfeeds.dll
2013-12-12 07:39:56 493056 ----a-w- C:\windows\SysWow64\msfeeds.dll
2013-12-12 07:39:55 855552 ----a-w- C:\windows\System32\jscript.dll
2013-12-12 07:39:54 690688 ----a-w- C:\windows\SysWow64\jscript.dll
2013-12-12 07:39:52 3959808 ----a-w- C:\windows\System32\jscript9.dll
2013-12-12 07:39:48 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-12-12 07:39:47 148992 ----a-w- C:\Program Files\Internet Explorer\jsdebuggeride.dll
2013-12-12 07:39:46 1140736 ----a-w- C:\windows\SysWow64\urlmon.dll
2013-12-12 07:39:44 1365504 ----a-w- C:\windows\System32\urlmon.dll
2013-12-12 07:39:43 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-12 07:39:43 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2013-12-12 07:39:41 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-12-12 07:39:40 53248 ----a-w- C:\windows\System32\jsproxy.dll
2013-12-12 07:39:39 39424 ----a-w- C:\windows\SysWow64\jsproxy.dll
2013-12-12 07:39:38 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-12-12 07:39:36 2241536 ----a-w- C:\windows\System32\wininet.dll
2013-12-12 07:39:35 13761536 ----a-w- C:\windows\SysWow64\ieframe.dll
2013-12-12 07:39:12 15404032 ----a-w- C:\windows\System32\ieframe.dll
2013-12-12 07:39:06 14356992 ----a-w- C:\windows\SysWow64\mshtml.dll
2013-12-12 07:38:54 19271168 ----a-w- C:\windows\System32\mshtml.dll
2013-12-11 08:25:54 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-12-11 08:25:53 81408 ----a-w- C:\windows\System32\imagehlp.dll
2013-12-11 08:25:52 159232 ----a-w- C:\windows\SysWow64\imagehlp.dll
2013-12-11 08:25:49 2048 ----a-w- C:\windows\System32\tzres.dll
2013-12-11 08:25:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2013-12-11 08:25:42 230400 ----a-w- C:\windows\System32\drivers\portcls.sys
2013-12-11 08:25:42 116736 ----a-w- C:\windows\System32\drivers\drmk.sys
2013-12-11 08:25:40 202752 ----a-w- C:\windows\System32\scrrun.dll
2013-12-11 08:25:40 168960 ----a-w- C:\windows\System32\wscript.exe
2013-12-11 08:25:40 156160 ----a-w- C:\windows\System32\cscript.exe
2013-12-11 08:25:40 150016 ----a-w- C:\windows\System32\wshom.ocx
2013-12-11 08:25:40 141824 ----a-w- C:\windows\SysWow64\wscript.exe
2013-12-11 08:25:40 121856 ----a-w- C:\windows\SysWow64\wshom.ocx
2013-12-11 08:25:39 163840 ----a-w- C:\windows\SysWow64\scrrun.dll
2013-12-11 08:25:39 126976 ----a-w- C:\windows\SysWow64\cscript.exe
2013-12-10 10:59:34 -------- d-----w- C:\Program Files (x86)\Daring Development
2013-12-10 10:52:30 -------- d-----w- C:\Users\Aidan\AppData\Roaming\F8fbpsK9
2013-12-10 10:37:21 -------- d-----w- C:\Program Files (x86)\Optimizer Pro
2013-12-06 14:40:38 20080 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2013-12-06 14:40:37 75376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-12-06 14:40:37 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-12-06 14:40:37 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2013-12-06 14:40:34 117360 ----a-w- C:\Program Files (x86)\Mozilla Firefox\crashreporter.exe
2013-12-06 14:40:33 64112 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2013-12-06 14:40:33 3459696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2013-12-06 14:40:33 302192 ----a-w- C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
2013-12-06 14:40:33 275568 ----a-w- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2013-12-06 14:40:32 549488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2013-12-06 14:40:32 119408 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-12-06 05:57:06 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1718B1E1-3B97-413C-914A-B8BCEA0F4BAA}\gapaengine.dll
2013-11-26 03:51:35 -------- d-----w- C:\Program Files\Adobe
2013-11-26 03:47:20 -------- d-----w- C:\Program Files\Common Files\Adobe
2013-11-25 13:53:05 -------- d-----w- C:\Users\Aidan\AppData\Roaming\BitTorrent
2013-11-25 13:44:49 -------- d-----w- C:\Program Files (x86)\TornTV.com
2013-11-23 09:04:32 -------- d-----w- C:\Users\Aidan\AppData\Roaming\openvr
2013-11-21 01:10:28 -------- d-----w- C:\Users\Aidan\AppData\Local\{6D3560A6-7638-47F5-B1C9-CF4D0A17A135}
2013-11-19 17:50:23 -------- d-----w- C:\coin
2013-11-16 12:45:17 -------- d-----w- C:\NOOBSCAPE RELEASE
2013-11-16 12:43:27 -------- d-----w- C:\Noobscape Client
2013-11-16 09:00:44 -------- d-----w- C:\found.003
2013-11-16 08:14:52 -------- d-----w- C:\Users\Aidan\AppData\Local\{0B3C6929-4F76-4EEB-815B-509E4E93DC21}
2013-11-16 04:03:24 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-11-16 04:03:24 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-11-16 04:03:24 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-11-16 04:03:24 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-11-16 04:03:24 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-11-16 04:03:24 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-11-16 04:03:23 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-11-15 12:54:01 -------- d-----w- C:\Insidia 2 Package
2013-11-15 12:50:44 -------- d-----w- C:\InsidiaX.cache
2013-11-13 21:04:41 1474048 ----a-w- C:\windows\System32\crypt32.dll
2013-11-13 21:04:41 1168384 ----a-w- C:\windows\SysWow64\crypt32.dll
2013-11-13 21:04:27 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-11-13 21:04:26 1930752 ----a-w- C:\windows\System32\authui.dll
2013-11-13 21:04:26 190464 ----a-w- C:\windows\System32\SmartcardCredentialProvider.dll
2013-11-13 21:04:26 1796096 ----a-w- C:\windows\SysWow64\authui.dll
2013-11-13 21:04:25 197120 ----a-w- C:\windows\System32\credui.dll
2013-11-13 21:04:25 168960 ----a-w- C:\windows\SysWow64\credui.dll
2013-11-13 21:04:25 152576 ----a-w- C:\windows\SysWow64\SmartcardCredentialProvider.dll
2013-11-13 21:04:08 458712 ----a-w- C:\windows\System32\drivers\cng.sys
2013-11-13 21:04:08 340992 ----a-w- C:\windows\System32\schannel.dll
2013-11-13 21:04:08 247808 ----a-w- C:\windows\SysWow64\schannel.dll
2013-11-13 21:04:08 154560 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2013-11-13 21:04:07 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2013-11-13 21:04:07 95680 ----a-w- C:\windows\System32\drivers\ksecdd.sys
2013-11-13 21:04:07 307200 ----a-w- C:\windows\System32\ncrypt.dll
2013-11-13 21:04:07 30720 ----a-w- C:\windows\System32\lsass.exe
2013-11-13 21:04:07 28160 ----a-w- C:\windows\System32\secur32.dll
2013-11-13 21:04:07 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll
2013-11-13 21:04:07 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2013-11-13 21:04:07 1447936 ----a-w- C:\windows\System32\lsasrv.dll
2013-11-13 21:04:07 135680 ----a-w- C:\windows\System32\sspicli.dll
2013-11-13 21:04:06 28672 ----a-w- C:\windows\System32\sspisrv.dll
2013-11-13 21:03:53 404480 ----a-w- C:\windows\System32\gdi32.dll
2013-11-13 21:03:53 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2013-11-13 21:03:52 859648 ----a-w- C:\windows\System32\IKEEXT.DLL
2013-11-13 21:03:52 830464 ----a-w- C:\windows\System32\nshwfp.dll
2013-11-13 21:03:52 324096 ----a-w- C:\windows\System32\FWPUCLNT.DLL
2013-11-13 21:03:52 216576 ----a-w- C:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 21:03:51 656896 ----a-w- C:\windows\SysWow64\nshwfp.dll
2013-11-03 03:28:25 -------- d-----w- C:\Program Files (x86)\RIFT
2013-11-01 09:57:26 -------- d-----w- C:\Users\Aidan\AppData\Local\Unity
2013-10-27 06:44:56 -------- d-----w- C:\Users\Aidan\AppData\Local\{7ADA229C-CCF6-4811-BCDE-4034CBDB19CF}
2013-10-19 06:14:22 312744 ----a-w- C:\windows\System32\javaws.exe
2013-10-19 06:13:48 189352 ----a-w- C:\windows\System32\javaw.exe
2013-10-19 06:13:48 189352 ----a-w- C:\windows\System32\java.exe
2013-10-19 06:13:48 108968 ----a-w- C:\windows\System32\WindowsAccessBridge-64.dll
2013-10-19 06:09:50 -------- d-----w- C:\Program Files\Java
.
==================== Find6M ====================
.
2013-12-06 09:43:32 16152 ----a-w- C:\windows\System32\drivers\SWDUMon.sys
2013-11-19 10:21:41 267936 ------w- C:\windows\System32\MpSigStub.exe
2013-09-27 01:53:06 248240 ----a-w- C:\windows\System32\drivers\MpFilter.sys
2013-09-27 01:53:06 134944 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\windows\System32\drivers\ataport.sys
2013-08-02 02:14:57 215040 ----a-w- C:\windows\System32\winsrv.dll
2013-08-02 02:13:34 424448 ----a-w- C:\windows\System32\KernelBase.dll
2013-08-02 02:13:34 1161216 ----a-w- C:\windows\System32\kernel32.dll
2013-08-02 01:50:42 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll
2013-08-02 01:50:41 1114112 ----a-w- C:\windows\SysWow64\kernel32.dll
2013-08-02 01:09:17 338432 ----a-w- C:\windows\System32\conhost.exe
2013-08-02 00:59:09 112640 ----a-w- C:\windows\System32\smss.exe
2013-08-02 00:43:05 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-08-01 12:09:36 983488 ----a-w- C:\windows\System32\drivers\dxgkrnl.sys
2013-07-26 02:24:57 14172672 ----a-w- C:\windows\System32\shell32.dll
2013-07-26 02:24:56 197120 ----a-w- C:\windows\System32\shdocvw.dll
2013-07-26 01:55:59 180224 ----a-w- C:\windows\SysWow64\shdocvw.dll
2013-07-26 01:55:59 12872704 ----a-w- C:\windows\SysWow64\shell32.dll
2013-07-25 09:25:54 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL
2013-07-20 10:33:12 102608 ----a-w- C:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2013-07-20 10:33:08 124112 ----a-w- C:\windows\System32\PresentationCFFRasterizerNative_v0300.dll
2013-07-12 10:41:35 185344 ----a-w- C:\windows\System32\drivers\usbvideo.sys
2013-07-12 10:41:12 100864 ----a-w- C:\windows\System32\drivers\usbcir.sys
2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll
2013-07-09 05:51:16 1217024 ----a-w- C:\windows\System32\rpcrt4.dll
2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll
2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll
2013-07-09 04:52:33 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll
2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll
2013-07-04 12:57:22 259584 ----a-w- C:\windows\System32\WebClnt.dll
2013-07-04 12:50:46 102400 ----a-w- C:\windows\System32\davclnt.dll
2013-07-04 12:50:39 633856 ----a-w- C:\windows\System32\comctl32.dll
2013-07-04 11:57:28 205824 ----a-w- C:\windows\SysWow64\WebClnt.dll
2013-07-04 11:51:04 81920 ----a-w- C:\windows\SysWow64\davclnt.dll
2013-07-04 11:50:56 530432 ----a-w- C:\windows\SysWow64\comctl32.dll
2013-07-04 10:11:35 140800 ----a-w- C:\windows\System32\drivers\mrxdav.sys
2013-07-03 04:05:05 76800 ----a-w- C:\windows\System32\drivers\hidclass.sys
2013-07-03 04:05:04 32896 ----a-w- C:\windows\System32\drivers\hidparse.sys
2013-06-25 22:55:52 785624 ----a-w- C:\windows\System32\drivers\Wdf01000.sys
.
============= FINISH: 20:39:41.04 ===============
 
At this moment the board seem to have serious posting issue. We'll have to wait until the problem is fixed.
 
The issue is only partially fixed so we have to use workaround to communicate here.
Before posting make sure to switch Rich Text Editor of by clicking on this icon:
p22005501.gif


redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Hello Broni, thank you for your assistance with this issue :)

Here is the Rogue Killer report

RogueKiller V8.7.12 _x64_ [Nov 25 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Aidan [Admin rights]
Mode : Remove -- Date : 12/18/2013 13:03:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 2 ¤¤¤
[SUSP PATH] RascalClient.exe -- C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-] -> KILLED [TermProc]
[SUSP PATH] mm.exe -- C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-] -> KILLED [TermProc]

¤¤¤ Registry Entries : 12 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : Config (C:\Users\Aidan\AppData\Roaming\tasklaunch.exe [7]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : WindowsNetworkClient (C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : Windows Compact Framework (C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-]) -> DELETED
[RUN][SUSP PATH] HKCU\[...]\Run : p8F6lCgBkp (C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk [-]) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : Config (C:\Users\Aidan\AppData\Roaming\tasklaunch.exe [7]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : WindowsNetworkClient (C:\Users\Aidan\AppData\Roaming\AppClient\RascalClient.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : Windows Compact Framework (C:\Users\Aidan\AppData\Roaming\AppClient\mm.exe [-]) -> [0x2] The system cannot find the file specified.
[RUN][SUSP PATH] HKUS\S-1-5-21-4191367178-1998265054-3350178268-1001\[...]\Run : p8F6lCgBkp (C:\Users\Aidan\AppData\Roaming\F8fbpsK9\TGDvRNf.exe.lnk [-]) -> [0x2] The system cannot find the file specified.
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> [0x2] The system cannot find the file specified.
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][SUSP PATH] FRAPS : C:\Users\Aidan\Desktop\fraps.exe [x] -> DELETED

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 36c8f0f132f478d0149ee19cc93d4431
[BSP] 8478360f9d9b6c4d159f05a4c467fa83 : KIWI Image system MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 277504 Mo
2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 568535040 | Size: 415875 Mo
3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1420247040 | Size: 21924 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_121820

13_130311.txt >>
RKreport[0]_S_12182013_130210.txt
 
Hello Broni, bad news to report, the laptop in question has fallen quite ill.

I managed to do the scan but was unable to post it. The text box to type in the reply was not appearing on the other machine yet it would appear on this machine....? I don't get why it was doing that.

Now for reasons unknown the laptop won't proceed past the "Starting Windows" splash with the icon pulsing slowly and when trying safe mode it hangs at

Loaded: \windows\system32\drivers\CLASSPNP.SYS

With no recovery disk or recognised restore point (even called it Laptop Cleanup), even LKGC doesn't work. Start up repair shows corrupted registry...:-( Where to now besides the trash can?

My son didn't notice the signs of impending doom, what is done is done.

Twin
 
NOTE 1. Use another working computer to download Farbar Recovery Scan Tool. Use USB flash drive to transfer it from good computer to the bad one.
NOTE 2. Install Panda USB Vaccine, or BitDefender’s USB Immunizer on GOOD computer to protect it from any infected USB device.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.

If you are using Vista or Windows 7 enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note:     Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Thank you again for your time,

I think it's dead, can't even access the advanced boot options now despite tapping F8 button...It goes straight to windows recovery with a "windows failed to start". F8 doesn't work from here either.

.I thinks she'a gonner captain
 
Use the second option:

To enter System Recovery Options by using Windows installation disc:
 
Hello Broni, sorry for late reply.

Long story short, the machine has been sent to a local computer store for repairs. My son was growing impatient so mom sent it off (which will be weeks because of the holidays). All the hassling in the world won't hurry these guys :)

Thank you for your valuable time Broni, a donation will be forthcoming.
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
799
uber_beetle
uber_beetle
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back