Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

"Microsoft Alert!" audio message from self-starting Firefox shortly after login.

This is a discussion on "Microsoft Alert!" audio message from self-starting Firefox shortly after login. within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Thanks in advance! The following happened to my mother on her laptop. Mom is not a techie, and apparently everything


Closed Thread
 
Thread Tools Search this Thread
Old 09-04-2017, 01:42 AM   #1
Registered Member
 
Join Date: Feb 2006
Location: South Florida, US and A.
Posts: 85
OS: Ubuntu Linux 10.04 x64; Windows 7 SP1



Thanks in advance!

The following happened to my mother on her laptop. Mom is not a techie, and apparently everything happened as soon as she started up her laptop and opened Skype. According to her, she was using it for maybe 20 seconds before everything happened.

What I personally did witness was that my mother's Win10 laptop had a repeating audio message, “Microsoft alert,” separated by beeps. Firefox was open, but two tabs were minimized. Both were sex sites. She didn't start Firefox, and was surprised when I showed her that the audio was coming from one of the two minimized FF tabs. I closed one via the task bar, and since the other had an "unresponsive script" popup, I closed it via the task manager.

I disabled wifi on the laptop and restarted Firefox. It went back to one of the sex sites, despite the Fact that the Firefox homepage was the default. Thought that was strange.

I deleted all cookies, the cache, active logins, basically everything except the history and bookmarks. Closed FF.

Ran the following antimalware (all came up clean):

Panda (full scan, and was running resident at time of incident)
HitmanPro (default and Early Warning Scan)
Microsoft Malicious Software Removal Tool
MBAM (full scan)
McAfee Stinger (default scan?)

Checked her FF history. Mom was browsing some legitimate health sites, and then these are the following URLs in order as per Firefox:

hxxp://longdistancemovingfinder.club/pop/?a=784545&s1=363574

hxxp://www.camgirlsowned.com/en/chat/KendraSing/?utm_source=popcashusgen&utm_term=363574

hxxp://sexylittlegirls.press/?a=784545&s1=363574

hxxp://www.camgirlsowned.com/en/chat-html5/KendraSing

hxxp://sexylittlegirls.press/under/sort/ff/?n=KDg2NikgNDAwLTA2NDY=&a=784545&s1=363574

hxxp://sexylittlegirls.press/under/sort/ff/0

hxxp://sexylittlegirls.press/under/sort/ff/01
hxxp://sexylittlegirls.press/under/sort/ff/012
hxxp://sexylittlegirls.press/under/sort/ff/0123
hxxp://sexylittlegirls.press/under/sort/ff/01234
hxxp://sexylittlegirls.press/under/sort/ff/012345
...

[There were HUNDREDS of entries at the above domain, I'm guessing many browser redirects. The final one is below.]

hxxp://sexylittlegirls.press/under/sort/ff/0123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688


I do not currently have access to a Windows install disc or a boot CD.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.15063.0
Run by Zofia at 3:51:18 on 2017-09-04
Microsoft Windows 10 Home 10.0.15063.0.1252.1.1033.18.8095.4745 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes *Disabled/Updated* {23007AD3-69FE-687C-2629-D584AFFAF72B}
AV: Panda Protection *Enabled/Updated* {46AEFD02-ACA3-E038-1FA5-4A15EFD361E0}
SP: Malwarebytes *Disabled/Updated* {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Panda Protection *Enabled/Updated* {FDCF1CE6-8A99-EFB6-2515-716794542B5D}
FW: Panda Firewall *Disabled* {7E957C27-E6CC-E160-34FA-E3201100269B}
.
============== Running Processes ===============
.
c:\windows\system32\svchost.exe -k dcomlaunch -s PlugPlay
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\fontdrvhost.exe
c:\windows\system32\svchost.exe -k rpcss
c:\windows\system32\svchost.exe -k dcomlaunch -s LSM
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s NcbService
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s TimeBrokerSvc
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s EventLog
c:\windows\system32\svchost.exe -k netsvcs -s ProfSvc
c:\windows\system32\svchost.exe -k netsvcs -s Themes
c:\windows\system32\svchost.exe -k localservice -s EventSystem
c:\windows\system32\svchost.exe -k appmodel -s StateRepository
c:\windows\system32\svchost.exe -k netsvcs -s SENS
C:\WINDOWS\system32\igfxCUIService.exe
c:\windows\system32\svchost.exe -k netsvcs -s Schedule
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s AudioEndpointBuilder
c:\windows\system32\svchost.exe -k localservice -s FontCache
c:\windows\system32\svchost.exe -k netsvcs -s Winmgmt
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k netsvcs -s UserManager
c:\windows\system32\svchost.exe -k localservice -s nsi
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k networkservice -s Dnscache
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s Dhcp
C:\Windows\System32\WUDFHost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SensorService
c:\windows\system32\svchost.exe -k networkservice -s NlaSvc
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\system32\svchost.exe -k netsvcs -s ShellHWDetection
c:\windows\system32\svchost.exe -k localservice -s netprofm
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\WLANExt.exe
c:\windows\system32\svchost.exe -k localservicenonetwork
c:\windows\system32\svchost.exe -k networkservice -s LanmanWorkstation
c:\windows\system32\svchost.exe -k networkservice -s CryptSvc
c:\windows\system32\svchost.exe -k netsvcs -s CertPropSvc
C:\WINDOWS\System32\svchost.exe -k utcsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
c:\windows\system32\svchost.exe -k netsvcs -s IKEEXT
c:\windows\system32\svchost.exe -k localservice -s WinHttpAutoProxySvc
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\SysWOW64\esif_uf.exe
C:\Windows\system32\CxAudMsg64.exe
C:\WINDOWS\system32\ibtsiva.exe
c:\windows\system32\svchost.exe -k localservicenonetwork -s DPS
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
c:\windows\system32\svchost.exe -k netsvcs -s LanmanServer
C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s PcaSvc
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\WINDOWS\SysWOW64\SAsrv.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s SysMain
c:\windows\system32\svchost.exe -k appmodel -s tiledatamodelsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s TrkWks
c:\windows\system32\svchost.exe -k netsvcs -s WpnService
C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
c:\windows\system32\svchost.exe -k localservice -s WdiServiceHost
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\WINDOWS\system32\dashost.exe
c:\windows\system32\svchost.exe -k netsvcs -s iphlpsvc
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s wscsvc
c:\windows\system32\svchost.exe -k networkservicenetworkrestricted -s PolicyAgent
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\windows\system32\svchost.exe -k netsvcs -s TokenBroker
c:\windows\system32\svchost.exe -k netsvcs -s Appinfo
c:\windows\system32\svchost.exe -k localservice -s CDPSvc
c:\windows\system32\svchost.exe -k localservice -s LicenseManager
c:\windows\system32\svchost.exe -k netsvcs
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s SSDPSRV
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s StorSvc
c:\windows\system32\svchost.exe -k netsvcs -s lfsvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DsSvc
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s hidserv
C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe
c:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs -s NetSetupSvc
c:\windows\system32\svchost.exe -k localservice -s SstpSvc
c:\windows\system32\svchost.exe -k netsvcs -s RasMan
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\System32\dwm.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\WINDOWS\TEMP\DPTF\esif_assist_64.exe
c:\windows\system32\sihost.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup -s CDPUserSvc
c:\windows\system32\svchost.exe -k unistacksvcgroup -s WpnUserService
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
c:\windows\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.19.856.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Users\Zofia\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\Conexant\SAII\SmartAudio.exe
c:\windows\system32\svchost.exe -k unistacksvcgroup
c:\windows\system32\svchost.exe -k netsvcs -s BITS
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35071.13510.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
C:\Program Files (x86)\Microsoft Office\Office15\FirstRun.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs -s wlidsvc
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted -s lmhosts
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted -s WdiSystemHost
C:\Windows\System32\smartscreen.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Panda Safe Web: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
TB: Panda Safe Web: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll
uRun: [OneDrive] "C:\Users\Zofia\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: MaxGPOScriptWait = dword:600
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{6d194bdc-7062-450c-bb32-ca539b8d4183} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Panda Safe Web: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
x64-TB: Panda Safe Web: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll
x64-Run: [SecurityHealth] C:\Program Files (x86)\Windows Defender\MSASCuiL.exe
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SACpl.exe /c /delay:30
x64-RunOnce: [RealProtect] "C:\Program Files\McAfee\Real Protect\RealProtect.exe" --run
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: MaxGPOScriptWait = dword:600
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\60.0.3112.113\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zofia\AppData\Roaming\Mozilla\Firefox\Profiles\qpfff3pq.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2015-9-14 1455552]
R0 IntelHSWPcc;IntelHSWPcc;C:\WINDOWS\System32\drivers\IntelPcc.sys [2015-9-14 88256]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2017-3-18 74840]
R0 iorate;Disk I/O Rate Filter Driver;C:\WINDOWS\System32\drivers\iorate.sys [2017-3-18 49568]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2017-3-18 16288]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2017-3-18 70232]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2017-3-18 18520]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2017-3-18 208288]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2017-3-18 239616]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2013-7-2 19768]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2017-3-18 54272]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2017-3-18 8192]
R1 NNSALPC;NNSALPC;C:\WINDOWS\System32\drivers\nnsalpc.sys [2015-12-10 107488]
R1 NNSHTTP;NNSHTTP;C:\WINDOWS\System32\drivers\nnshttp.sys [2015-12-10 211376]
R1 NNSHTTPS;NNSHTTPS;C:\WINDOWS\System32\drivers\nnshttps.sys [2017-2-8 121312]
R1 NNSIDS;NNSIDS;C:\WINDOWS\System32\drivers\nnsids.sys [2015-12-10 125872]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\WINDOWS\System32\drivers\NNSNAHSL.sys [2016-7-6 80152]
R1 NNSPICC;NNSPICC;C:\WINDOWS\System32\drivers\nnspicc.sys [2015-12-10 116656]
R1 NNSPIHSW;NNSPIHSW;C:\WINDOWS\System32\drivers\nnspihsw.sys [2015-12-10 91104]
R1 NNSPOP3;NNSPOP3;C:\WINDOWS\System32\drivers\nnspop3.sys [2016-7-5 135088]
R1 NNSPROT;NNSPROT;C:\WINDOWS\System32\drivers\nnsprot.sys [2015-12-10 335792]
R1 NNSPRV;NNSPRV;C:\WINDOWS\System32\drivers\nnsprv.sys [2015-12-10 197600]
R1 NNSSMTP;NNSSMTP;C:\WINDOWS\System32\drivers\nnssmtp.sys [2016-7-5 123312]
R1 NNSSTRM;NNSSTRM;C:\WINDOWS\System32\drivers\nnsstrm.sys [2015-12-10 278960]
R1 NNSTLSC;NNSTLSC;C:\WINDOWS\System32\drivers\nnstlsc.sys [2015-12-10 125360]
R1 PSINKNC;PSINKNC;C:\WINDOWS\System32\drivers\PSINKNC.sys [2016-1-29 205584]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R2 CDPUserSvc_8b69a57;Connected Devices Platform User Service_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 chromoting;Chrome Remote Desktop Service;C:\Program Files (x86)\Google\Chrome Remote Desktop\61.0.3163.20\remoting_host.exe [2017-7-31 71512]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2017-3-18 14336]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2017-3-18 47664]
R2 CxAudMsg;Conexant Audio Message Service;C:\WINDOWS\System32\CxAudMsg64.exe [2015-10-29 207576]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2017-3-18 47664]
R2 DusmSvc;Data Usage;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R2 esifsvc;ESIF Upper Framework Service;C:\Windows\SysWOW64\esif_uf.exe [2015-10-29 1385640]
R2 ibtsiva;Intel Bluetooth Service;C:\WINDOWS\System32\ibtsiva --> C:\WINDOWS\System32\ibtsiva [?]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-11-30 373728]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2015-6-24 223008]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2017-2-14 110384]
R2 OneSyncSvc_8b69a57;Sync Host_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 panda_url_filtering;panda_url_filtering Service;C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- --> C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe -- [?]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2016-7-19 86104]
R2 PSINAflt;PSINAflt;C:\WINDOWS\System32\drivers\PSINAflt.sys [2017-6-16 177424]
R2 PSINFile;PSINFile;C:\WINDOWS\System32\drivers\PSINFile.sys [2017-6-16 129296]
R2 PSINProc;PSINProc;C:\WINDOWS\System32\drivers\PSINProc.sys [2017-6-16 131344]
R2 PSINProt;PSINProt;C:\WINDOWS\System32\drivers\PSINProt.sys [2017-6-16 144656]
R2 PSINReg;PSINReg;C:\WINDOWS\System32\drivers\PSINReg.sys [2017-6-16 114960]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2017-4-25 47096]
R2 SAService;Conexant SmartAudio service;C:\WINDOWS\System32\SAsrv.exe --> C:\WINDOWS\System32\SAsrv.exe [?]
R2 SecurityHealthService;Windows Defender Security Center Service;C:\WINDOWS\System32\SecurityHealthService.exe [2017-7-11 336320]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2017-3-18 79872]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2017-7-11 142752]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R2 WpnUserService_8b69a57;Windows Push Notifications User Service_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R2 ZeroConfigService;Intel(R) PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2016-11-29 3732896]
R3 acpials;ALS Sensor Filter;C:\WINDOWS\System32\drivers\acpials.sys [2017-3-18 12288]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\drivers\AiCharger.sys [2015-5-25 21816]
R3 AsusTP;ASUS Input Touchpad Device;C:\WINDOWS\System32\drivers\AsusTP.sys [2017-3-9 128024]
R3 CAD;Charge Arbitration Driver;C:\WINDOWS\System32\drivers\CAD.sys [2017-3-18 53664]
R3 dptf_cpu;dptf_cpu;C:\WINDOWS\System32\drivers\dptf_cpu.sys [2015-10-29 43000]
R3 dptf_pch;dptf_pch;C:\WINDOWS\System32\drivers\dptf_pch.sys [2015-10-29 41976]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 esif_lf;esif_lf;C:\WINDOWS\System32\drivers\esif_lf.sys [2015-10-29 251384]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-5-13 19976]
R3 ibtusb;Intel(R) Wireless Bluetooth(R);C:\WINDOWS\System32\drivers\ibtusb.sys [2016-10-15 250624]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2017-3-18 20992]
R3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 Netwtw04;Intel(R) Wireless Adapter Driver for Windows 10 - 64 Bit;C:\WINDOWS\System32\drivers\Netwtw04.sys [2016-12-19 7918840]
R3 panda_url_filteringd;panda_url_filteringd driver;C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringd.sys [2014-3-19 51288]
R3 PimIndexMaintenanceSvc_8b69a57;Contact Data_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 SensorsAlsDriver;UMDF Reflector service for SensorsAlsDriver;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
R3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
R3 TokenBroker;TokenBroker;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
R3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2017-3-18 29600]
R3 UnistoreSvc_8b69a57;User Data Storage_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 UserDataSvc_8b69a57;User Data Access_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2017-7-11 757248]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2017-3-18 220672]
S2 CldFlt;Windows Cloud Files Filter Driver;C:\WINDOWS\System32\drivers\cldflt.sys [2017-3-18 12288]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2017-3-18 47664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2017-6-1 317400]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2017-3-18 20480]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2017-3-18 1135512]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2017-3-18 17920]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2017-3-18 47664]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2017-3-18 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2017-3-18 47664]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2017-3-18 39424]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2017-3-18 122880]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2017-3-18 347032]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2017-3-18 2104224]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2017-3-18 47664]
S3 DevicesFlowUserSvc_8b69a57;DevicesFlow_8b69a57;C:\WINDOWS\System32\svchost.exe -k DevicesFlow [2017-3-18 47664]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2017-5-18 131984]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2017-3-18 86528]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2017-3-18 47664]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2017-3-18 21504]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2017-3-18 51104]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2017-3-18 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2017-3-18 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2017-3-18 70656]
S3 iaLPSS2i_GPIO2_BXT_P;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2_BXT_P.sys [2017-3-18 85504]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2017-3-18 165376]
S3 iaLPSS2i_I2C_BXT_P;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C_BXT_P.sys [2017-3-18 168448]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2017-3-18 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2017-3-18 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2017-3-18 673184]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2017-3-18 526240]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2017-3-18 36864]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-5-12 481768]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2015-5-22 881152]
S3 IpxlatCfgSvc;IP Translation Configuration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2017-3-18 123808]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2017-3-18 103328]
S3 mausbhost;MA-USB Host Controller Driver;C:\WINDOWS\System32\drivers\mausbhost.sys [2017-3-18 405408]
S3 mausbip;MA-USB IP Filter Driver;C:\WINDOWS\System32\drivers\mausbip.sys [2017-3-18 51104]
S3 MBAMService;Malwarebytes Service;C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [2017-9-3 6058960]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2017-3-18 64416]
S3 MessagingService_8b69a57;MessagingService_8b69a57;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2017-3-18 47664]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2017-3-18 842656]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2016-11-29 268704]
S3 NaturalAuthentication;Natural Authentication;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2017-3-18 108960]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2017-3-18 122368]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2017-7-11 118784]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 nvdimmn;Microsoft NVDIMM-N device driver;C:\WINDOWS\System32\drivers\nvdimmn.sys [2017-3-18 80896]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2017-3-18 58784]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2017-3-18 61848]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 ReFS;ReFS;C:\WINDOWS\System32\drivers\refs.sys [2017-3-18 1735584]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2017-3-18 936864]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k rdxgroup [2017-3-18 47664]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2017-3-18 91040]
S3 SDFRd;SDF Reflector;C:\WINDOWS\System32\drivers\SDFRd.sys [2017-3-18 31128]
S3 SEMgrSvc;Payments and NFC/SE Manager;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2017-3-18 1284608]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2017-3-18 154016]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2017-3-18 47664]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 SpatialGraphFilter;Holographic Spatial Graph Filter;C:\WINDOWS\System32\drivers\SpatialGraphFilter.sys [2017-3-18 40352]
S3 spectrum;Windows Perception Service;C:\WINDOWS\System32\Spectrum.exe [2017-3-18 891904]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2017-3-18 95648]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2017-3-18 36760]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2017-3-18 302592]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2017-3-18 104448]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2017-3-18 179200]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2017-8-9 51712]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2017-3-18 45568]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2017-3-18 263584]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2017-3-18 98712]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2017-3-18 138656]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2017-3-18 29600]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2017-3-18 59288]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2017-3-18 28064]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2017-3-18 35328]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2017-3-18 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2017-3-18 47664]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2017-3-18 47664]
S3 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2017-3-18 72192]
S3 WdNisDrv;Windows Defender Antivirus Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2017-3-18 121248]
S3 WdNisSvc;Windows Defender Antivirus Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2017-3-18 342264]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2017-3-18 47664]
S3 WFDSConMgrSvc;Wi-Fi Direct Services Connection Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2017-3-18 47664]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2017-3-18 32160]
S3 WinNat;Windows NAT Driver;C:\WINDOWS\System32\drivers\winnat.sys [2017-3-18 217088]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2017-3-18 64920]
S3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 wlpasvc;LPA Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
S3 xbgm;Xbox Game Monitoring;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2017-7-11 277504]
S3 XboxGipSvc;Xbox Accessory Management Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2017-3-18 46592]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2017-3-18 47664]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2017-3-18 47664]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2017-09-03 21:41:38 -------- d-----w- C:\Program Files\McAfee
2017-09-03 21:41:31 -------- d-----w- C:\Program Files\stinger
2017-09-03 21:31:53 94144 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2017-09-03 21:31:53 192960 ----a-w- C:\WINDOWS\System32\drivers\MBAMChameleon.sys
2017-09-03 21:31:48 45472 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2017-09-03 21:31:45 253888 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2017-09-03 21:31:42 77440 ----a-w- C:\WINDOWS\System32\drivers\mbae64.sys
2017-09-03 21:31:33 -------- d-----w- C:\ProgramData\Malwarebytes
2017-09-03 21:31:33 -------- d-----w- C:\Program Files\Malwarebytes
2017-09-03 21:31:14 -------- d-----w- C:\Users\Zofia\AppData\Local\Programs
2017-08-26 16:17:55 323528 ----a-w- C:\Program Files (x86)\Mozilla Firefox\tobedeleted\mozD6F4.tmp
2017-08-26 16:17:55 112592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\AccessibleHandler.dll
2017-08-09 23:25:59 7931392 ----a-w- C:\WINDOWS\System32\twinui.dll
2017-08-08 00:56:04 -------- d-----w- C:\ProgramData\ASUS Smart Gesture
.
==================== Find3M ====================
.
2017-09-04 06:51:04 165 ----a-w- C:\Users\Zofia\AppData\Roaming\sp_data.sys
2017-08-30 23:29:08 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-08-01 02:39:54 8319392 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2017-08-01 02:38:47 406544 ----a-w- C:\WINDOWS\SysWow64\policymanager.dll
2017-08-01 02:38:08 382368 ----a-w- C:\WINDOWS\System32\drivers\clfs.sys
2017-08-01 02:36:56 119712 ----a-w- C:\WINDOWS\System32\drivers\tdx.sys
2017-08-01 02:36:49 323488 ----a-w- C:\WINDOWS\apppatch\AcRes.dll
2017-08-01 02:36:29 750496 ----a-w- C:\WINDOWS\SysWow64\WWAHost.exe
2017-08-01 02:35:13 280472 ----a-w- C:\WINDOWS\SysWow64\WerFault.exe
2017-08-01 02:35:09 133904 ----a-w- C:\WINDOWS\SysWow64\WerFaultSecure.exe
2017-08-01 02:34:39 610584 ----a-w- C:\WINDOWS\SysWow64\wer.dll
2017-08-01 02:34:36 359552 ----a-w- C:\WINDOWS\SysWow64\Faultrep.dll
2017-08-01 02:34:32 349600 ----a-w- C:\WINDOWS\SysWow64\msv1_0.dll
2017-08-01 02:34:32 168864 ----a-w- C:\WINDOWS\SysWow64\wermgr.exe
2017-08-01 02:33:57 473240 ----a-w- C:\WINDOWS\System32\policymanager.dll
2017-08-01 02:32:37 2444704 ----a-w- C:\WINDOWS\System32\drivers\dxgkrnl.sys
2017-08-01 02:32:23 712600 ----a-w- C:\WINDOWS\System32\drivers\dxgmms2.sys
2017-08-01 02:32:04 820128 ----a-w- C:\WINDOWS\System32\WWAHost.exe
2017-08-01 02:31:56 5477088 ----a-w- C:\WINDOWS\System32\OneCoreUAPCommonProxyStub.dll
2017-08-01 02:31:49 212384 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2017-08-01 02:31:01 176024 ----a-w- C:\WINDOWS\SysWow64\basecsp.dll
2017-08-01 02:30:52 315288 ----a-w- C:\WINDOWS\System32\WerFault.exe
2017-08-01 02:30:50 143736 ----a-w- C:\WINDOWS\System32\WerFaultSecure.exe
2017-08-01 02:30:25 723680 ----a-w- C:\WINDOWS\System32\wer.dll
2017-08-01 02:30:21 82336 ----a-w- C:\WINDOWS\System32\drivers\vmbkmcl.sys
2017-08-01 02:30:18 410160 ----a-w- C:\WINDOWS\System32\Faultrep.dll
2017-08-01 02:30:16 182688 ----a-w- C:\WINDOWS\System32\wermgr.exe
2017-08-01 02:30:09 411040 ----a-w- C:\WINDOWS\System32\msv1_0.dll
2017-08-01 02:26:58 204192 ----a-w- C:\WINDOWS\System32\basecsp.dll
2017-08-01 02:20:54 404480 ----a-w- C:\WINDOWS\SysWow64\werui.dll
2017-08-01 02:20:40 154624 ----a-w- C:\WINDOWS\SysWow64\DWWIN.EXE
2017-08-01 02:20:33 2956288 ----a-w- C:\WINDOWS\SysWow64\win32kfull.sys
2017-08-01 02:18:16 13841408 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2017-08-01 02:18:13 2199552 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.Resources.dll
2017-08-01 02:17:02 34816 ----a-w- C:\WINDOWS\SysWow64\tokenbinding.dll
2017-08-01 02:16:16 80896 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2017-08-01 02:14:09 35840 ----a-w- C:\WINDOWS\SysWow64\sscore.dll
2017-08-01 02:13:31 127488 ----a-w- C:\WINDOWS\SysWow64\fdeploy.dll
2017-08-01 02:13:30 20504064 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2017-08-01 02:13:12 364032 ----a-w- C:\WINDOWS\SysWow64\msIso.dll
2017-08-01 02:12:28 229888 ----a-w- C:\WINDOWS\SysWow64\scksp.dll
2017-08-01 02:10:19 358400 ----a-w- C:\WINDOWS\SysWow64\ieproxy.dll
2017-08-01 02:09:58 394240 ----a-w- C:\WINDOWS\SysWow64\Windows.Internal.Management.dll
2017-08-01 02:08:54 267264 ----a-w- C:\WINDOWS\SysWow64\ncryptprov.dll
2017-08-01 02:07:57 2671616 ----a-w- C:\WINDOWS\SysWow64\tquery.dll
2017-08-01 02:07:54 5961728 ----a-w- C:\WINDOWS\SysWow64\Windows.Data.Pdf.dll
2017-08-01 0246 798208 ----a-w- C:\WINDOWS\SysWow64\TokenBroker.dll
2017-08-01 02:04:40 6269440 ----a-w- C:\WINDOWS\SysWow64\Chakra.dll
2017-08-01 02:04:32 3656192 ----a-w- C:\WINDOWS\SysWow64\jscript9.dll
2017-08-01 01:57:22 23677952 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2017-08-01 01:45:44 3670016 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2017-08-01 01:45:28 462848 ----a-w- C:\WINDOWS\System32\werui.dll
2017-08-01 01:45:03 92672 ----a-w- C:\WINDOWS\System32\wercplsupport.dll
2017-08-01 01:45:02 1275392 ----a-w- C:\WINDOWS\System32\werconcpl.dll
2017-08-01 01:44:53 184320 ----a-w- C:\WINDOWS\System32\DWWIN.EXE
2017-08-01 01:44:49 77824 ----a-w- C:\WINDOWS\System32\wsqmcons.exe
2017-08-01 01:44:32 83968 ----a-w- C:\WINDOWS\System32\drivers\vmbkmclr.sys
2017-08-01 01:42:55 2199552 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.Resources.dll
2017-08-01 01:41:48 42496 ----a-w- C:\WINDOWS\System32\tokenbinding.dll
2017-08-01 01:41:47 130560 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2017-08-01 01:41:04 110592 ----a-w- C:\WINDOWS\System32\Chakradiag.dll
2017-08-01 01:40:59 17366528 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2017-08-01 01:40:35 290816 ----a-w- C:\WINDOWS\System32\dmenterprisediagnostics.dll
2017-08-01 01:39:04 46592 ----a-w- C:\WINDOWS\System32\sscore.dll
2017-08-01 01:38:49 143872 ----a-w- C:\WINDOWS\System32\profsvcext.dll
2017-08-01 01:38:21 153088 ----a-w- C:\WINDOWS\System32\fdeploy.dll
2017-08-01 01:37:53 433664 ----a-w- C:\WINDOWS\System32\msIso.dll
2017-08-01 01:37:29 582656 ----a-w- C:\WINDOWS\System32\SmsRouterSvc.dll
2017-08-01 01:37:09 255488 ----a-w- C:\WINDOWS\System32\scksp.dll
2017-08-01 01:35:14 692736 ----a-w- C:\WINDOWS\System32\jscript9diag.dll
2017-08-01 01:34:37 805888 ----a-w- C:\WINDOWS\System32\ieproxy.dll
2017-08-01 01:33:49 1269760 ----a-w- C:\WINDOWS\System32\enterprisecsps.dll
2017-08-01 01:33:28 315904 ----a-w- C:\WINDOWS\System32\ncryptprov.dll
2017-08-01 01:32:47 7336960 ----a-w- C:\WINDOWS\System32\Windows.Data.Pdf.dll
2017-08-01 01:32:37 176640 ----a-w- C:\WINDOWS\System32\wersvc.dll
2017-08-01 01:31:25 4445696 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
2017-08-01 01:31:03 1396736 ----a-w- C:\WINDOWS\System32\wwansvc.dll
2017-08-01 01:30:43 8209920 ----a-w- C:\WINDOWS\System32\Chakra.dll
2017-08-01 01:30:42 303104 ----a-w- C:\WINDOWS\System32\srvsvc.dll
2017-08-01 01:30:27 1052160 ----a-w- C:\WINDOWS\System32\TokenBroker.dll
2017-08-01 01:30:18 2055168 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2017-08-01 01:30:09 3377664 ----a-w- C:\WINDOWS\System32\tquery.dll
2017-08-01 01:28:51 2516480 ----a-w- C:\WINDOWS\System32\diagtrack.dll
2017-08-01 01:28:43 4730368 ----a-w- C:\WINDOWS\System32\jscript9.dll
2017-08-01 01:27:25 574464 ----a-w- C:\WINDOWS\System32\configmanager2.dll
2017-08-01 01:27:05 482816 ----a-w- C:\WINDOWS\System32\dmenrollengine.dll
2017-08-01 01:26:03 323584 ----a-w- C:\WINDOWS\System32\DeviceEnroller.exe
2017-08-01 01:25:46 249344 ----a-w- C:\WINDOWS\System32\coredpus.dll
2017-08-01 01:25:41 194048 ----a-w- C:\WINDOWS\System32\mdmregistration.dll
2017-08-01 01:25:41 140800 ----a-w- C:\WINDOWS\System32\dmcsps.dll
2017-07-31 15:15:09 835576 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2017-07-31 15:15:09 177648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2017-07-30 01:42:08 200 ----a-w- C:\WINDOWS\System32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2017-07-30 01:42:08 0 ----a-w- C:\WINDOWS\System32\GfxValDisplayLog.bin
2017-07-28 05:30:35 1068720 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2017-07-28 05:25:32 2399728 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2017-07-28 05:24:52 119904 ----a-w- C:\WINDOWS\System32\dmcmnutils.dll
2017-07-28 05:24:42 116280 ----a-w- C:\WINDOWS\System32\bcd.dll
2017-07-28 05:24:38 2327456 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2017-07-28 05:23:51 723360 ----a-w- C:\WINDOWS\System32\drivers\acpi.sys
.
============= FINISH: 3:51:29.35 ===============
dds.txt
Displaying dds.txt.
Attached Files
File Type: txt attach.txt (1.9 KB, 15 views)
martini1179 is offline  
Sponsored Links
Advertisement
 
Old 09-07-2017, 02:57 AM   #2
Registered Member
 
Join Date: Feb 2006
Location: South Florida, US and A.
Posts: 85
OS: Ubuntu Linux 10.04 x64; Windows 7 SP1



BUMP, please
martini1179 is offline  
Old 09-16-2017, 01:39 AM   #3
Registered Member
 
Join Date: Feb 2006
Location: South Florida, US and A.
Posts: 85
OS: Ubuntu Linux 10.04 x64; Windows 7 SP1



It's been 12 days since I've posted my OP. I've bumped the thread after 72 hours as per the rules. Now I've endured/ran from a hurricane and returned home in the time I've waited for help. My mother is requesting her laptop back and I don't know what to tell her.
martini1179 is offline  
Sponsored Links
Advertisement
 
Old 09-16-2017, 01:57 AM   #4
Registered Member
 
Join Date: Feb 2006
Location: South Florida, US and A.
Posts: 85
OS: Ubuntu Linux 10.04 x64; Windows 7 SP1



Please not that I'm not trying to be rude in my previous reply, just stating the facts.
martini1179 is offline  
Old 09-24-2017, 06:14 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



If you still need help, please run dds again and post/attach fresh logs. Thanks.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Proxy Server Problem
Many times when a program checks for updates, I will get the message "Unable to connect to Proxy Server. Very annoying to say the least. Can someone give me a clue as to how to fix this problem?
maynuh65 Windows 8, 8.1 Support 24 01-14-2015 11:13 AM
[SOLVED] Audio in videos going out of synch, Vista service pack 2
Hi everyone! This is my first post here so i do apologise if this is in the wrong place. I have a problem that's been driving me crazy for nearly 12 months now, the audio in any video i watch on any website or player in Firefox will begin to lag and go out of synch, this can be corrected by...
TheElfishGene Windows 7 , Windows Vista Support 20 02-13-2012 09:21 AM
blue screen, laptop shuts down in safe mode help
Hello, For the last few days my computer shuts down in safe mode every time i wanna do a scan, i disabled reboot and blue screen appeared with message STOP-0x0000008E(0XC0000005,0X8054B0BA,0XEDF2B754,0X00000000) first time then second time this message pxtdrpow.sys , ...
armoni75 Virus/Trojan/Spyware Help 1 01-27-2012 10:44 AM
Slow/Not responsive
My pc has lately as expected gone very slow and not as responsive. At the start-up especially. I have to wait a good 2mins before touching anything or things start to 'Not respond' and such. I was wondering if you guys could recommend me ANYTHING that I could do to speed up my pc significantly....
bhstr99 Windows 7 , Windows Vista Support 18 03-26-2011 03:38 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 12:35 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts