Tweet
Originally posted by Goldfish
Also search this for me and tell me what is inside each folder.
pbTPLVyBrsWMQuu[/color]
-
Go to it with Everything search engine. Copy and paste .# into the search everything, if you get a lot of results then search this. [COLOR=rgb(255, 0, 0)].#*[/COLOR][COLOR=rgb(255, 0, 0)]
Also search this for me and tell me what is inside each folder.
pbTPLVyBrsWMQuu[/color] -
ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]
Notice!! The Chinese items are listed in the fix, you may remove them if you wish. The two above mentioned fodlers are listed in the fix as well…
ADS SCAN.Code:Script ZhpFix SysRestore EmptyFlash ProxyFix EmptyCLSID O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 24.0 r0.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe =>.Adobe Systems Incorporated® O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook G0 - GCSP: Secure Preferences [User Data\Default][HomePage] http://login.yahoo.com/ =>.Yahoo! Inc. R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk-mg5.mail.yahoo.com/ =>.Yahoo! Inc. O42 - Logiciel: Chinese Traditional Fonts Support For Adobe Reader 9 - (.Adobe Systems Incorporated.) [HKLM][64Bits] -- {AC76BA86-7AD7-2448-0000-900000000003} =>.Adobe Systems Incorporated HKLM\SOFTWARE\Wow6432Node\America Online =>.America Online HKLM\SOFTWARE\Wow6432Node\AVG =>.AVG Software HKLM\SOFTWARE\Wow6432Node\Avg Secure Update =>.AVG Software HKLM\SOFTWARE\Wow6432Node\McAfee =>.McAfee Inc. HKLM\SOFTWARE\Wow6432Node\McAfee.com =>.McAfee Inc. HKLM\SOFTWARE\Wow6432Node\McAfeeInstaller =>.McAfee Inc. HKCU\SOFTWARE\Avg =>.AVG Software C:\Windows\System32\drivers\hola_mon_drv.sys HKCU\SOFTWARE\Avg Secure Update =>.AVG Software HKCU\SOFTWARE\AVG Web TuneUp =>.AVG Web TuneUp HKCU\SOFTWARE\MCAFEE =>.McAfee Inc. HKCU\SOFTWARE\アプリケーション ウィザードで生成されたローカル アプリケーション HKCU\SOFTWARE\AppDataLow\Software\Avg =>.AVG Software O43 - CFD: 24/11/2013 - [0] D -- C:\Program Files\McAfee =>.McAfee O43 - CFD: 09/04/2016 - [] D -- C:\Program Files (x86)\Jihosoft =>.HONGKONG JIHO CO., LIMITED® O43 - CFD: 26/11/2013 - [] D -- C:\Program Files (x86)\McAfee =>.McAfee O43 - CFD: 26/11/2013 - [] D -- C:\ProgramData\McAfee =>.McAfee O43 - CFD: 11/12/2010 - [] D -- C:\ProgramData\pbTPLVyBrsWMQuu O43 - CFD: 13/09/2010 - [] D -- C:\ProgramData\SiteAdvisor =>.McAfee Inc. O43 - CFD: 05/02/2012 - [] D -- C:\Program Files (x86)\Common Files\McAfee =>.McAfee O43 - CFD: 25/09/2010 - [0] SHD -- C:\Users\goldfish\AppData\Roaming\.# O43 - CFD: 20/02/2017 - [0] D -- C:\Users\goldfish\AppData\Roaming\QuickScan =>.Bitdefender O43 - CFD: 11/09/2011 - [] D -- C:\Users\goldfish\AppData\Roaming\T-Mobile O43 - CFD: 21/02/2017 - [] D -- C:\Users\goldfish\AppData\Local\Avg =>.AVG Software O43 - CFD: 12/06/2015 - [] D -- C:\Users\goldfish\AppData\Local\GWX =>.GWX O43 - CFD: 25/09/2016 - [] -- C:\Windows\System32\Config\systemprofile\AppData\Local\Avg =>.AVG Software O58 - SDL:2014/06/15 16:12:37 A . (.Hola Networks Ltd. - Hola Network Monitor Driver.) -- C:\Windows\System32\drivers\hola_mon_drv.sys [317400] {08D34F3F819F7FB1B4FAB09F4F5B5D39} =>.Hola Networks Ltd. O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} =>.Superfluous.Orphan HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} =>.Superfluous.Orphan EmptyTemp
Download ADS to your desktop.
Right Click Run As Administrator.
Click on Listing.
A file named Services_List Will appear on your desktop.
Please copy the content of that, and paste it in your next reply.Comment
-
I am also curious as to why there is Chinese writing for Microsoft.
When your machine was is installed in English…:cautious:
[ICODE] Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)[/ICODE]
I’d like you to check the content of that folder as well for me please. Search 微软公司 with the everything search engine, screen shot the content of that folder or at least let me know what resides within.Comment
-
Blue-screened again (same details as last time other than a slightly different filename). The output of the analysis is below and the .dmp file is attached.
================================================== ================================================== ====
Instant Online Crash Analysis, brought to you by OSR Open Systems Resources, Inc.
http://www.osronline.com/dump/collapse.gifPrimary Analysis
Crash Dump Analysis provided by OSR Open Systems Resources, Inc. ( http://www.osr.com )
Online Crash Dump Analysis Service
See http://www.osronline.com for more information
Windows 7 Kernel Version 7601 (Service Pack 1) MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 7601.23572.amd64fre.win7sp1_ldr.161011-0600
Machine Name:
Kernel base = 0xfffff800[ICODE]05666000 PsLoadedModuleList = 0xfffff800[/ICODE]058a8730
Debug session time: Sun Mar 5 16:03:27.992 2017 (UTC - 5:00)
System Uptime: 0 days 2:58:11.491- Code:
*
- Code:
Bugcheck Analysis *
- Code:
*
PAGE_FAULT_IN_NONPAGED_AREA (50)
Invalid system memory was referenced. This cannot be protected by try-except,
it must be protected by a Probe. Typically the address is just plain bad or it
is pointing at freed memory.
Arguments:
Arg1: fffffa8019ee0040, memory referenced.
Arg2: 0000000000000001, value 0 = read operation, 1 = write operation.
Arg3: fffff88004433ce0, If non-zero, the instruction address which referenced the bad memory
address.
Arg4: 0000000000000002, (reserved)
[HEADING=1]Debugging Details:[/HEADING]
Could not read faulting driver name
TRIAGER: Could not open triage file : e:\dump_analysis\program\triage\modclass.ini, error 2
WRITE_ADDRESS: GetPointerFromAddress: unable to read from fffff80005912100
GetUlongFromAddress: unable to read from fffff800059121c8
fffffa8019ee0040 Nonpaged pool
FAULTING_IP:
rimssne64+13ce0
fffff880`04433ce0 488911 mov qword ptr [rcx],rdx
MM_INTERNAL_CODE: 2
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: WIN7_DRIVER_FAULT
BUGCHECK_STR: 0x50
PROCESS_NAME: RogueKiller64.
CURRENT_IRQL: 0
TRAP_FRAME: fffff8800cad4380 – (.trap 0xfffff8800cad4380)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=fffffa8019ee0040 rbx=0000000000000000 rcx=fffffa8019ee0040
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88004433ce0 rsp=fffff8800cad4518 rbp=fffffa80082d01a0
r8=0000000000000000 r9=0000000000000004 r10=0000000000000000
r11=fffff8800cad4608 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
rimssne64+0x13ce0:
fffff880[ICODE]04433ce0 488911 mov qword ptr [rcx],rdx ds:fffffa80[/ICODE]19ee0040=???
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff80005751cb2 to fffff800056d6400
STACK_TEXT:
fffff880[ICODE]0cad4218 fffff800[/ICODE]05751cb2 : 00000000[ICODE]00000050 fffffa80[/ICODE]19ee0040 00000000[ICODE]00000001 fffff880[/ICODE]0cad4380 : nt!KeBugCheckEx
fffff880[ICODE]0cad4220 fffff800[/ICODE]056d452e : 00000000[ICODE]00000001 fffffa80[/ICODE]19ee0040 fffffa81[ICODE]00150000 00000000[/ICODE]00000000 : nt! ?? ::FNODOBFM::[ICODE]string'+0x3a306 fffff880[/ICODE]0cad4380 fffff880[ICODE]04433ce0 : fffff880[/ICODE]0442db55 00000000[ICODE]00000000 00000000[/ICODE]00000000 fffffa80[ICODE]0bd57aa0 : nt!KiPageFault+0x16e fffff880[/ICODE]0cad4518 fffff880[ICODE]0442db55 : 00000000[/ICODE]00000000 00000000[ICODE]00000000 fffffa80[/ICODE]0bd57aa0 fffff880[ICODE]012b12ec : rimssne64+0x13ce0 fffff880[/ICODE]0cad4520 00000000[ICODE]00000000 : 00000000[/ICODE]00000000 fffffa80[ICODE]0bd57aa0 fffff880[/ICODE]012b12ec fffffa80`09d64320 : rimssne64+0xdb55
STACK_COMMAND: kb
FOLLOWUP_IP:
rimssne64+13ce0
fffff880`04433ce0 488911 mov qword ptr [rcx],rdx
SYMBOL_STACK_INDEX: 3
SYMBOL_NAME: rimssne64+13ce0
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: rimssne64
IMAGE_NAME: rimssne64.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 4ad84fca
FAILURE_BUCKET_ID: X64_0x50_rimssne64+13ce0
BUCKET_ID: X64_0x50_rimssne64+13ce0
[HEADING=1]Followup: MachineOwner[/HEADING]
This free analysis is provided by OSR Open Systems Resources, Inc.
Want a deeper understanding of crash dump analysis? Check out our Windows Kernel Debugging and Crash Dump Analysis Seminar (opens in new tab/window)
http://www.osronline.com/dump/collapse.gifCrash Code Links
View the MSDN page for PAGE_FAULT_IN_NONPAGED_AREA
Search Google for PAGE_FAULT_IN_NONPAGED_AREA
Bugchecks Explained: PAGE_FAULT_IN_NONPAGED_AREA
http://www.osronline.com/dump/collapse.gifInformation About Address 0xfffffa8019ee0040
Supplied dump is a mini-dump. Memory analysis commands unavailable.
http://www.osronline.com/dump/collapse.gifLoaded Module List
start end module name
fffff800[ICODE]00bb2000 fffff800[/ICODE]00bbc000 kdcom kdcom.dll
fffff800[ICODE]0561d000 fffff800[/ICODE]05666000 hal hal.dll
fffff800[ICODE]05666000 fffff800[/ICODE]05c4c000 nt ntkrnlmp.exe
fffff880[ICODE]00c00000 fffff880[/ICODE]00c75000 CI CI.dll
fffff880[ICODE]00c75000 fffff880[/ICODE]00c9b000 tunnel tunnel.sys
fffff880[ICODE]00cac000 fffff880[/ICODE]00d2a000 mcupdate_GenuineIntel mcupdate_GenuineIntel.dll
fffff880[ICODE]00d2a000 fffff880[/ICODE]00d3e000 PSHED PSHED.dll
fffff880[ICODE]00d3e000 fffff880[/ICODE]00d9d000 CLFS CLFS.SYS
fffff880[ICODE]00d9d000 fffff880[/ICODE]00df9000 volmgrx volmgrx.sys
fffff880[ICODE]00e00000 fffff880[/ICODE]00e0d000 vdrvroot vdrvroot.sys
fffff880[ICODE]00e0d000 fffff880[/ICODE]00e22000 partmgr partmgr.sys
fffff880[ICODE]00e22000 fffff880[/ICODE]00e2b000 compbatt compbatt.sys
fffff880[ICODE]00e2b000 fffff880[/ICODE]00e37000 BATTC BATTC.SYS
fffff880[ICODE]00e37000 fffff880[/ICODE]00e4c000 volmgr volmgr.sys
fffff880[ICODE]00e4c000 fffff880[/ICODE]00e66000 mountmgr mountmgr.sys
fffff880[ICODE]00e66000 fffff880[/ICODE]00e8e000 avipbb avipbb.sys
fffff880[ICODE]00e91000 fffff880[/ICODE]00f53000 Wdf01000 Wdf01000.sys
fffff880[ICODE]00f53000 fffff880[/ICODE]00f63000 WDFLDR WDFLDR.SYS
fffff880[ICODE]00f63000 fffff880[/ICODE]00fba000 ACPI ACPI.sys
fffff880[ICODE]00fba000 fffff880[/ICODE]00fc3000 WMILIB WMILIB.SYS
fffff880[ICODE]00fc3000 fffff880[/ICODE]00fcd000 msisadrv msisadrv.sys
fffff880[ICODE]00fcd000 fffff880[/ICODE]01000000 pci pci.sys
fffff880[ICODE]01000000 fffff880[/ICODE]0104c000 volsnap volsnap.sys
fffff880[ICODE]01067000 fffff880[/ICODE]0126f000 iaStor iaStor.sys
fffff880[ICODE]0126f000 fffff880[/ICODE]01278000 atapi atapi.sys
fffff880[ICODE]01278000 fffff880[/ICODE]012a2000 ataport ataport.SYS
fffff880[ICODE]012a2000 fffff880[/ICODE]012ad000 amdxata amdxata.sys
fffff880[ICODE]012ad000 fffff880[/ICODE]012f9000 fltmgr fltmgr.sys
fffff880[ICODE]012f9000 fffff880[/ICODE]0130d000 fileinfo fileinfo.sys
fffff880[ICODE]0130d000 fffff880[/ICODE]01318e00 PxHlpa64 PxHlpa64.sys
fffff880[ICODE]01319000 fffff880[/ICODE]01377000 msrpc msrpc.sys
fffff880[ICODE]01377000 fffff880[/ICODE]013ec000 cng cng.sys
fffff880[ICODE]01405000 fffff880[/ICODE]015ae000 Ntfs Ntfs.sys
fffff880[ICODE]015ae000 fffff880[/ICODE]015c9000 ksecdd ksecdd.sys
fffff880[ICODE]015c9000 fffff880[/ICODE]015da000 pcw pcw.sys
fffff880[ICODE]015da000 fffff880[/ICODE]015e4000 Fs_Rec Fs_Rec.sys
fffff880[ICODE]015e4000 fffff880[/ICODE]015ee000 avkmgr avkmgr.sys
fffff880[ICODE]01600000 fffff880[/ICODE]01661000 NETIO NETIO.SYS
fffff880[ICODE]01661000 fffff880[/ICODE]0168c000 ksecpkg ksecpkg.sys
fffff880[ICODE]0168c000 fffff880[/ICODE]016d5000 fwpkclnt fwpkclnt.sys
fffff880[ICODE]016d6000 fffff880[/ICODE]017c9000 ndis ndis.sys
fffff880[ICODE]017c9000 fffff880[/ICODE]017d8000 avusbflt avusbflt.sys
fffff880[ICODE]017d8000 fffff880[/ICODE]017e0000 spldr spldr.sys
fffff880[ICODE]017e0000 fffff880[/ICODE]017ff000 dfsc dfsc.sys
fffff880[ICODE]01801000 fffff880[/ICODE]019fd000 tcpip tcpip.sys
fffff880[ICODE]01a00000 fffff880[/ICODE]01a0b000 mssmbios mssmbios.sys
fffff880[ICODE]01a0b000 fffff880[/ICODE]01a196a0 mbae64 mbae64.sys
fffff880[ICODE]01a1a000 fffff880[/ICODE]01a29000 discache discache.sys
fffff880[ICODE]01a29000 fffff880[/ICODE]01a3a000 blbdrive blbdrive.sys
fffff880[ICODE]01a41000 fffff880[/ICODE]01a7b000 rdyboost rdyboost.sys
fffff880[ICODE]01a7b000 fffff880[/ICODE]01a8d000 mup mup.sys
fffff880[ICODE]01a8d000 fffff880[/ICODE]01a96000 hwpolicy hwpolicy.sys
fffff880[ICODE]01a96000 fffff880[/ICODE]01ad0000 fvevol fvevol.sys
fffff880[ICODE]01ad0000 fffff880[/ICODE]01ae6000 disk disk.sys
fffff880[ICODE]01ae6000 fffff880[/ICODE]01b16000 CLASSPNP CLASSPNP.SYS
fffff880[ICODE]01b24000 fffff880[/ICODE]01b4a000 pacer pacer.sys
fffff880[ICODE]01b4a000 fffff880[/ICODE]01b60000 vwififlt vwififlt.sys
fffff880[ICODE]01b60000 fffff880[/ICODE]01b7b000 wanarp wanarp.sys
fffff880[ICODE]01b7b000 fffff880[/ICODE]01b8f000 termdd termdd.sys
fffff880[ICODE]01b8f000 fffff880[/ICODE]01b99000 SASKUTIL64 SASKUTIL64.SYS
fffff880[ICODE]01b99000 fffff880[/ICODE]01ba3000 SASDIFSV64 SASDIFSV64.SYS
fffff880[ICODE]01ba3000 fffff880[/ICODE]01bf4000 rdbss rdbss.sys
fffff880[ICODE]01bf4000 fffff880[/ICODE]01c00000 nsiproxy nsiproxy.sys
fffff880[ICODE]02e00000 fffff880[/ICODE]02e44000 Apfiltr Apfiltr.sys
fffff880[ICODE]02e44000 fffff880[/ICODE]02e53000 mouclass mouclass.sys
fffff880[ICODE]02e53000 fffff880[/ICODE]02e78180 Impcd Impcd.sys
fffff880[ICODE]02e79000 fffff880[/ICODE]02e8f000 intelppm intelppm.sys
fffff880[ICODE]02e8f000 fffff880[/ICODE]02ec5000 atikmpag atikmpag.sys
fffff880[ICODE]02ec5000 fffff880[/ICODE]02ee9000 HDAudBus HDAudBus.sys
fffff880[ICODE]02ee9000 fffff880[/ICODE]02efa000 HECIx64 HECIx64.sys
fffff880[ICODE]02efa000 fffff880[/ICODE]02f0c000 usbehci usbehci.sys
fffff880[ICODE]02f0c000 fffff880[/ICODE]02f63000 USBPORT USBPORT.SYS
fffff880[ICODE]02f63000 fffff880[/ICODE]02fc8000 yk62x64 yk62x64.sys
fffff880[ICODE]02fc8000 fffff880[/ICODE]02fe6000 i8042prt i8042prt.sys
fffff880[ICODE]02fe6000 fffff880[/ICODE]02ff6000 CompositeBus CompositeBus.sys
fffff880[ICODE]04000000 fffff880[/ICODE]04089000 afd afd.sys
fffff880[ICODE]04089000 fffff880[/ICODE]04092000 wfplwf wfplwf.sys
fffff880[ICODE]04092000 fffff880[/ICODE]040a1000 netbios netbios.sys
fffff880[ICODE]040a1000 fffff880[/ICODE]042a9000 dump_iaStor dump_iaStor.sys
fffff880[ICODE]042bf000 fffff880[/ICODE]042e9000 cdrom cdrom.sys
fffff880[ICODE]042e9000 fffff880[/ICODE]042f2000 Null Null.SYS
fffff880[ICODE]042f2000 fffff880[/ICODE]042f9000 Beep Beep.SYS
fffff880[ICODE]042f9000 fffff880[/ICODE]0430ef00 ctxusbm ctxusbm.sys
fffff880[ICODE]0430f000 fffff880[/ICODE]0431d000 vga vga.sys
fffff880[ICODE]0431d000 fffff880[/ICODE]04342000 VIDEOPRT VIDEOPRT.SYS
fffff880[ICODE]04342000 fffff880[/ICODE]04352000 watchdog watchdog.sys
fffff880[ICODE]04352000 fffff880[/ICODE]0435b000 RDPCDD RDPCDD.sys
fffff880[ICODE]0435b000 fffff880[/ICODE]04364000 rdpencdd rdpencdd.sys
fffff880[ICODE]04364000 fffff880[/ICODE]0436d000 rdprefmp rdprefmp.sys
fffff880[ICODE]0436d000 fffff880[/ICODE]04378000 Msfs Msfs.SYS
fffff880[ICODE]04378000 fffff880[/ICODE]04389000 Npfs Npfs.SYS
fffff880[ICODE]04389000 fffff880[/ICODE]043ab000 tdx tdx.sys
fffff880[ICODE]043ab000 fffff880[/ICODE]043b8000 TDI TDI.SYS
fffff880[ICODE]043b8000 fffff880[/ICODE]043fd000 netbt netbt.sys
fffff880[ICODE]04400000 fffff880[/ICODE]04420000 sdbus sdbus.sys
fffff880[ICODE]04420000 fffff880[/ICODE]04440000 rimssne64 rimssne64.sys
fffff880[ICODE]04440000 fffff880[/ICODE]04458000 risdsne64 risdsne64.sys
fffff880[ICODE]04458000 fffff880[/ICODE]0445ec00 GEARAspiWDM GEARAspiWDM.sys
fffff880[ICODE]04461000 fffff880[/ICODE]045de000 athrx athrx.sys
fffff880[ICODE]045de000 fffff880[/ICODE]045eb000 vwifibus vwifibus.sys
fffff880[ICODE]045eb000 fffff880[/ICODE]045fa000 kbdclass kbdclass.sys
fffff880[ICODE]045fa000 fffff880[/ICODE]045fcc80 SFEP SFEP.sys
fffff880[ICODE]04600000 fffff880[/ICODE]0461a000 rassstp rassstp.sys
fffff880[ICODE]0461a000 fffff880[/ICODE]0461b480 swenum swenum.sys
fffff880[ICODE]0461c000 fffff880[/ICODE]0465f000 ks ks.sys
fffff880[ICODE]0465f000 fffff880[/ICODE]04671000 umbus umbus.sys
fffff880[ICODE]04695000 fffff880[/ICODE]046dc000 msiscsi msiscsi.sys
fffff880[ICODE]046dc000 fffff880[/ICODE]04740000 storport storport.sys
fffff880[ICODE]04740000 fffff880[/ICODE]04756000 AgileVpn AgileVpn.sys
fffff880[ICODE]04756000 fffff880[/ICODE]0477a000 rasl2tp rasl2tp.sys
fffff880[ICODE]0477a000 fffff880[/ICODE]04786000 ndistapi ndistapi.sys
fffff880[ICODE]04786000 fffff880[/ICODE]047b5000 ndiswan ndiswan.sys
fffff880[ICODE]047b5000 fffff880[/ICODE]047d0000 raspppoe raspppoe.sys
fffff880[ICODE]047d0000 fffff880[/ICODE]047f1000 raspptp raspptp.sys
fffff880[ICODE]04a00000 fffff880[/ICODE]04a46000 dxgmms1 dxgmms1.sys
fffff880[ICODE]04a46000 fffff880[/ICODE]04a4a500 CmBatt CmBatt.sys
fffff880[ICODE]04a51000 fffff880[/ICODE]050fd000 atikmdag atikmdag.sys
fffff880[ICODE]050fd000 fffff880[/ICODE]051f2000 dxgkrnl dxgkrnl.sys
fffff880[ICODE]0544c000 fffff880[/ICODE]054a6000 usbhub usbhub.sys
fffff880[ICODE]054a6000 fffff880[/ICODE]054bb000 NDProxy NDProxy.SYS
fffff880[ICODE]054bb000 fffff880[/ICODE]054ed700 RtHDMIVX RtHDMIVX.sys
fffff880[ICODE]054ee000 fffff880[/ICODE]0552b000 portcls portcls.sys
fffff880[ICODE]0552b000 fffff880[/ICODE]0554d000 drmk drmk.sys
fffff880[ICODE]0554d000 fffff880[/ICODE]05552200 ksthunk ksthunk.sys
fffff880[ICODE]05553000 fffff880[/ICODE]0556b000 rspndr rspndr.sys
fffff880[ICODE]06000000 fffff880[/ICODE]06023000 luafv luafv.sys
fffff880[ICODE]06023000 fffff880[/ICODE]06054000 avgntflt avgntflt.sys
fffff880[ICODE]06054000 fffff880[/ICODE]06082000 MBAMChameleon MBAMChameleon.sys
fffff880[ICODE]06082000 fffff880[/ICODE]06097000 lltdio lltdio.sys
fffff880[ICODE]06097000 fffff880[/ICODE]060ea000 nwifi nwifi.sys
fffff880[ICODE]060ea000 fffff880[/ICODE]060fd000 ndisuio ndisuio.sys
fffff880[ICODE]060fd000 fffff880[/ICODE]06317900 RTKVHD64 RTKVHD64.sys
fffff880[ICODE]06318000 fffff880[/ICODE]06324000 Dxapi Dxapi.sys
fffff880[ICODE]06324000 fffff880[/ICODE]06341000 usbccgp usbccgp.sys
fffff880[ICODE]06341000 fffff880[/ICODE]06342e80 USBD USBD.SYS
fffff880[ICODE]06343000 fffff880[/ICODE]06351000 hidusb hidusb.sys
fffff880[ICODE]06351000 fffff880[/ICODE]0636a000 HIDCLASS HIDCLASS.SYS
fffff880[ICODE]0636a000 fffff880[/ICODE]06372080 HIDPARSE HIDPARSE.SYS
fffff880[ICODE]06373000 fffff880[/ICODE]06381000 kbdhid kbdhid.sys
fffff880[ICODE]06381000 fffff880[/ICODE]063ae400 usbvideo usbvideo.sys
fffff880[ICODE]063af000 fffff880[/ICODE]063b9000 ArcSoftKsUFilter ArcSoftKsUFilter.sys
fffff880[ICODE]063b9000 fffff880[/ICODE]063c6000 mouhid mouhid.sys
fffff880[ICODE]063c6000 fffff880[/ICODE]063d4000 crashdmp crashdmp.sys
fffff880[ICODE]063d4000 fffff880[/ICODE]063e7000 dump_dumpfve dump_dumpfve.sys
fffff880[ICODE]063e7000 fffff880[/ICODE]063f5000 monitor monitor.sys
fffff880[ICODE]07000000 fffff880[/ICODE]0702d000 mrxsmb mrxsmb.sys
fffff880[ICODE]0702d000 fffff880[/ICODE]0707b000 mrxsmb10 mrxsmb10.sys
fffff880[ICODE]0707b000 fffff880[/ICODE]0709f000 mrxsmb20 mrxsmb20.sys
fffff880[ICODE]0709f000 fffff880[/ICODE]070b4000 avnetflt avnetflt.sys
fffff880[ICODE]070d4000 fffff880[/ICODE]0719d000 HTTP HTTP.sys
fffff880[ICODE]0719d000 fffff880[/ICODE]071a7000 vwifimp vwifimp.sys
fffff880[ICODE]071a7000 fffff880[/ICODE]071c4000 bowser bowser.sys
fffff880[ICODE]071c4000 fffff880[/ICODE]071dc000 mpsdrv mpsdrv.sys
fffff880[ICODE]0a020000 fffff880[/ICODE]0a0ca000 peauth peauth.sys
fffff880[ICODE]0a0ca000 fffff880[/ICODE]0a0d2000 regi regi.sys
fffff880[ICODE]0a0d2000 fffff880[/ICODE]0a0dc000 speedfan speedfan.sys
fffff880[ICODE]0a0dc000 fffff880[/ICODE]0a10d000 srvnet srvnet.sys
fffff880[ICODE]0a10d000 fffff880[/ICODE]0a11f000 tcpipreg tcpipreg.sys
fffff880[ICODE]0a11f000 fffff880[/ICODE]0a187000 srv2 srv2.sys
fffff880[ICODE]0b24c000 fffff880[/ICODE]0b2e3000 srv srv.sys
fffff880[ICODE]0b319000 fffff880[/ICODE]0b332000 WudfPf WudfPf.sys
fffff880[ICODE]0b332000 fffff880[/ICODE]0b368000 WUDFRd WUDFRd.sys
fffff880[ICODE]0b3d9000 fffff880[/ICODE]0b3e4000 asyncmac asyncmac.sys
fffff880[ICODE]0b3e4000 fffff880[/ICODE]0b3ef000 TrueSight TrueSight.sys
fffff960[ICODE]00040000 fffff960[/ICODE]00367000 win32k win32k.sys
fffff960[ICODE]00520000 fffff960[/ICODE]0052a000 TSDDD TSDDD.dll
fffff960[ICODE]00750000 fffff960[/ICODE]00777000 cdd cdd.dll
Unloaded modules:
fffff880[ICODE]0b368000 fffff880[/ICODE]0b3d9000 spsys.sys
fffff880[ICODE]0b368000 fffff880[/ICODE]0b3d9000 spsys.sys
fffff880[ICODE]0b2e3000 fffff880[/ICODE]0b319000 WUDFRd.sys
fffff880[ICODE]01b16000 fffff880[/ICODE]01b24000 crashdmp.sys
fffff880[ICODE]040a4000 fffff880[/ICODE]042ac000 dump_iaStor.
fffff880[ICODE]042ac000 fffff880[/ICODE]042bf000 dump_dumpfve
spsys.sys
spsys.sys
WUDFRd.sys
crashdmp.sys
dump_iaStor.
dump_dumpfve
GenuineIntel
RogueKiller64.
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\compbatt.sys
\SystemRoot\system32\drivers\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\avusbflt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ctxusbm.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
??\C:\Windows\system32\drivers\mbae64.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\drivers\sdbus.sys
\SystemRoot\system32\drivers\rimssne64.sys
\SystemRoot\system32\drivers\risdsne64.sys
\SystemRoot\system32\DRIVERS\yk62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Apfiltr.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\SFEP.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\Impcd.sys
\SystemRoot\system32\drivers\intelppm.sys
\SystemRoot\system32\drivers\CmBatt.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RtHDMIVX.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\MBAMChameleon.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\avnetflt.sys
\SystemRoot\system32\drivers\peauth.sys
??\C:\Windows\system32\drivers\regi.sys
??\C:\Windows\SysWOW64\speedfan.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
??\C:\Windows\System32\drivers\TrueSight.sys
7601.23572.amd64fre.win7sp1_ldr.161011-0600
3c3e5c62-2003-41e1-9573-877f8019
A_A^A]A_
x ATAUAVH
A^A]A
fffffff
fffffff
fffffff
fffffff
fffffff
fffffff
H;D$8u
H;D$8t
ffffff
fffffff
TRGDDumpBlob
American Megatrends Inc.
R0300Y8
07/20/2010
Sony Corporation
VPCEB2C5E
C606A5TA
Sony Corporation
Sony Corporation
GenuineIntel
Intel(R) Core™ i5 CPU M 520 @ 2.40GHz
L1 Cache
L2 Cache
L3 Cache
0000062381B
FNC-EXTB
9EHN32cZhM4a7y4LhtkIKfmSEv9Iafmxab9Id3kxabAS73kJLj
Reserved
6.0.3.1195
SODIMM1
Bank 0
SODIMM2
Bank 1
Component Information
Configuration Data
Identifier
Intel64 Family 6 Model 37 Stepping 5
ProcessorNameString
Intel(R) Core™ i5 CPU M 520 @ 2.40GHz
Update Signature
Update Status
VendorIdentifier
GenuineIntel
GenuntelineI
GenuntelineI
Intel(R) Core(TMIntel(R) Core(TM
) i5 CPU M) i5 CPU M
520 @ 2.40GHz
520 @ 2.40GHz
HPET8
MCFG<
SLICv
avusbflt
SIeLR<
SCALR8
SIeLR8
Wdf01000
msisadrv
vdrvroot
avusbflt
HDAudBus
vwifibus
ApfiltrService
intelppm
CompositeBus
monitor
PEAUTHComment
-
Also RogueKiller had identified the following before the BlueScreen:
[ATTACH]1772[/ATTACH]
Here’s the results of searching for .# (Searched for it using Everything then opened it.)
[ATTACH]1767[/ATTACH]
Here’s the results for pbTPLVyBrsWMQuu (Searched for it using Everything then opened it.)
[ATTACH]1768[/ATTACH]
Here’s the results for the Chinese language search. I think this was from a while back when I was trying various options to retrieve deleted content from my phone - I don’t need any of it.
[ATTACH]1769[/ATTACH]
[ATTACH]1770[/ATTACH]
[ATTACH]1771[/ATTACH]
Contents of user.config file:
<?xml version="1.0" encoding="utf-8"?> en-USComment
-
Here are the results of the fix and scan:
Recycle Bin emptied (00mn 04s)Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by goldfish at 05/03/2017 21:38:38
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
========== Software ==========
REMOVES: Chinese Traditional Fonts Support For Adobe Reader 9
========== Registry keys ==========
REMOVES: Service: AdobeARMservice
REMOVES: Service: AdobeFlashPlayerUpdateSvc
REMOVES: HKLM\SOFTWARE\Wow6432Node\America Online
REMOVES: HKLM\SOFTWARE\Wow6432Node\AVG
REMOVES: HKLM\SOFTWARE\Wow6432Node\Avg Secure Update
REMOVES: HKLM\SOFTWARE\Wow6432Node\McAfee
REMOVES: HKLM\SOFTWARE\Wow6432Node\McAfee.com
REMOVES: HKLM\SOFTWARE\Wow6432Node\McAfeeInstaller
REMOVES: HKCU\SOFTWARE\Avg
REMOVES: HKCU\SOFTWARE\Avg Secure Update
REMOVES: HKCU\SOFTWARE\AVG Web TuneUp
REMOVES: HKCU\SOFTWARE\MCAFEE
REMOVES: HKCU\SOFTWARE???? ??? ???
REMOVES: HKCU\SOFTWARE\AppDataLow\Software\Avg
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
REMOVES:* HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
REMOVES: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES RunValue: Sidebar
========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
========== Preferences browser ==========
NOW Chrome File: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
ABSENT Chrome Site: http://www.facebook.com
NOW Chrome File: C:\Users\goldfish\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
ABSENT Chrome Site: http://login.yahoo.com/
========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Program Files\McAfee
REMOVES: C:\Program Files (x86)\Jihosoft
REMOVES: C:\Program Files (x86)\McAfee
REMOVES: C:\ProgramData\McAfee
REMOVES: C:\ProgramData\pbTPLVyBrsWMQuu
REMOVES: C:\ProgramData\SiteAdvisor
REMOVES: C:\Program Files (x86)\Common Files\McAfee
REMOVES: C:\Windows\System32\Config\systemprofile\AppData\L ocal\Avg
Deletes temporary Windows (110)
========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
REMOVES: c:\windows\syswow64\macromed\flash\flashplayerupda teservice.exe
REMOVES: c:\program files\windows sidebar\sidebar.exe
REMOVES Reboot: c:\program files\windows sidebar\sidebar.exe
REMOVES: C:\Windows\System32\drivers\hola_mon_drv.sys
Deletes temporary Windows (246) (70,496,775 octets)
========== System restore ==========
The system successfully created restore point
========== Summary ==========
19 : Registry keys
7 : Registry values
1 : Elements of the registry data
10 : Folders
7 : Files
1 : Software
4 : Preferences browser
1 : System restore
End of clean in 02mn 26s
========== Path to file report ==========
C:\Users\goldfish\AppData\Roaming\ZHP\ZHPFix[R1].txt - 05/03/2017 21:38:43 [3596]
================================================== ===========================
---------- ADS | Services Listing
R0 - ACPI (Microsoft ACPI Driver) → system32\drivers\ACPI.sys
R0 - amdxata () → system32\drivers\amdxata.sys
R0 - atapi (IDE Channel) → system32\drivers\atapi.sys
R0 - avusbflt (avusbflt) → System32\Drivers\avusbflt.sys
R0 - CLFS (@%SystemRoot%\system32\clfs.sys,-100) → System32\CLFS.sys
R0 - CNG () → System32\Drivers\cng.sys
R0 - Compbatt (Microsoft Composite Battery Driver) → system32\drivers\compbatt.sys
R0 - Disk (Disk Driver) → system32\drivers\disk.sys
R0 - FileInfo (@%SystemRoot%\system32\drivers\fileinfo.sys,-100) → system32\drivers\fileinfo.sys
R0 - FltMgr (@%SystemRoot%\system32\drivers\fltmgr.sys,-10001) → system32\drivers\fltmgr.sys
S0 - Fs_Rec () → (?)
R0 - fvevol (@%SystemRoot%\system32\drivers\fvevol.sys,-100) → System32\DRIVERS\fvevol.sys
R0 - hwpolicy (@%systemroot%\system32\drivers\hwpolicy.sys,-101) → System32\drivers\hwpolicy.sys
R0 - iaStor (Intel AHCI Controller) → system32\drivers\iaStor.sys
R0 - KSecDD () → System32\Drivers\ksecdd.sys
R0 - KSecPkg () → System32\Drivers\ksecpkg.sys
R0 - mountmgr (@%SystemRoot%\system32\drivers\mountmgr.sys,-100) → System32\drivers\mountmgr.sys
R0 - msisadrv () → system32\drivers\msisadrv.sys
R0 - Mup (@%systemroot%\system32\drivers\mup.sys,-101) → System32\Drivers\mup.sys
R0 - NDIS (@%SystemRoot%\system32\drivers\ndis.sys,-200) → system32\drivers\ndis.sys
R0 - partmgr (@%SystemRoot%\system32\drivers\partmgr.sys,-100) → System32\drivers\partmgr.sys
R0 - pci (PCI Bus Driver) → system32\drivers\pci.sys
R0 - pcw (Performance Counters for Windows Driver) → System32\drivers\pcw.sys
R0 - PxHlpa64 (PxHlpa64) → System32\Drivers\PxHlpa64.sys
R0 - rdyboost (ReadyBoost) → System32\drivers\rdyboost.sys
R0 - spldr (Security Processor Loader Driver) → (?)
R0 - Tcpip (@%SystemRoot%\system32\tcpipcfg.dll,-50003) → System32\drivers\tcpip.sys
R0 - vdrvroot (Microsoft Virtual Drive Enumerator Driver) → system32\drivers\vdrvroot.sys
R0 - volmgr (Volume Manager Driver) → system32\drivers\volmgr.sys
R0 - volmgrx (@%SystemRoot%\system32\drivers\volmgrx.sys,-100) → System32\drivers\volmgrx.sys
R0 - volsnap (Storage volumes) → system32\drivers\volsnap.sys
R0 - Wdf01000 (@%SystemRoot%\system32\drivers\Wdf01000.sys,-1000) → system32\drivers\Wdf01000.sys
R1 - AFD (@%systemroot%\system32\drivers\afd.sys,-1000) → \SystemRoot\system32\drivers\afd.sys
R1 - avipbb (avipbb) → system32\DRIVERS\avipbb.sys
R1 - avkmgr (avkmgr) → system32\DRIVERS\avkmgr.sys
R1 - Beep (Beep) → (?)
R1 - blbdrive () → \SystemRoot\system32\drivers\blbdrive.sys
R1 - cdrom (CD-ROM Driver) → \SystemRoot\system32\drivers\cdrom.sys
R1 - ctxusbm (Citrix USB Monitor Driver) → system32\DRIVERS\ctxusbm.sys
R1 - DfsC (@%systemroot%\system32\drivers\dfsc.sys,-101) → System32\Drivers\dfsc.sys
R1 - discache (@%systemroot%\system32\drivers\discache.sys,-102) → System32\drivers\discache.sys
R1 - ESProtectionDriver (Malwarebytes Anti-Exploit) → ??\C:\Windows\system32\drivers\mbae64.sys
R1 - Msfs () → (?)
R1 - mssmbios (Microsoft System Management BIOS Driver) → \SystemRoot\system32\drivers\mssmbios.sys
R1 - NetBIOS (NetBIOS Interface) → system32\DRIVERS\netbios.sys
R1 - NetBT (NetBT) → System32\DRIVERS\netbt.sys
R1 - Npfs () → (?)
R1 - nsiproxy (@%SystemRoot%\system32\drivers\nsiproxy.sys,-2) → system32\drivers\nsiproxy.sys
R1 - Null () → (?)
R1 - Psched (@%SystemRoot%\System32\drivers\pacer.sys,-101) → system32\DRIVERS\pacer.sys
R1 - rdbss (@%systemroot%\system32\wkssvc.dll,-1000) → system32\DRIVERS\rdbss.sys
R1 - RDPCDD (@%systemroot%\system32\DRIVERS\RDPCDD.sys,-100) → System32\DRIVERS\RDPCDD.sys
R1 - RDPENCDD (@%systemroot%\system32\drivers\RDPENCDD.sys,-101) → system32\drivers\rdpencdd.sys
R1 - RDPREFMP (@%systemroot%\system32\drivers\RdpRefMp.sys,-101) → system32\drivers\rdprefmp.sys
R1 - SASDIFSV (SASDIFSV) → ??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
R1 - SASKUTIL (SASKUTIL) → ??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
R1 - tdx (@%SystemRoot%\system32\tcpipcfg.dll,-50004) → system32\DRIVERS\tdx.sys
R1 - TermDD (Terminal Device Driver) → \SystemRoot\system32\drivers\termdd.sys
R1 - VgaSave () → \SystemRoot\System32\drivers\vga.sys
R1 - vwififlt (Virtual WiFi Filter Driver) → system32\DRIVERS\vwififlt.sys
R1 - Wanarpv6 (@%systemroot%\system32\rascfg.dll,-32012) → system32\DRIVERS\wanarp.sys
R1 - WfpLwf (WFP Lightweight Filter) → system32\DRIVERS\wfplwf.sys
R2 - AMD External Events Utility () → %SystemRoot%\system32\atiesrxx.exe
S2 - AntiVirMailService (Avira Mail Protection) → “C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe”
R2 - AntiVirSchedulerService (Avira Scheduler) → “C:\Program Files (x86)\Avira\Antivirus\sched.exe”
R2 - AntiVirService (Avira Real-Time Protection) → “C:\Program Files (x86)\Avira\Antivirus\avguard.exe”
S2 - AntiVirWebService (Avira Web Protection) → “C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe”
R2 - Apple Mobile Device Service (Apple Mobile Device Service) → “C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe”
R2 - ATPLupd (ATPL Digital v6 update service) → “C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\updatescripts\srvany.exe”
R2 - AudioEndpointBuilder (@%SystemRoot%\system32\audiosrv.dll,-204) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - AudioSrv (@%SystemRoot%\system32\audiosrv.dll,-200) → %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - avgntflt (avgntflt) → system32\DRIVERS\avgntflt.sys
R2 - Avira.ServiceHost (Avira Service Host) → “C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe”
R2 - AviraPhantomVPN (Avira Phantom VPN) → “C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe”
R2 - avnetflt (avnetflt) → system32\DRIVERS\avnetflt.sys
R2 - BFE (@%SystemRoot%\system32\bfe.dll,-1001) → %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - BGS (BGS) → “C:\Program Files (x86)\ATP DIGITAL\ATP DIGITAL 6\server\bin\Apache.exe” -k runservice
R2 - BITS (@%SystemRoot%\system32\qmgr.dll,-1000) → %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - Bonjour Service (Bonjour Service) → “C:\Program Files\Bonjour\mDNSResponder.exe”
R2 - BrYNSvc (BrYNSvc) → “C:\Program Files (x86)\Browny02\BrYNSvc.exe”
R2 - bthserv (Bluetooth Support Service) → %SystemRoot%\system32\svchost.exe -k bthsvcs
R2 - ClickToRunSvc (Microsoft Office ClickToRun Service) → “C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe” /service
S2 - clr_optimization_v4.0.30319_32 (Microsoft .NET Framework NGEN v4.0.30319_X86) → C:\Windows\Microsoft.NET\Framework\v4.0.30319\msco rsvw.exe
S2 - clr_optimization_v4.0.30319_64 (Microsoft .NET Framework NGEN v4.0.30319_X64) → C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ms corsvw.exe
R2 - CryptSvc (@%SystemRoot%\system32\cryptsvc.dll,-1001) → %SystemRoot%\system32\svchost.exe -k NetworkService
S2 - dbupdate (Dropbox Update Service (dbupdate)) → “C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe” /svc
S2 - dbupdatem (Dropbox Update Service (dbupdatem)) → “C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe” /medsvc
R2 - DbxSvc (DbxSvc) → %SystemRoot%\system32\DbxSvc.exe
R2 - DcomLaunch (@oleres.dll,-5012) → %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - Dhcp (@%SystemRoot%\system32\dhcpcore.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - DiagTrack (@%SystemRoot%\system32\UtcResources.dll,-3001) → %SystemRoot%\System32\svchost.exe -k utcsvc
R2 - Dnscache (@%SystemRoot%\System32\dnsapi.dll,-101) → %SystemRoot%\system32\svchost.exe -k NetworkService
R2 - DPS (@%systemroot%\system32\dps.dll,-500) → %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
R2 - EFS (@%SystemRoot%\system32\efssvc.dll,-100) → %SystemRoot%\System32\lsass.exe
R2 - eventlog (@%SystemRoot%\system32\wevtsvc.dll,-200) → %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - EventSystem (@comres.dll,-2450) → %SystemRoot%\system32\svchost.exe -k LocalService
R2 - Everything (Everything) → “C:\Program Files\Everything\Everything.exe” -svc
R2 - FLEXnet Licensing Service (FLEXnet Licensing Service) → “C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe”
R2 - FontCache (@%systemroot%\system32\FntCache.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalService
R2 - gpsvc (@gpapi.dll,-112) → %windir%\system32\svchost.exe -k GPSvcGroup
R2 - IAStorDataMgrSvc (Intel(R) Rapid Storage Technology) → “C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe”
R2 - IDriverT (InstallDriver Table Manager) → “C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe”
S2 - IEEtwCollectorService (@%SystemRoot%\system32\ieetwcollectorres.dll,-1000) → %SystemRoot%\system32\IEEtwCollector.exe /V
R2 - IKEEXT (@%SystemRoot%\system32\ikeext.dll,-501) → %systemroot%\system32\svchost.exe -k netsvcs
R2 - iphlpsvc (@%SystemRoot%\system32\iphlpsvc.dll,-500) → %SystemRoot%\System32\svchost.exe -k NetSvcs
R2 - iPod Service (iPod Service) → “C:\Program Files\iPod\bin\iPodService.exe”
R2 - IviRegMgr (IviRegMgr) → “C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe”
R2 - LanmanServer (@%systemroot%\system32\srvsvc.dll,-100) → %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - LanmanWorkstation (@%systemroot%\system32\wkssvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - lltdio (Link-Layer Topology Discovery Mapper I/O Driver) → system32\DRIVERS\lltdio.sys
R2 - lmhosts (@%SystemRoot%\system32\lmhsvc.dll,-101) → %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R2 - LMS (Intel(R) Management and Security Application Local Management Service) → C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
R2 - luafv (@%systemroot%\system32\drivers\luafv.sys,-100) → \SystemRoot\system32\drivers\luafv.sys
R2 - Maxtor Sync Service (Maxtor Service) → “C:\Program Files (x86)\Maxtor\Sync\SyncServices.exe”
R2 - MBAMChameleon (MBAMChameleon) → \SystemRoot\system32\drivers\MBAMChameleon.sys
R2 - MMCSS (@%systemroot%\system32\mmcss.dll,-100) → %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - MpsSvc (@%SystemRoot%\system32\FirewallAPI.dll,-23090) → %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R2 - MSiSCSI (@%SystemRoot%\system32\iscsidsc.dll,-5000) → %systemroot%\system32\svchost.exe -k netsvcs
S2 - NetMsmqActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ ServiceModelInstallRC.dll,-8195) → “C:\Windows\Microsoft.NET\Framework64\v4.0.30319\S MSvcHost.exe” -NetMsmqActivator
S2 - NetPipeActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ ServiceModelInstallRC.dll,-8197) → C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
S2 - NetTcpActivator (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ ServiceModelInstallRC.dll,-8199) → C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
R2 - NetTcpPortSharing (@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ ServiceModelInstallRC.dll,-8201) → C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SM SvcHost.exe
R2 - NlaSvc (@%SystemRoot%\System32\nlasvc.dll,-1) → %SystemRoot%\System32\svchost.exe -k NetworkService
R2 - nsi (@%SystemRoot%\system32\nsisvc.dll,-200) → %systemroot%\system32\svchost.exe -k LocalService
R2 - PcaSvc (@%SystemRoot%\system32\pcasvc.dll,-1) → %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - PEAUTH (PEAUTH) → system32\drivers\peauth.sys
R2 - PerfHost (@%systemroot%\sysWow64\perfhost.exe,-2) → %SystemRoot%\SysWow64\perfhost.exe
R2 - PlugPlay (@%SystemRoot%\system32\umpnpmgr.dll,-100) → %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - PMBDeviceInfoProvider (PMBDeviceInfoProvider) → “C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe”
R2 - Power (@%SystemRoot%\system32\umpo.dll,-100) → %SystemRoot%\system32\svchost.exe -k DcomLaunch
R2 - ProfSvc (@%systemroot%\system32\profsvc.dll,-300) → %systemroot%\system32\svchost.exe -k netsvcs
R2 - PSI_SVC_2 (Protexis Licensing V2) → “C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe”
R2 - RapiMgr (@%windir%\WindowsMobile\rapimgr.dll,-104) → %SystemRoot%\system32\svchost.exe -k WindowsMobile
R2 - regi (regi) → ??\C:\Windows\system32\drivers\regi.sys
R2 - rimspci () → \SystemRoot\system32\drivers\rimssne64.sys
R2 - risdsnpe () → \SystemRoot\system32\drivers\risdsne64.sys
S2 - Roxio UPnP Renderer 10 (Roxio UPnP Renderer 10) → “C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe”
S2 - Roxio Upnp Server 10 (Roxio Upnp Server 10) → “C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe”
R2 - RpcEptMapper (@%windir%\system32\RpcEpMap.dll,-1001) → %SystemRoot%\system32\svchost.exe -k RPCSS
R2 - RpcSs (@oleres.dll,-5010) → %SystemRoot%\system32\svchost.exe -k rpcss
R2 - rspndr (Link-Layer Topology Discovery Responder) → system32\DRIVERS\rspndr.sys
R2 - SampleCollector (VAIO Care Performance Service) → “C:\Program Files\Sony\VAIO Care\VCPerfService.exe” “/service” “/sstates” “/sampleinterval=5000” “/procinterval=5” “/dllinterval=120” “/counter=\Processor(_Total)% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1” “/counter=\Network Interface()\Bytes Total/sec:1" "/expandcounter=\Processor Information()\Processor Frequency:1” “/expandcounter=\Processor()% Idle Time:1" "/expandcounter=\Processor()% C1 Time:1” “/expandcounter=\Processor()% C2 Time:1" "/expandcounter=\Processor()% C3 Time:1” “/expandcounter=\Processor(*)% Processor Time:1” “/directory=C:\ProgramData\Sony Corporation\VAIO Care\inteldata”
R2 - SamSs (@%SystemRoot%\system32\samsrv.dll,-1) → %SystemRoot%\system32\lsass.exe
R2 - Schedule (@%SystemRoot%\system32\schedsvc.dll,-100) → %systemroot%\system32\svchost.exe -k netsvcs
S2 - scupdate (Scout Update Service (scupdate)) → “C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe” /svc
R2 - SENS (@%SystemRoot%\system32\Sens.dll,-200) → %SystemRoot%\system32\svchost.exe -k netsvcs
R2 - ShellHWDetection (@%SystemRoot%\System32\shsvcs.dll,-12288) → %SystemRoot%\System32\svchost.exe -k netsvcs
S2 - SkypeUpdate (Skype Updater) → “C:\Program Files (x86)\Skype\Updater\Updater.exe”
R2 - SOHCImp (VAIO Media plus Content Importer) → “C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe”
R2 - SOHDms (VAIO Media plus Digital Media Server) → “C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe”
R2 - SOHDs (VAIO Media plus Device Searcher) → “C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe”
R2 - speedfan (speedfan) → ??\C:\Windows\SysWOW64\speedfan.sys
R2 - SpfService (VAIO Entertainment Common Service) → “C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe”
R2 - Spooler (@%systemroot%\system32\spoolsv.exe,-1) → %SystemRoot%\System32\spoolsv.exe
S2 - sppsvc (Software Protection) → %SystemRoot%\system32\sppsvc.exe
R2 - stisvc (@%SystemRoot%\system32\wiaservc.dll,-9) → %SystemRoot%\system32\svchost.exe -k imgsvc
R2 - SysMain (@%SystemRoot%\system32\sysmain.dll,-1000) → %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - tcpipreg (TCP/IP Registry Compatibility) → System32\drivers\tcpipreg.sys
R2 - Themes (@%SystemRoot%\System32\themeservice.dll,-8192) → %SystemRoot%\System32\svchost.exe -k netsvcs
R2 - TrkWks (@%SystemRoot%\system32\trkwks.dll,-1) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - UNS (Intel(R) Management & Security Application User Notification Service) → “C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe”
R2 - UxSms (@%SystemRoot%\system32\dwm.exe,-2000) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R2 - VAIO Entertainment TV Device Arbitration Service (VAIO Entertainment TV Device Arbitration Service) → “C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResou rceManager\VzHardwareResourceManager.exe”
R2 - VAIO Event Service (VAIO Event Service) → “C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe”
R2 - VCFw (VAIO Content Folder Watcher) → “C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe”
R2 - VcmXmlIfHelper (VAIO Content Metadata XML Interface) → “C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe”
R2 - VCService (VCService) → “C:\Program Files\Sony\VAIO Care\VCService.exe”
R2 - VSNService (VSNService) → “C:\Program Files\Sony\VAIO Smart Network\VSNService.exe”
R2 - VUAgent (VUAgent) → “C:\Program Files\Sony\VAIO Update Common\VUAgent.exe”
R2 - WcesComm (@%windir%\WindowsMobile\wcescomm.dll,-40079) → %SystemRoot%\system32\svchost.exe -k WindowsMobile
R2 - WDDriveService (WD Drive Manager) → “C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe”
R2 - WinDefend (@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103) → %SystemRoot%\System32\svchost.exe -k secsvcs
R2 - Winmgmt (@%Systemroot%\system32\wbem\wmisvc.dll,-205) → %systemroot%\system32\svchost.exe -k netsvcs
R2 - Wlansvc (@%SystemRoot%\System32\wlansvc.dll,-257) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R2 - wlidsvc (Windows Live ID Sign-in Assistant) → “C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE”
R2 - WsAppService (Wondershare Application Framework Service) → C:\Program Files (x86)\Wondershare\WAF\2.3.0.5\WsAppService.exe
R2 - wscsvc (@%SystemRoot%\System32\wscsvc.dll,-200) → %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
R2 - WSearch (Windows Search) → %systemroot%\system32\SearchIndexer.exe /Embedding
R2 - wuauserv (Windows Update) → %systemroot%\system32\svchost.exe -k netsvcs
S3 - 1394ohci (1394 OHCI Compliant Host Controller) → \SystemRoot\system32\drivers\1394ohci.sys
S3 - AcpiPmi (ACPI Power Meter Driver) → \SystemRoot\system32\drivers\acpipmi.sys
S3 - adp94xx () → \SystemRoot\system32\drivers\adp94xx.sys
S3 - adpahci () → \SystemRoot\system32\drivers\adpahci.sys
S3 - adpu320 () → \SystemRoot\system32\drivers\adpu320.sys
R3 - AeLookupSvc (@%SystemRoot%\system32\aelupsvc.dll,-1) → %systemroot%\system32\svchost.exe -k netsvcs
S3 - agp440 (Intel AGP Bus Filter) → \SystemRoot\system32\drivers\agp440.sys
S3 - ALG (@%SystemRoot%\system32\Alg.exe,-112) → %SystemRoot%\System32\alg.exe
S3 - aliide () → \SystemRoot\system32\drivers\aliide.sys
S3 - amdide () → \SystemRoot\system32\drivers\amdide.sys
S3 - AmdK8 (AMD K8 Processor Driver) → \SystemRoot\system32\drivers\amdk8.sys
R3 - amdkmdag () → system32\DRIVERS\atikmdag.sys
R3 - amdkmdap () → system32\DRIVERS\atikmpag.sys
S3 - AmdPPM (AMD Processor Driver) → \SystemRoot\system32\drivers\amdppm.sys
S3 - amdsata () → \SystemRoot\system32\drivers\amdsata.sys
S3 - amdsbs () → \SystemRoot\system32\drivers\amdsbs.sys
R3 - ApfiltrService (Alps Pointing-device Filter Driver) → system32\DRIVERS\Apfiltr.sys
S3 - AppID (@%systemroot%\system32\appidsvc.dll,-102) → \SystemRoot\system32\drivers\appid.sys
S3 - AppIDSvc (@%systemroot%\system32\appidsvc.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
R3 - Appinfo (@%systemroot%\system32\appinfo.dll,-100) → %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - arc () → \SystemRoot\system32\drivers\arc.sys
S3 - arcsas () → \SystemRoot\system32\drivers\arcsas.sys
R3 - ArcSoftKsUFilter (ArcSoft Magic-I Visual Effect) → system32\DRIVERS\ArcSoftKsUFilter.sys
S3 - aspnet_state (ASP.NET State Service) → %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\ aspnet_state.exe
S3 - AsyncMac (@%systemroot%\system32\rascfg.dll,-32000) → system32\DRIVERS\asyncmac.sys
R3 - athr (Atheros Extensible Wireless LAN device driver) → system32\DRIVERS\athrx.sys
S3 - atikmdag () → system32\DRIVERS\atikmdag.sys
S3 - AxInstSV (@%SystemRoot%\system32\AxInstSV.dll,-103) → %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
S3 - b06bdrv (Broadcom NetXtreme II VBD) → \SystemRoot\system32\drivers\bxvbda.sys
S3 - b57nd60a (Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0) → system32\DRIVERS\b57nd60a.sys
S3 - BDESVC (@%SystemRoot%\system32\bdesvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - bowser (@%systemroot%\system32\browser.dll,-102) → system32\DRIVERS\bowser.sys
S3 - BrFiltLo (Brother USB Mass-Storage Lower Filter Driver) → \SystemRoot\system32\drivers\BrFiltLo.sys
S3 - BrFiltUp (Brother USB Mass-Storage Upper Filter Driver) → \SystemRoot\system32\drivers\BrFiltUp.sys
S3 - Browser (@%systemroot%\system32\browser.dll,-100) → %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - Brserid (Brother MFC Serial Port Interface Driver (WDM)) → \SystemRoot\System32\Drivers\Brserid.sys
S3 - BrSerWdm (Brother WDM Serial driver) → \SystemRoot\System32\Drivers\BrSerWdm.sys
S3 - BrUsbMdm (Brother MFC USB Fax Only Modem) → \SystemRoot\System32\Drivers\BrUsbMdm.sys
S3 - BrUsbSer (Brother MFC USB Serial WDM Driver) → \SystemRoot\System32\Drivers\BrUsbSer.sys
S3 - BthEnum (Bluetooth Enumerator Service) → system32\DRIVERS\BthEnum.sys
S3 - BTHMODEM (Bluetooth Serial Communications Driver) → system32\DRIVERS\bthmodem.sys
S3 - BthPan (Bluetooth Device (Personal Area Network)) → system32\DRIVERS\bthpan.sys
S3 - BTHPORT (Bluetooth Port Driver) → System32\Drivers\BTHport.sys
S3 - BTHUSB (Bluetooth Radio USB Driver) → System32\Drivers\BTHUSB.sys
S3 - btusbflt (Bluetooth USB Filter) → system32\drivers\btusbflt.sys
S3 - btwaudio (Bluetooth Audio Device Service) → system32\drivers\btwaudio.sys
S3 - btwavdt (Bluetooth AVDT) → system32\drivers\btwavdt.sys
S3 - btwl2cap (Bluetooth L2CAP Service) → system32\DRIVERS\btwl2cap.sys
S3 - btwrchid () → system32\DRIVERS\btwrchid.sys
S3 - catchme () → ??\C:\Users\CATHER~1\AppData\Local\Temp\catchme.sy s
S3 - CertPropSvc (@%SystemRoot%\System32\certprop.dll,-11) → %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - circlass (Consumer IR Devices) → \SystemRoot\system32\drivers\circlass.sys
R3 - CmBatt (Microsoft ACPI Control Method Battery Driver) → \SystemRoot\system32\drivers\CmBatt.sys
S3 - cmdide () → \SystemRoot\system32\drivers\cmdide.sys
R3 - CompositeBus (Composite Bus Enumerator Driver) → \SystemRoot\system32\drivers\CompositeBus.sys
S3 - COMSysApp (@comres.dll,-947) → %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 - defragsvc (@%SystemRoot%\system32\defragsvc.dll,-101) → %SystemRoot%\system32\svchost.exe -k defragsvc
S3 - dot3svc (@%systemroot%\system32\dot3svc.dll,-1102) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - drmkaud (Microsoft Trusted Audio Drivers) → \SystemRoot\system32\drivers\drmkaud.sys
R3 - DXGKrnl (LDDM Graphics Subsystem) → \SystemRoot\System32\drivers\dxgkrnl.sys
R3 - EapHost (@%systemroot%\system32\eapsvc.dll,-1) → %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - ebdrv (Broadcom NetXtreme II 10 GigE VBD) → \SystemRoot\system32\drivers\evbda.sys
S3 - elxstor () → \SystemRoot\system32\drivers\elxstor.sys
S3 - ErrDev (Microsoft Hardware Error Device Driver) → \SystemRoot\system32\drivers\errdev.sys
S3 - exfat (exFAT File System Driver) → (?)
S3 - fastfat (FAT12/16/32 File System Driver) → (?)
S3 - Fax (@%systemroot%\system32\fxsresm.dll,-118) → %systemroot%\system32\fxssvc.exe
S3 - fdc (Floppy Disk Controller Driver) → \SystemRoot\system32\drivers\fdc.sys
R3 - fdPHost (@%systemroot%\system32\fdPHost.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalService
R3 - FDResPub (@%systemroot%\system32\fdrespub.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - Filetrace (@%SystemRoot%\system32\drivers\filetrace.sys,-10001) → system32\drivers\filetrace.sys
S3 - flpydisk (Floppy Disk Driver) → \SystemRoot\system32\drivers\flpydisk.sys
S3 - FontCache3.0.0.0 (@%SystemRoot%\system32\PresentationHost.exe,-3309) → %systemroot%\Microsoft.Net\Framework64\v3.0\WPF\Pr esentationFontCache.exe
S3 - FsDepends (@%SystemRoot%\system32\drivers\fsdepends.sys,-10001) → System32\drivers\FsDepends.sys
S3 - gagp30kx (Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms) → \SystemRoot\system32\drivers\gagp30kx.sys
R3 - GEARAspiWDM (GEAR ASPI Filter Driver) → system32\DRIVERS\GEARAspiWDM.sys
S3 - hcw85cir (Hauppauge Consumer Infrared Receiver) → \SystemRoot\system32\drivers\hcw85cir.sys
S3 - HdAudAddService (Microsoft 1.1 UAA Function Driver for High Definition Audio Service) → \SystemRoot\system32\drivers\HdAudio.sys
R3 - HDAudBus (Microsoft UAA Bus Driver for High Definition Audio) → \SystemRoot\system32\drivers\HDAudBus.sys
R3 - HECIx64 (Intel(R) Management Engine Interface) → system32\DRIVERS\HECIx64.sys
S3 - HidBatt (HID UPS Battery Driver) → \SystemRoot\system32\drivers\HidBatt.sys
S3 - HidBth (Microsoft Bluetooth HID Miniport) → \SystemRoot\system32\drivers\hidbth.sys
S3 - HidIr (Microsoft Infrared HID Driver) → \SystemRoot\system32\drivers\hidir.sys
R3 - hidserv (@%SystemRoot%\System32\hidserv.dll,-101) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HidUsb (Microsoft HID Class Driver) → system32\DRIVERS\hidusb.sys
S3 - hkmsvc (@%SystemRoot%\system32\kmsvc.dll,-6) → %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - HomeGroupListener (@%SystemRoot%\System32\ListSvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - HomeGroupProvider (@%SystemRoot%\System32\provsvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
S3 - HpSAMD () → \SystemRoot\system32\drivers\HpSAMD.sys
R3 - HTTP (@%SystemRoot%\system32\drivers\http.sys,-1) → system32\drivers\HTTP.sys
S3 - hwdatacard (Huawei DataCard USB Modem and USB Serial) → system32\DRIVERS\ewusbmdm.sys
S3 - hwusbfake (Huawei DataCard USB Fake) → system32\DRIVERS\ewusbfake.sys
R3 - i8042prt (i8042 Keyboard and PS/2 Mouse Port Driver) → system32\DRIVERS\i8042prt.sys
S3 - iaStorV (Intel RAID Controller Windows 7) → \SystemRoot\system32\drivers\iaStorV.sys
S3 - idsvc (@%systemroot%\Microsoft.NET\Framework64\v3.0\Wind ows Communication Foundation\ServiceModelInstallRC.dll,-8193) → “%systemroot%\Microsoft.NET\Framework64\v3.0\Windo ws Communication Foundation\infocard.exe”
S3 - igfx () → system32\DRIVERS\igdkmd64.sys
S3 - iirsp () → \SystemRoot\system32\drivers\iirsp.sys
R3 - Impcd () → \SystemRoot\system32\drivers\Impcd.sys
R3 - IntcAzAudAddService (Service for Realtek HD Audio (WDM)) → system32\drivers\RTKVHD64.sys
S3 - IntcDAud (Intel(R) Display Audio) → system32\DRIVERS\IntcDAud.sys
S3 - intelide () → \SystemRoot\system32\drivers\intelide.sys
R3 - intelppm (Intel Processor Driver) → \SystemRoot\system32\drivers\intelppm.sys
S3 - IPBusEnum (@%systemroot%\system32\IPBusEnum.dll,-102) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - IpFilterDriver (@%systemroot%\system32\rascfg.dll,-32013) → system32\DRIVERS\ipfltdrv.sys
S3 - IPMIDRV () → \SystemRoot\system32\drivers\IPMIDrv.sys
S3 - IPNAT (IP Network Address Translator) → System32\drivers\ipnat.sys
S3 - IRENUM (@%SystemRoot%\system32\drivers\irenum.sys,-100) → system32\drivers\irenum.sys
S3 - isapnp () → \SystemRoot\system32\drivers\isapnp.sys
R3 - iScsiPrt (iScsiPort Driver) → system32\DRIVERS\msiscsi.sys
S3 - jrdusbser (Mobile Connector Device for Legacy Serial Communication) → system32\DRIVERS\jrdusbser.sys
R3 - kbdclass (Keyboard Class Driver) → system32\DRIVERS\kbdclass.sys
R3 - kbdhid (Keyboard HID Driver) → system32\DRIVERS\kbdhid.sys
R3 - KeyIso (@keyiso.dll,-100) → %SystemRoot%\system32\lsass.exe
R3 - ksthunk (Kernel Streaming Thunks) → \SystemRoot\system32\drivers\ksthunk.sys
S3 - KtmRm (@comres.dll,-2946) → %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
S3 - lltdsvc (@%SystemRoot%\system32\lltdres.dll,-1) → %SystemRoot%\System32\svchost.exe -k LocalService
S3 - LSI_FC () → \SystemRoot\system32\drivers\lsi_fc.sys
S3 - LSI_SAS () → \SystemRoot\system32\drivers\lsi_sas.sys
S3 - LSI_SAS2 () → \SystemRoot\system32\drivers\lsi_sas2.sys
S3 - LSI_SCSI () → \SystemRoot\system32\drivers\lsi_scsi.sys
S3 - MBAMFarflt () → ??\C:\Windows\system32\drivers\farflt.sys
S3 - MBAMProtection () → ??\C:\Windows\system32\drivers\mbam.sys
S3 - MBAMService (Malwarebytes Service) → “C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe”
S3 - MBAMSwissArmy (MBAMSwissArmy) → ??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
S3 - megasas () → \SystemRoot\system32\drivers\megasas.sys
S3 - MegaSR () → \SystemRoot\system32\drivers\MegaSR.sys
S3 - Modem () → system32\drivers\modem.sys
R3 - monitor (Microsoft Monitor Class Function Driver Service) → system32\DRIVERS\monitor.sys
R3 - mouclass (Mouse Class Driver) → system32\DRIVERS\mouclass.sys
R3 - mouhid (Mouse HID Driver) → system32\DRIVERS\mouhid.sys
S3 - mpio (Microsoft Multi-Path Bus Driver) → \SystemRoot\system32\drivers\mpio.sys
R3 - mpsdrv (@%SystemRoot%\system32\FirewallAPI.dll,-23092) → System32\drivers\mpsdrv.sys
S3 - MRxDAV (@%systemroot%\system32\webclnt.dll,-104) → \SystemRoot\system32\drivers\mrxdav.sys
R3 - mrxsmb (@%systemroot%\system32\wkssvc.dll,-1002) → system32\DRIVERS\mrxsmb.sys
R3 - mrxsmb10 (@%systemroot%\system32\wkssvc.dll,-1004) → system32\DRIVERS\mrxsmb10.sys
R3 - mrxsmb20 (@%systemroot%\system32\wkssvc.dll,-1006) → system32\DRIVERS\mrxsmb20.sys
S3 - msahci () → \SystemRoot\system32\drivers\msahci.sys
S3 - msdsm (Microsoft Multi-Path Device Specific Module) → \SystemRoot\system32\drivers\msdsm.sys
S3 - MSDTC (@comres.dll,-2797) → %SystemRoot%\System32\msdtc.exe
S3 - mshidkmdf (@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100) → \SystemRoot\System32\drivers\mshidkmdf.sys
R3 - msiserver (@%SystemRoot%\system32\msimsg.dll,-27) → %systemroot%\system32\msiexec.exe /V
S3 - MSKSSRV (Microsoft Streaming Service Proxy) → system32\drivers\MSKSSRV.sys
S3 - MSPCLOCK (Microsoft Streaming Clock Proxy) → system32\drivers\MSPCLOCK.sys
S3 - MSPQM (Microsoft Streaming Quality Manager Proxy) → system32\drivers\MSPQM.sys
S3 - MsRPC () → (?)
S3 - MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) → system32\drivers\MSTEE.sys
S3 - MTConfig (Microsoft Input Configuration Driver) → \SystemRoot\system32\drivers\MTConfig.sys
S3 - napagent (@%SystemRoot%\system32\qagentrt.dll,-6) → %SystemRoot%\System32\svchost.exe -k NetworkService
R3 - NativeWifiP (NativeWiFi Filter) → system32\DRIVERS\nwifi.sys
S3 - NdisCap (NDIS Capture LightWeight Filter) → system32\DRIVERS\ndiscap.sys
R3 - NdisTapi (@%systemroot%\system32\rascfg.dll,-32001) → system32\DRIVERS\ndistapi.sys
R3 - Ndisuio (NDIS Usermode I/O Protocol) → system32\DRIVERS\ndisuio.sys
R3 - NdisWan (@%systemroot%\system32\rascfg.dll,-32002) → system32\DRIVERS\ndiswan.sys
R3 - NDProxy (NDIS Proxy) → (?)
S3 - Netaapl (Apple Mobile Device Ethernet Service) → system32\DRIVERS\netaapl64.sys
S3 - Netlogon (@%SystemRoot%\System32\netlogon.dll,-102) → %systemroot%\system32\lsass.exe
R3 - Netman (@%SystemRoot%\system32\netman.dll,-109) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
R3 - netprofm (@%SystemRoot%\system32\netprofm.dll,-202) → %SystemRoot%\System32\svchost.exe -k LocalService
S3 - nfrd960 () → \SystemRoot\system32\drivers\nfrd960.sys
R3 - Ntfs () → (?)
S3 - nvraid () → \SystemRoot\system32\drivers\nvraid.sys
S3 - nvstor () → \SystemRoot\system32\drivers\nvstor.sys
S3 - nv_agp (NVIDIA nForce AGP Bus Filter) → \SystemRoot\system32\drivers\nv_agp.sys
S3 - ohci1394 (1394 OHCI Compliant Host Controller (Legacy)) → \SystemRoot\system32\drivers\ohci1394.sys
S3 - ose (Office Source Engine) → “C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE”
S3 - osppsvc (Office Software Protection Platform) → “C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EX E”
R3 - p2pimsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8004) → %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - p2psvc (@%SystemRoot%\system32\p2psvc.dll,-8006) → %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - Parport (Parallel port driver) → \SystemRoot\system32\drivers\parport.sys
S3 - pciide () → \SystemRoot\system32\drivers\pciide.sys
S3 - pcmcia () → \SystemRoot\system32\drivers\pcmcia.sys
S3 - pla (@%systemroot%\system32\pla.dll,-500) → %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
S3 - PNRPAutoReg (@%SystemRoot%\system32\pnrpauto.dll,-8002) → %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
R3 - PNRPsvc (@%SystemRoot%\system32\pnrpsvc.dll,-8000) → %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
S3 - PolicyAgent (@%SystemRoot%\System32\polstore.dll,-5010) → %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
R3 - PptpMiniport (@%systemroot%\system32\rascfg.dll,-32006) → system32\DRIVERS\raspptp.sys
S3 - Processor (Processor Driver) → \SystemRoot\system32\drivers\processr.sys
S3 - ProtectedStorage (@%systemroot%\system32\psbase.dll,-300) → %SystemRoot%\system32\lsass.exe
S3 - ql2300 () → \SystemRoot\system32\drivers\ql2300.sys
S3 - ql40xx () → \SystemRoot\system32\drivers\ql40xx.sys
S3 - QWAVE (@%SystemRoot%\system32\qwave.dll,-1) → %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - QWAVEdrv (@%SystemRoot%\system32\drivers\qwavedrv.sys,-1) → \SystemRoot\system32\drivers\qwavedrv.sys
S3 - RasAcd (Remote Access Auto Connection Driver) → System32\DRIVERS\rasacd.sys
R3 - RasAgileVpn (WAN Miniport (IKEv2)) → system32\DRIVERS\AgileVpn.sys
S3 - RasAuto (@%Systemroot%\system32\rasauto.dll,-200) → %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - Rasl2tp (@%systemroot%\system32\rascfg.dll,-32005) → system32\DRIVERS\rasl2tp.sys
S3 - RasMan (@%Systemroot%\system32\rasmans.dll,-200) → %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - RasPppoe (@%systemroot%\system32\rascfg.dll,-32007) → system32\DRIVERS\raspppoe.sys
R3 - RasSstp (@%systemroot%\system32\sstpsvc.dll,-202) → system32\DRIVERS\rassstp.sys
S3 - rdpbus (Remote Desktop Device Redirector Bus Driver) → \SystemRoot\system32\drivers\rdpbus.sys
S3 - RdpVideoMiniport (Remote Desktop Video Miniport Driver) → System32\drivers\rdpvideominiport.sys
S3 - RDPWD (RDP Winstation Driver) → (?)
S3 - RemoteRegistry (@regsvc.dll,-1) → %SystemRoot%\system32\svchost.exe -k regsvc
S3 - RFCOMM (Bluetooth Device (RFCOMM Protocol TDI)) → system32\DRIVERS\rfcomm.sys
S3 - RpcLocator (@%systemroot%\system32\Locator.exe,-2) → %SystemRoot%\system32\locator.exe
R3 - RTHDMIAzAudService (Service for HDMI) → system32\drivers\RtHDMIVX.sys
S3 - sbp2port (SBP-2 Transport/Protocol Bus Driver) → \SystemRoot\system32\drivers\sbp2port.sys
S3 - SCardSvr (@%SystemRoot%\System32\SCardSvr.dll,-1) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - scfilter (@%SystemRoot%\System32\drivers\scfilter.sys,-11) → System32\DRIVERS\scfilter.sys
S3 - SCPolicySvc (@%SystemRoot%\System32\certprop.dll,-13) → %SystemRoot%\system32\svchost.exe -k netsvcs
S3 - scupdatem (Scout Update Service (scupdatem)) → “C:\Program Files (x86)\Avira\Scout Update\ScoutUpdate.exe” /medsvc
R3 - sdbus () → \SystemRoot\system32\drivers\sdbus.sys
S3 - SDRSVC (@%SystemRoot%\system32\sdrsvc.dll,-107) → %SystemRoot%\system32\svchost.exe -k SDRSVC
S3 - seclogon (@%SystemRoot%\system32\seclogon.dll,-7001) → %windir%\system32\svchost.exe -k netsvcs
S3 - SensrSvc (@%SystemRoot%\System32\sensrsvc.dll,-1000) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - Serenum (Serenum Filter Driver) → \SystemRoot\system32\drivers\serenum.sys
S3 - Serial () → \SystemRoot\system32\drivers\serial.sys
S3 - sermouse (Serial Mouse Driver) → \SystemRoot\system32\drivers\sermouse.sys
S3 - SessionEnv (@%SystemRoot%\System32\SessEnv.dll,-1026) → %SystemRoot%\System32\svchost.exe -k netsvcs
R3 - SFEP (Sony Firmware Extension Parser) → \SystemRoot\system32\drivers\SFEP.sys
S3 - sffdisk (SFF Storage Class Driver) → \SystemRoot\system32\drivers\sffdisk.sys
S3 - sffp_mmc (SFF Storage Protocol Driver for MMC) → \SystemRoot\system32\drivers\sffp_mmc.sys
S3 - sffp_sd (SFF Storage Protocol Driver for SDBus) → \SystemRoot\system32\drivers\sffp_sd.sys
S3 - sfloppy (High-Capacity Floppy Disk Drive) → \SystemRoot\system32\drivers\sfloppy.sys
S3 - SharedAccess (@%SystemRoot%\system32\ipnathlp.dll,-106) → %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - SiSRaid2 () → \SystemRoot\system32\drivers\SiSRaid2.sys
S3 - SiSRaid4 () → \SystemRoot\system32\drivers\sisraid4.sys
S3 - Smb (@%SystemRoot%\system32\tcpipcfg.dll,-50005) → system32\DRIVERS\smb.sys
S3 - SNMPTRAP (@%SystemRoot%\system32\snmptrap.exe,-3) → %SystemRoot%\System32\snmptrap.exe
S3 - sppuinotify (@%SystemRoot%\system32\sppuinotify.dll,-103) → %SystemRoot%\system32\svchost.exe -k LocalService
R3 - srv (@%systemroot%\system32\srvsvc.dll,-102) → System32\DRIVERS\srv.sys
R3 - srv2 (@%systemroot%\system32\srvsvc.dll,-104) → System32\DRIVERS\srv2.sys
R3 - srvnet () → System32\DRIVERS\srvnet.sys
R3 - SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - SstpSvc (@%SystemRoot%\system32\sstpsvc.dll,-200) → %SystemRoot%\system32\svchost.exe -k LocalService
S3 - stexstor () → \SystemRoot\system32\drivers\stexstor.sys
R3 - swenum (Software Bus Driver) → \SystemRoot\system32\drivers\swenum.sys
R3 - swprv (@%SystemRoot%\System32\swprv.dll,-103) → %SystemRoot%\System32\svchost.exe -k swprv
R3 - TabletInputService (@%SystemRoot%\system32\TabSvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - tap0901 (TAP-Windows Adapter V9) → system32\DRIVERS\tap0901.sys
S3 - TapiSrv (@%SystemRoot%\system32\tapisrv.dll,-10100) → %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - TCPIP6 (Microsoft IPv6 Protocol Driver) → system32\DRIVERS\tcpip.sys
S3 - TDPIPE (TDPIPE) → system32\drivers\tdpipe.sys
S3 - TDTCP (TDTCP) → system32\drivers\tdtcp.sys
R3 - TermService (@%SystemRoot%\System32\termsrv.dll,-268) → %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - THREADORDER (@%systemroot%\system32\mmcss.dll,-102) → %SystemRoot%\system32\svchost.exe -k LocalService
S3 - TrueSight () → ??\C:\Windows\System32\drivers\TrueSight.sys
S3 - TrustedInstaller (@%SystemRoot%\servicing\TrustedInstaller.exe,-100) → %SystemRoot%\servicing\TrustedInstaller.exe
S3 - tssecsrv (@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101) → System32\DRIVERS\tssecsrv.sys
S3 - TsUsbFlt () → system32\drivers\tsusbflt.sys
R3 - tunnel (Microsoft Tunnel Miniport Adapter Driver) → system32\DRIVERS\tunnel.sys
S3 - uagp35 (Microsoft AGPv3.5 Filter) → \SystemRoot\system32\drivers\uagp35.sys
S3 - UI0Detect (@%SystemRoot%\system32\ui0detect.exe,-101) → %SystemRoot%\system32\UI0Detect.exe
S3 - uliagpkx (Uli AGP Bus Filter) → \SystemRoot\system32\drivers\uliagpkx.sys
R3 - umbus (UMBus Enumerator Driver) → system32\DRIVERS\umbus.sys
S3 - UmPass (Microsoft UMPass Driver) → \SystemRoot\system32\drivers\umpass.sys
S3 - upnphost (@%systemroot%\system32\upnphost.dll,-213) → %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - USBAAPL64 (Apple Mobile USB Driver) → System32\Drivers\usbaapl64.sys
S3 - usbaudio (USB Audio Driver (WDM)) → system32\drivers\usbaudio.sys
R3 - usbccgp (Microsoft USB Generic Parent Driver) → system32\DRIVERS\usbccgp.sys
S3 - usbcir (eHome Infrared Receiver (USBCIR)) → \SystemRoot\system32\drivers\usbcir.sys
R3 - usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) → \SystemRoot\system32\drivers\usbehci.sys
R3 - usbhub (Microsoft USB Standard Hub Driver) → \SystemRoot\system32\drivers\usbhub.sys
S3 - usbohci (Microsoft USB Open Host Controller Miniport Driver) → \SystemRoot\system32\drivers\usbohci.sys
S3 - usbprint (Microsoft USB PRINTER Class) → system32\DRIVERS\usbprint.sys
S3 - usbser (USB Modem Driver) → system32\drivers\usbser.sys
S3 - USBSTOR (USB Mass Storage Driver) → system32\DRIVERS\USBSTOR.SYS
S3 - usbuhci (Microsoft USB Universal Host Controller Miniport Driver) → \SystemRoot\system32\drivers\usbuhci.sys
R3 - usbvideo (USB Video Device (WDM)) → \SystemRoot\System32\Drivers\usbvideo.sys
S3 - VAIO Power Management (VAIO Power Management) → “C:\Program Files\Sony\VAIO Power Management\SPMService.exe”
S3 - VaultSvc (@%SystemRoot%\system32\vaultsvc.dll,-1003) → %SystemRoot%\system32\lsass.exe
R3 - VcmIAlzMgr (VAIO Content Metadata Intelligent Analyzing Manager) → “C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe”
S3 - VcmINSMgr (VAIO Content Metadata Intelligent Network Service Manager) → “C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe”
S3 - vds (@%SystemRoot%\system32\vds.exe,-100) → %SystemRoot%\System32\vds.exe
S3 - vga () → system32\DRIVERS\vgapnp.sys
S3 - vhdmp () → \SystemRoot\system32\drivers\vhdmp.sys
S3 - viaide () → \SystemRoot\system32\drivers\viaide.sys
S3 - vsmraid () → \SystemRoot\system32\drivers\vsmraid.sys
R3 - VSS (@%systemroot%\system32\vssvc.exe,-102) → %systemroot%\system32\vssvc.exe
R3 - vwifibus (Virtual WiFi Bus Driver) → system32\DRIVERS\vwifibus.sys
R3 - vwifimp (Microsoft Virtual WiFi Miniport Service) → system32\DRIVERS\vwifimp.sys
S3 - W32Time (@%SystemRoot%\system32\w32time.dll,-200) → %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WacomPen (Wacom Serial Pen HID Driver) → \SystemRoot\system32\drivers\wacompen.sys
S3 - WANARP (@%systemroot%\system32\rascfg.dll,-32011) → system32\DRIVERS\wanarp.sys
S3 - WatAdminSvc (@%SystemRoot%\system32\Wat\WatUX.exe,-601) → %SystemRoot%\system32\Wat\WatAdminSvc.exe
S3 - wbengine (@%systemroot%\system32\wbengine.exe,-104) → “%systemroot%\system32\wbengine.exe”
S3 - WbioSrvc (@%systemroot%\system32\wbiosrvc.dll,-100) → %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
S3 - wcncsvc (@%SystemRoot%\system32\wcncsvc.dll,-3) → %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
S3 - WcsPlugInService (@%SystemRoot%\system32\WcsPlugInService.dll,-200) → %SystemRoot%\system32\svchost.exe -k wcssvc
S3 - Wd () → \SystemRoot\system32\drivers\wd.sys
S3 - WD Backup Drive Helper (WD Backup Drive Helper) → C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 - WD Backup Snapshot (WD Backup Snapshot) → C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S3 - WDC_SAM (WD SCSI Pass Thru driver) → system32\DRIVERS\wdcsam64_prewin8.sys
R3 - WdiServiceHost (@%systemroot%\system32\wdi.dll,-502) → %SystemRoot%\System32\svchost.exe -k LocalService
R3 - WdiSystemHost (@%systemroot%\system32\wdi.dll,-500) → %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WebClient (@%systemroot%\system32\webclnt.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalService
S3 - Wecsvc (@%SystemRoot%\system32\wecsvc.dll,-200) → %SystemRoot%\system32\svchost.exe -k NetworkService
S3 - wercplsupport (@%SystemRoot%\System32\wercplsupport.dll,-101) → %SystemRoot%\System32\svchost.exe -k netsvcs
S3 - WerSvc (@%SystemRoot%\System32\wersvc.dll,-100) → %SystemRoot%\System32\svchost.exe -k WerSvcGroup
S3 - WIMMount (WIMMount) → system32\drivers\wimmount.sys
R3 - WinHttpAutoProxySvc (@%SystemRoot%\system32\winhttp.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalService
S3 - WinRM (@%Systemroot%\system32\wsmsvc.dll,-101) → %SystemRoot%\System32\svchost.exe -k NetworkService
S3 - Winsock () → (?)
S3 - WinUsb (WinUsb Driver) → system32\DRIVERS\WinUsb.sys
S3 - WmiAcpi (Microsoft Windows Management Interface for ACPI) → \SystemRoot\system32\drivers\wmiacpi.sys
S3 - wmiApSrv (@%Systemroot%\system32\wbem\wmiapsrv.exe,-110) → %systemroot%\system32\wbem\WmiApSrv.exe
S3 - WPCSvc (@%SystemRoot%\system32\wpcsvc.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
R3 - WPDBusEnum (@%SystemRoot%\system32\wpdbusenum.dll,-100) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
R3 - WudfPf (@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000) → system32\drivers\WudfPf.sys
R3 - WUDFRd () → system32\DRIVERS\WUDFRd.sys
R3 - wudfsvc (@%SystemRoot%\system32\wudfsvc.dll,-1000) → %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
S3 - WwanSvc (@%SystemRoot%\System32\wwansvc.dll,-257) → %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
R3 - yukonw7 (NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller) → system32\DRIVERS\yk62x64.sys
S4 - cdfs (CD/DVD File System Reader) → system32\DRIVERS\cdfs.sys
S4 - clr_optimization_v2.0.50727_32 (Microsoft .NET Framework NGEN v2.0.50727_X86) → %systemroot%\Microsoft.NET\Framework\v2.0.50727\ms corsvw.exe
S4 - clr_optimization_v2.0.50727_64 (Microsoft .NET Framework NGEN v2.0.50727_X64) → %systemroot%\Microsoft.NET\Framework64\v2.0.50727\ mscorsvw.exe
S4 - crcdisk (Crcdisk Filter Driver) → \SystemRoot\system32\drivers\crcdisk.sys
S4 - RemoteAccess (@%Systemroot%\system32\mprdim.dll,-200) → %SystemRoot%\System32\svchost.exe -k netsvcs
S4 - secdrv (Security Driver) → (?)
S4 - udfs (udfs) → system32\DRIVERS\udfs.sys
S4 - ws2ifsl (Windows Socket 2.0 Non-IFS Service Provider Support Environment) → \SystemRoot\system32\drivers\ws2ifsl.sysComment
-
(Also, I’ll be away for a day or so, but will follow any upcoming instructions as soon as I’m back.)Comment
-
Search the Chinese character again, and then edit select all – then right click selected items delete them.Originally posted by Goldfish
As far as the BSOD — IMAGE_NAME: rimssne64.sys Do you use it?
If not then search rimssne64.sys with everything search engine and rename it to rimssne64.bak
At least long enough to run RK .
Search for and delete the items below with everything search engine.
[ICODE]speedfan.sys DiagTrack GWX catchme.sys[/ICODE]
Run Check Disk
Run chkdsk /f /r from elevated command prompt.
[MEDIA=youtube]4feZG3LebOg[/MEDIA]
After the checkdisk…
https://sites.google.com/site/canned...kdskResult.png Scan with ListChkDskResult
Please download ListChkDskResult by SleepyDude and save it to your desktop.
[ul]
[li]Right-click on https://sites.google.com/site/canned...kdskResult.png icon and select https://sites.google.com/site/canned...RunAsAdmin.jpg Run as Administrator to start the tool.[/li][li]A message about checking Windows Event Log will pop-up. Click OK.[/li][li]Wait patiently until a notepad window will open. This won’t take long.[/li][li]The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.[/li][/ul]
Please include the content of this file in your next reply.
After the checkdisk we will look at installing some fresh drivers for your machine, here is your support site.
Thanks for letting me know.Originally posted by Goldfish
Comment
-
Okay I had some time tonight after all for the first few scans:- Chinese characters: deleted the folder
- rimssne64.sys: I have two memory sticks that I sometimes use, not sure which one this relates to. There were 3 files found. I’ve renamed two of them, but the last one gives an error - see below. I tried renaming it in Windows Explorer but that still didn’t work. I was able to run RK anyway, see below.
- speedfan.sys: deleted
- DiagTrack: lots of matches (see further below) - which ones do I delete? (Or was this deleted as part of the cleanup we’ve done already?)
- GWX: it’s a folder - just checking that’s correct before I delete it?
- catchme.sys: not found (maybe deleted as part of the cleanup we’ve done already?)
RogueKiller:- It worked! so clearly it was one of the two files I renamed (not the one I couldn’t rename) that was causing the issue. It found one threat. The report is below.
[ATTACH]1781[/ATTACH]
[ATTACH]1782[/ATTACH]
[ATTACH]1783[/ATTACH]
[HEADING=1][ATTACH]1784[/ATTACH][/HEADING]
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionRogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : http://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com
Started in : Normal mode
User : goldfish [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete – Date : 03/06/2017 22:00:56 (Duration : 01:09:25)
¤¤¤ Processes : 0 ¤¤¤
¤¤¤ Registry : 0 ¤¤¤
¤¤¤ Tasks : 0 ¤¤¤
¤¤¤ Files : 0 ¤¤¤
¤¤¤ WMI : 0 ¤¤¤
¤¤¤ Hosts File : 0 ¤¤¤
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [https://login.yahoo.com/?.src=ym&.in....facebook.com/] → Deleted
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
— User —
[MBR] 8c79ebb857ed6d866c134c6224d99d0d
[BSP] cb581fdaad25f96eadca901c7ef4b8fb : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 11942 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 24459264 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 24664064 | Size: 464896 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 … OK
User = LL2 … OK
+++++ PhysicalDrive1: Ricoh SD/MMC Disk Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! ([32] The request is not supported. )
Error reading LL2 MBR! ([32] The request is not supported. )Comment
-
If you go to use them and they do not function then rename the file .sys again.Originally posted by Goldfish
All of them edit select all then hold shift and click deleteOriginally posted by Goldfish
If something will not go then grab Unlocker to delete them, just be weary of the extra crap that comes with it.
Once installed do the same with everything search engine.
Search Diag track then edit select all right click selected items then choose Unlocker in the right click menu.
[MEDIA=imgur]W0TQwL9[/MEDIA]
Yes, it is the Get windows 10 crap that windows tries to force on people. We will move further when the check disk log is posted.Originally posted by Goldfish
Security Check Scan.
[ul]
[li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]Comment
-
Here are chkdsk and SecurityScan.
I deleted DiagTrack and GWX.
I tried to delete DiagTrack using Unlocker, except for diagtrack.dll in this folder which will delete during resstart:
C:\Windows\winsxs\amd64_microsoft-windows-u..ed-telemetry-client_31bf3856ad364e35_6.1.7601.23548_none_fe85f3 f036beb743
================================================== ==================================
ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013
Checking file system on C:------< Log generate on 07/03/2017 08:17:01 >------
Category: 0
Computer Name: goldfish-VAIO
Event Code: 1001
Record Number: 300904
Source Name: Microsoft-Windows-Wininit
Time Written: 03-07-2017 @ 03:16:53
Event Type: Information
User:
Message:
The type of the file system is NTFS.
A disk check has been scheduled.
Windows will now check the disk.
CHKDSK is verifying files (stage 1 of 5)…
Cleaning up instance tags for file 0x1a548.
447232 file records processed. File verification completed.
3144 large file records processed. 0 bad file records processed.
543854 index entries processed. Index verification completed.Code:0 EA records processed. 61 reparse records processed. CHKDSK is verifying indexes (stage 2 of 5)...
0 unindexed files scanned. 0 unindexed files recovered.
447232 file SDs/SIDs processed. Cleaning up 2653 unused index entries from indexCode:CHKDSK is verifying security descriptors (stage 3 of 5)...
$SII of file 0x9.
Cleaning up 2653 unused index entries from index $SDH of file 0x9.
Cleaning up 2653 unused security descriptors.
CHKDSK is compacting the security descriptor stream
48312 data files processed. CHKDSK is verifying Usn Journal…
36234936 USN bytes processed. Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)…
447216 files processed. File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)…
45760340 free clusters processed. Free space verification is complete.
Correcting errors in the Volume Bitmap.
Windows has made corrections to the file system.
476053527 KB total disk space.
292228528 KB in 336003 files.
217276 KB in 48315 indexes.
0 KB in bad sectors.
566359 KB in use by the system.
65536 KB occupied by the log file.
183041364 KB available on disk.
119013381 total allocation units on disk.Code:4096 bytes in each allocation unit.
45760341 allocation units available on disk.
Internal Info:
00 d3 06 00 46 dd 05 00 6c 5b 0a 00 00 00 00 00 …F…l[…
bf bc 00 00 3d 00 00 00 00 00 00 00 00 00 00 00 …=…
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 …
Windows has finished checking your disk.
Please wait while your computer restarts.
================================================== =======================
SecurityCheck by glax24 & Severnyj v.1.4.0.46 [22.09.16][/quote]
WebSite: www.safezone.cc
DateLog: 07.03.2017 08:33:49
Path starting: C:\Users\goldfish\AppData\Local\Temp\SecurityCheck \SecurityCheck.exe
Log directory: C:\SecurityCheck
IsAdmin: True
User: goldfish
VersionXML: 3.98is-04.03.2017
Windows 7(6.1.7601) Service Pack 1 (x64) HomePremium Lang: English(0409)
Installation date OS: 23.09.2010 18:29:15
LicenseStatus: Windows(R) 7, HomePremium edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
SystemDrive: C: FS: [NTFS] Capacity: [454 Gb] Used: [280.4 Gb] Free: [173.6 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.18537
User Account Control enabled
Notify before download
Date install updates: 2017-03-05 10:13:18
Windows Update (wuauserv) - The service is running
Security Center (wscsvc) - The service is running
Remote Registry (RemoteRegistry) - The service has stopped
SSDP Discovery (SSDPSRV) - The service is running
Remote Desktop Services (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
------------------------------ [ MS Office ] ------------------------------
Microsoft Office 2010 x86 v.14.0.7015.1000
---------------------------- [ Antivirus_WMI ] ----------------------------
Avira Antivirus (enabled and up to date)
Malwarebytes (disabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Windows Firewall (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Avira Antivirus (enabled and up to date)
Malwarebytes (disabled and up to date)
Windows Defender (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
Avira Antivirus v.15.0.25.154
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes version 3.0.6.1469 v.3.0.6.1469
SUPERAntiSpyware v.6.0.1236
--------------------------- [ OtherUtilities ] ----------------------------
Microsoft Silverlight v.5.1.50901.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.32 v.7.32.104 Warning! Download Update
^Optional update.[1]
--------------------------- [ AppleProduction ] ---------------------------
Bonjour v.3.1.0.1
iTunes v.12.5.5.5
Free iTunes Backup Extractor version 5.4.0.2 v.5.4.0.2 Warning!
Download Update
^Please use Apple Software Update tool.[2]
QuickTime 7 v.7.79.80.95 Warning! This software is no longer supported. Please
uninstall it and use another software.
Bonjour Service (Bonjour Service) - The service is running
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 24 ActiveX v.24.0.0.221
Adobe Flash Player 24 NPAPI v.24.0.0.221
Adobe Acrobat Reader DC v.15.023.20070
------------------------------- [ Browser ] -------------------------------
Avira Scout v.17.1.2924.2344
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe v.56.0.2924.87
------------------ [ AntivirusFirewallProcessServices ] -------------------
Avira Scheduler (AntiVirSchedulerService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\sched.exe v.15.0.25.151
Avira Real-Time Protection (AntiVirService) - The service is running
C:\Program Files (x86)\Avira\Antivirus\avguard.exe v.15.0.25.151
Avira Mail Protection (AntiVirMailService) - The service has stopped
Avira Web Protection (AntiVirWebService) - The service has stopped
Avira Service Host (Avira.ServiceHost) - The service is running
C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe v.1.2.77.41287
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe v.1.2.77.41287
C:\Program Files (x86)\Avira\Antivirus\avshadow.exe v.15.0.25.154
C:\Program Files (x86)\Avira\Antivirus\avgnt.exe v.15.0.25.151
Malwarebytes Service (MBAMService) - The service has stopped
Windows Defender (WinDefend) - The service is running
---------------------------- [ UnwantedApps ] -----------------------------
Skype Click to Call v.6.9.12585 Warning! Browser’s toolbar. It can slow down the working of your browser and have
violation privacy problems.
----------------------------- [ End of Log ] ------------------------------
Comment
-
[ul]
[li]I’d uninstall SuperAntiSpyware, it is useless.[/li][li]Make sure and update the tools mentioned in the security check log…[/li][li]Now, onto your keyboard issue.[/li][/ul]- Press the Windows + R key at the same time, a Run Window will appear (if you have a touch screen device, then use the search feature to type devmgmt.msc)
- Now enter or copy and paste devmgmt.msc in the Run Window and click on OK
- Right click and uninstall your Keyboard driver then reboot your machine.
- Make a note if there are any errors in the device manager.
- Tell me if this takes care of the issue.
[ATTACH]1789[/ATTACH]
Comment
-
SuperAntiSpyware - uninstalled
From the security log:
QuickTime - uninstalled using geek
Skpe Click to Call - uninstalled it using geek, did not even realise I had it
Skype - updated - I received a message from Windows Firewall about letting it through - I assume it is fine to allow it?
iTunes backup extractor - tried to uninstall it but says it has already been uninstalled
I’ve downloaded quite a lot of tools as part of our fixes. Should I un-install them too?
Regarding the keyboard, I followed the instructions and it removed then re-installed without issue. But the same keys are still not working. The issue exists in safe mode too. However, when I plug in an external keyboard, it works just fine.Comment
-
Originally posted by Goldfish
Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:
Remove disinfection tools
Create registry backup
Purge System Restore
Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt
There is one way to tell for certain if the issue is hardware related.Originally posted by Goldfish
Create and boot windows from a repair disk. If the issue still exist then your keyboard is just messed up. If not then we will look further into the issue.Comment
-
Okay thanks. I ran DelFix. CCleaner, Malwarebytes, Adwcleaner, and 9Lab Removal tool are still installed. Should I remove them? I might keep them in case I need them again. I also really like the new tools I’ve found - geek and Everything - I’ll definitely keep those!
I booted from a repair disk (just went for the command prompt while still in repair mode) and the keyboard still has an issue. So I guess it is a hardware issue with my keyboard - like my laptop is just really old and is failing bit-by-bit
Is that right?
Comment
Comment