Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google keeps redirecting - cannot use cleaning tools


  • This topic is locked This topic is locked
36 replies to this topic

#1 totallylostami

totallylostami

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 19 August 2011 - 10:40 PM

As per the last tech's request here is a link to my previous post where this all started;

http://www.bleepingcomputer.com/forums/topic415116.html/page__gopid__2378819#entry2378819


I was able to run defogger but it did not prompt me to restart so I restarted after clicking finish.

I then tried to run dds but the laptop bluescreened the results of which are as follows;

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6002.2.2.0.256.1
Locale ID: 4105

Additional information about the problem:
BCCode: 100000b8
BCP1: 82749640
BCP2: 8770D8B8
BCP3: 8274300
BCP4: 00000000
OS Version: 6_0_6002
Service Pack: 2_0
Product: 256_1


After the computer restarted automatically I was able to run dds, here are the two logs it produced;

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista Black Edition™ 2009
Boot Device: \Device\HarddiskVolume2
Install Date: 07/06/2009 4:14:22 PM
System Uptime: 19/08/2011 8:58:33 PM (1 hours ago)
.
Motherboard: ATI Corp. | | Ant3
Processor: AMD Athlon™ X2 Dual-Core QL-60 | Socket M2/S1G1 | 1900/1800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 148 GiB total, 85.637 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.42
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Atheros Driver Installation Program
AVG 9.0
BufferChm
Cards_Calendar_OrderGift_DoMorePlugout
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Copy
CustomerResearchQFolder
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
eSupportQFolder
GPBaseService
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 11.0
HP Deskjet F4200 All-In-One Driver Software 11.0 Rel .3
HP Imaging Device Functions 11.0
HP Photosmart Essential 2.5
HP Photosmart Essential 3.0
HP Smart Web Printing
HP Solution Center 11.0
HP Update
HPProductAssistant
HPSSupply
Java Auto Updater
Java™ 6 Update 22
Logitech Desktop Messenger
Logitech SetPoint
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.3
Microsoft IntelliType Pro 6.3
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 5.0.1 (x86 en-GB)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MUSICMATCH Jukebox
PSSWCORE
RealArcade
Realtek 8169 8168 8101E 8102E Ethernet Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Spybot - Search & Destroy
Status
SUPERAntiSpyware
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
VideoToolkit01
VLC media player 1.0.2
WebReg
.
==== Event Viewer Messages From Past Week ========
.
19/08/2011 9:00:54 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
19/08/2011 8:59:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SAS Core Service service to connect.
19/08/2011 8:59:30 PM, Error: Service Control Manager [7001] - The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error: AVG E-mail Scanner is not a valid Win32 application.
19/08/2011 8:59:30 PM, Error: Service Control Manager [7000] - The SAS Core Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
19/08/2011 8:59:30 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: AVG WatchDog is not a valid Win32 application.
18/08/2011 9:20:38 PM, Error: EventLog [6008] - The previous system shutdown at 9:12:35 PM on 18/08/2011 was unexpected.
18/08/2011 8:16:45 PM, Error: EventLog [6008] - The previous system shutdown at 8:06:45 PM on 18/08/2011 was unexpected.
18/08/2011 6:57:53 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.65 for the Network Card with network address 0021631775B9 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/08/2011 6:37:07 PM, Error: Service Control Manager [7001] - The AVG E-mail Scanner service depends on the AVG WatchDog service which failed to start because of the following error: Access is denied.
18/08/2011 6:37:07 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: Access is denied.
18/08/2011 6:35:47 PM, Error: EventLog [6008] - The previous system shutdown at 4:07:31 PM on 18/08/2011 was unexpected.
18/08/2011 2:03:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070026: Security Update for Windows Vista (KB2491683).
18/08/2011 10:32:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AvgLdx86 AvgMfx86 SASDIFSV SASKUTIL spldr Wanarpv6
18/08/2011 10:32:22 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
18/08/2011 10:31:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
18/08/2011 10:31:45 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
18/08/2011 10:31:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
18/08/2011 10:31:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
18/08/2011 10:31:32 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
18/08/2011 10:31:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-9_neutral_PACKAGE from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-8_neutral_GDR from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-3_neutral_PACKAGE from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-2_neutral_GDR from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-18_neutral_PACKAGE from package KB2491683(Security Update) into Absent(Absent) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-17_neutral_PACKAGE from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-15_neutral_PACKAGE from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4385] - Windows Servicing failed to complete the process of changing update 2491683-13_neutral_PACKAGE from package KB2491683(Security Update) into Staged(Staged) state
18/08/2011 1:41:52 PM, Error: Microsoft-Windows-Servicing [4375] - Windows Servicing failed to complete the process of setting package KB2491683 (Security Update) into Install Requested(Install Requested) state
18/08/2011 1:34:58 PM, Error: EventLog [6008] - The previous system shutdown at 1:32:53 PM on 18/08/2011 was unexpected.
18/08/2011 1:14:26 AM, Error: Service Control Manager [7034] - The AVG E-mail Scanner service terminated unexpectedly. It has done this 1 time(s).
17/08/2011 5:18:50 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
15/08/2011 6:27:30 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
14/08/2011 4:56:23 PM, Error: EventLog [6008] - The previous system shutdown at 10:29:30 AM on 13/08/2011 was unexpected.
13/08/2011 1:24:20 AM, Error: EventLog [6008] - The previous system shutdown at 12:27:26 AM on 13/08/2011 was unexpected.
.
==== End Of File ===========================



DDS.txt

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
Run by Owner at 21:03:10 on 2011-08-19
Microsoft® Windows Vista Black Edition™ 2009 6.0.6002.2.1252.2.1033.18.1789.1064 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\1650063998:2164631197.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WerFault.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = http=127.0.0.1:61798
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uWindows: Load=c:\users\owner\appdata\local\temp\csrss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ahinozeyesogufut] rundll32.exe "c:\users\owner\appdata\local\alukofeginu.dll",Startup
dRun: [lpc] rundll32.exe "c:\users\owner\appdata\roaming\remote\ew.dll",RegisterDll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B} : DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{6135697F-D337-44E6-B1FD-9AD8EC0364C8} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gto40cxw.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c2548b4&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-15 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-15 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-17 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-18 1153368]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-26 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-26 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
.
=============== Created Last 30 ================
.
2011-08-19 07:07:05 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-08-19 07:07:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 07:06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-19 07:06:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 07:06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 04:03:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-19 04:03:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-19 04:03:28 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-08-19 04:03:28 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-08-19 04:03:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-19 04:03:28 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-08-19 04:03:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-08-19 04:03:27 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-08-19 03:12:37 43408 --sha-w- c:\windows\system32\c_73823.nl_
2011-08-19 01:37:02 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2011-08-19 01:36:21 -------- d-----w- c:\programdata\MFAData
2011-08-19 01:35:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-19 01:35:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-19 01:35:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-19 01:35:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-19 00:58:03 -------- d-----w- c:\program files\Cisco Systems
2011-08-19 00:57:36 -------- d-----w- c:\programdata\Cisco Systems
2011-08-18 21:44:18 -------- d-----w- c:\users\owner\appdata\roaming\Remote
2011-08-18 19:36:03 0 ----a-w- c:\users\owner\appdata\local\Wjugamavesazuyuf.bin
2011-08-18 07:27:18 -------- d-----w- c:\users\owner\appdata\local\{F04890C6-F0B6-4771-A445-76424C430002}
2011-08-11 01:53:43 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:09:04 -------- d-----w- C:\f1a9fa7bdb143a91d361
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:04:48.98 ===============



I tried running gmer but it briefly popped up the options screen then stopped - I tried running it again but the icon changes and adds two little figure icons and blocks permissions for me to try running it again or replacing it on the desktop as I no longer have permissions to copy and replace. I tried running it from the flash drive but the same thing happens, it opens briefly then shuts itself down - same thing happens when I try running it from a folder on the desktop.

So I cannot produce a gmer log.

Any help would be appreciated.

Thank you.

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 22 August 2011 - 03:48 PM

Hi totallylostami,

I will be assisting you with this nasty infection. It is known to us but it evolves very fast.

  • Please update me on the current condition of your computer.
  • Tell me if you have at least one of these:

    Windows installation DVD.

    Or

    Tap F8 at startup to get to Advanced Boot Options Menu. Tell me if you have "Repair my compputer" option there.
  • Please download MiniRegTool.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services
      HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services
    • Check the Query Keys radio button.
    • Press Go button and attach the result.
  • Also run DDS and post only DDS.txt, no need for Attach.txt

Edited by farbar, 22 August 2011 - 05:26 PM.


#3 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 22 August 2011 - 10:52 PM

1. The laptop has not been in use since I asked for help(appreciated a lot BTW). It is still doing the redirects and still has permissions locked out. I am using my LT to transfer the files via USB to the broken one. You said you knew of this particular problem, can you tell me what it is exactly or where it might have come from? In your opinion is it worth trying to correct, because it seems to me that this is pretty invasive already. Just asking because I can nuke and pave if that would be better or easier, the person who owns it doesnt care about data loss, they are backed up.

2. Sorry I do not have the Windows installation DVD or the "Repair my computer" option there. I only have as follows;

"Safe Mode
Safe Mode with Networking
Safe Mode with Command Prompt

Enable Boot Logging
Enable low-resolution video (640x480)
Last Known Good Configuration (advanced)
Directory Services Restore Mode Debugging Mode
Disable automatic restart on system failure
Disable Driver Signature Enforcement

Start Windows Normally"

Which can then go to "Start" or "Windows Memory Diagnostic".

I assume this will be an issue?

3. MiniRegTool by Farbar
Ran by Owner (administrator) on 2011-08-22 at 21:19:26

=================================================

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET CLR Networking 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\7efa5962]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adp94xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpahci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adpu320]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\adsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AeLookupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AgereSoftModem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\agp440]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\aliide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdagp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\amdide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdK7]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AmdK8]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Appinfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\arcsas]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\athr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ati External Event Utility]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Atierecord]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\atikmdag]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AVG Security Toolbar Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avg9emc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\avg9wd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgLdx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgMfx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgRkx86]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgTdiX]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\blbdrive]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrFiltLo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrFiltUp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Brserid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrSerWdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrUsbMdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BrUsbSer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHMODEM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CertPropSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\circlass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CLFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crcdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Crusoe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CSC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\CscService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DfsC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DFSR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\disk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DPS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\DXGKrnl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\E1G60]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ecache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehRecvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehSched]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ehstart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\elxstor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EMDMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ErrDev]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fax]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fdPHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FDResPub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FileInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Filetrace]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\fvevol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gagp30kx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\gpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidBth]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidIr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hidserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HpCISSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqcxs08]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hpqddsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iaStorV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iirsp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iphlpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPMIDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IPNAT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iScsiPrt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iteatapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\iteraid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kbdhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\KtmRm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LHidKe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lltdsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lmhosts]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_FC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SAS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LSI_SCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\luafv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mcx2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\megasas]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MegaSR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mpsdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MpsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msahci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msdsm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msisadrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSiSCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msiserver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSTEE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netbt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nfrd960]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nsiproxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntrigdigi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NuidFltr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvraid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nvstor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\nv_agp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2pimsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p2psvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\partmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Parvdm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PcaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pciide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PEAUTH]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\pla]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPAutoReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PNRPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Point32]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Processor]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql2300]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ql40xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\QWAVEdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasSstp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPENCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rspndr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RTL8169]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASDIFSV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SASKUTIL]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sbp2port]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SBSDWSCService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SCPolicySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SDRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serenum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sermouse]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SessionEnv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_mmc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sisagp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SiSRaid4]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\slsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SLUINotify]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Smb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SNMPTRAP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srv2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvnet]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SstpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\swprv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysMain]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tcpipreg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tdx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\THREADORDER]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tssecsrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tunmp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\tunnel]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\TVALZ]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uagp35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UI0Detect]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uliagpkx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uliahci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UlSata]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ulsata2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\umbus]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UmRdpService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbcir]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbohci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\usbvideo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UxSms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vga]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viaagp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ViaC7]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\viaide]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volmgrx]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\volsnap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsmraid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WacomPen]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wanarpv6]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wbengine]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wcncsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WcsPlugInService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wdf01000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WdiSystemHost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wecsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wercplsupport]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WerSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinHttpAutoProxySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinRM]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiAcpi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPCSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPDBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WpdUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WPFFontCache_v0400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ws2ifsl]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearch]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WUDFRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wudfsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\{6135697F-D337-44E6-B1FD-9AD8EC0364C8}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NET CLR Networking 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adp94xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adpahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adpu320]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\adsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AeLookupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AgereSoftModem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\agp440]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\aliide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\amdagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\amdide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AmdK7]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AmdK8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Appinfo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\arc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\arcsas]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\athr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Ati External Event Utility]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Atierecord]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\atikmdag]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AVG Security Toolbar Service]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg9emc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\avg9wd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgLdx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgMfx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgRkx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\AvgTdiX]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\blbdrive]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrFiltLo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrFiltUp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Brserid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrSerWdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrUsbMdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BrUsbSer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHMODEM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CertPropSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\circlass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CLFS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\crcdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Crusoe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CSC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CscService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DfsC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DFSR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\disk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DPS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\DXGKrnl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\E1G60]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Ecache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ehRecvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ehSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ehstart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\elxstor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EMDMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ErrDev]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Fax]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fdPHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FDResPub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FileInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Filetrace]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FontCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\fvevol]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gagp30kx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\gpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HidBth]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HidIr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hidserv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HpCISSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpqcxs08]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hpqddsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iaStorV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iirsp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\intelide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IPBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iphlpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IPMIDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IPNAT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iScsiPrt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iteatapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\iteraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\kbdhid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\KtmRm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LHidKe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lltdio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lltdsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\lmhosts]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LSI_FC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LSI_SAS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\LSI_SCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\luafv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mcx2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\megasas]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MegaSR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mpio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mpsdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MpsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msdsm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msisadrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSiSCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\msiserver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\MSTEE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netbt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nfrd960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nsiproxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ntrigdigi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NuidFltr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nvraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nvstor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\nv_agp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\p2pimsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\p2psvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\partmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Parvdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PcaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pciide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PEAUTH]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\pla]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PNRPAutoReg]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PNRPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Point32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Processor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ql2300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ql40xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QWAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\QWAVEdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RasSstp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPENCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rspndr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RTL8169]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sbp2port]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SCPolicySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SDRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Serenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sermouse]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SessionEnv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sffp_mmc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sisagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SiSRaid2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SiSRaid4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\slsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SLUINotify]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Smb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SNMPTRAP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srv2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\srvnet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SstpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\swprv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\SysMain]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tcpipreg]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tdx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\THREADORDER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tssecsrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tunmp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\tunnel]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\TVALZ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uagp35]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UI0Detect]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uliagpkx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uliahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UlSata]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ulsata2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\umbus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UmRdpService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbcir]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbohci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\usbvideo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\uvnc_service]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\UxSms]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vga]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\viaagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ViaC7]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\viaide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\volmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\volmgrx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\volsnap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\vsmraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WacomPen]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wanarpv6]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wbengine]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wcncsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WcsPlugInService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wdf01000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WdiServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WdiSystemHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wecsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wercplsupport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WerSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinHttpAutoProxySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinRM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WmiAcpi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WPCSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WPDBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WpdUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WPFFontCache_v0400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ws2ifsl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WSearch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WUDFRd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\wudfsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\{6135697F-D337-44E6-B1FD-9AD8EC0364C8}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NET CLR Networking 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\7efa5962]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ACPI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\adp94xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\adpahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\adpu160m]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\adpu320]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\adsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AeLookupSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AgereSoftModem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\agp440]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\aic78xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ALG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\aliide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\amdagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\amdide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AmdK7]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AmdK8]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Appinfo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AppMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\arc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\arcsas]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AsyncMac]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\athr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ati External Event Utility]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Atierecord]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\atikmdag]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AudioEndpointBuilder]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Audiosrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AVG]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AVG Security Toolbar Service]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avg9emc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\avg9wd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgLdx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgMfx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgRkx86]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\AvgTdiX]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BattC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Beep]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BITS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\blbdrive]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BrFiltLo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BrFiltUp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Browser]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Brserid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BrSerWdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BrUsbMdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BrUsbSer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHMODEM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cdfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cdrom]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CertPropSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\circlass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CLFS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clr_optimization_v2.0.50727_32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\clr_optimization_v4.0.30319_32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CmBatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\cmdide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Compbatt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\COMSysApp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\crcdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Crusoe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\crypt32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CryptSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CSC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\CscService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DCLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DcomLaunch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DfsC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DFSR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Dhcp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\disk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Dnscache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\dot3svc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DPS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\drmkaud]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\DXGKrnl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\E1G60]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EapHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ecache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ehRecvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ehSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ehstart]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\elxstor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EmdCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EMDMgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ErrDev]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ESENT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Eventlog]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\EventSystem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\exfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fastfat]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Fax]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fdc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fdPHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FDResPub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FileInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Filetrace]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\flpydisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FltMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FontCache]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\FontCache3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\fvevol]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gagp30kx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\gpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HdAudAddService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HDAudBus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HidBth]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HidIr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hidserv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HidUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hkmsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HpCISSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hpqcxs08]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\hpqddsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\HTTP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i2omp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\i8042prt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iaStorV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\idsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iirsp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\inetaccs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\intelppm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IpFilterDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iphlpsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IpInIp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPMIDRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IPNAT]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\IRENUM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\isapnp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iScsiPrt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iteatapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\iteraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kbdclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\kbdhid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\KSecDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\KtmRm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LanmanServer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LanmanWorkstation]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ldap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LHidKe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lltdio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lltdsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\lmhosts]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Lsa]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LSI_FC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LSI_SAS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\LSI_SCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\luafv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mcx2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\megasas]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MegaSR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MMCSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Modem]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\monitor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mouclass]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mouhid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MountMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mpio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mpsdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MpsSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mraid35x]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MRxDAV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msdsm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSDTC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Msfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msisadrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSiSCSI]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msiserver]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSKSSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSPCLOCK]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSPQM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MsRPC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\mssmbios]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\MSTEE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Mup]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\napagent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NDIS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NdisTapi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ndisuio]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NdisWan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NDProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Net Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetBIOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netbt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Netlogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Netman]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NetTcpPortSharing]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nfrd960]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Npfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nsiproxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Ntfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ntrigdigi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NuidFltr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Null]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nvraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nvstor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\nv_agp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NwlnkFlt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NwlnkFwd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ohci1394]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\p2pimsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\p2psvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Parport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\partmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Parvdm]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PcaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pciide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pcmcia]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PEAUTH]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PerfNet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PerfOS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PerfProc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\pla]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PlugPlay]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Pml Driver HPZ12]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PNRPAutoReg]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PNRPsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Point32]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PortProxy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PptpMiniport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Processor]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ProtectedStorage]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\PSched]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ql2300]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ql40xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\QWAVE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\QWAVEdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RasAcd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RasAuto]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Rasl2tp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RasMan]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RasPppoe]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RasSstp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rdpdr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPENCDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPNP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RDPWD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RemoteAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RemoteRegistry]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RpcLocator]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RpcSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\rspndr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\RTL8169]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SamSs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SASDIFSV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SASKUTIL]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sbp2port]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SBSDWSCService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Schedule]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SCPolicySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SDRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\secdrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\seclogon]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SENS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Serenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Serial]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sermouse]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SessionEnv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sffdisk]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sffp_mmc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sffp_sd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sfloppy]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ShellHWDetection]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sisagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SiSRaid2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SiSRaid4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\slsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SLUINotify]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Smb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SNMPTRAP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\spldr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Spooler]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srv2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\srvnet]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SSDPSRV]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SstpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\stisvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\swenum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\swprv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Symc8xx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sym_hi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Sym_u3]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SysMain]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TapiSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip6]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tcpipreg]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TDTCP]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tdx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TermDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TermService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Themes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\THREADORDER]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrkWks]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TSDDD]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tssecsrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tunmp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\tunnel]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\TVALZ]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uagp35]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\udfs]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UGatherer]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UI0Detect]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uliagpkx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\uliahci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UlSata]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ulsata2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\umbus]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UmRdpService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\upnphost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbccgp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbcir]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbehci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbhub]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbohci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbprint]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\USBSTOR]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbuhci]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\usbvideo]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\UxSms]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vds]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vga]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\VgaSave]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\viaagp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ViaC7]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\viaide]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\volmgr]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\volmgrx]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\volsnap]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\vsmraid]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\VSS]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\W32Time]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\W3SVC]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WacomPen]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wanarp]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wanarpv6]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wbengine]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wcncsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WcsPlugInService]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wdf01000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WdiServiceHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WdiSystemHost]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WebClient]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wecsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wercplsupport]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WerSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinHttpAutoProxySvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winmgmt]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinRM]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Winsock]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WinSock2]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WmiAcpi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wmiApSrv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WMPNetworkSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WPCSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WPDBusEnum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WpdUsb]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WPFFontCache_v0400]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ws2ifsl]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wscsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WSearch]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wuauserv]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\WUDFRd]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\wudfsvc]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\xmlprov]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B}]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\{6135697F-D337-44E6-B1FD-9AD8EC0364C8}]

4. .
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
Run by Owner at 21:20:13 on 2011-08-22
Microsoft® Windows Vista Black Edition™ 2009 6.0.6002.2.1252.2.1033.18.1789.1081 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\1650063998:2164631197.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = http=127.0.0.1:61798
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uWindows: Load=c:\users\owner\appdata\local\temp\csrss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ahinozeyesogufut] rundll32.exe "c:\users\owner\appdata\local\alukofeginu.dll",Startup
dRun: [lpc] rundll32.exe "c:\users\owner\appdata\roaming\remote\ew.dll",RegisterDll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B} : DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{6135697F-D337-44E6-B1FD-9AD8EC0364C8} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gto40cxw.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c2548b4&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-15 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-15 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-17 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-18 1153368]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-26 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-26 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
.
=============== Created Last 30 ================
.
2011-08-20 03:24:43 -------- d--h--w- c:\windows\PIF
2011-08-19 07:07:05 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-08-19 07:07:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 07:06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-19 07:06:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 07:06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 04:03:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-19 04:03:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-19 04:03:28 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-08-19 04:03:28 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-08-19 04:03:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-19 04:03:28 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-08-19 04:03:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-08-19 04:03:27 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-08-19 03:12:37 43408 --sha-w- c:\windows\system32\c_73823.nl_
2011-08-19 01:37:02 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2011-08-19 01:36:21 -------- d-----w- c:\programdata\MFAData
2011-08-19 01:35:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-19 01:35:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-19 01:35:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-19 01:35:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-19 00:58:03 -------- d-----w- c:\program files\Cisco Systems
2011-08-19 00:57:36 -------- d-----w- c:\programdata\Cisco Systems
2011-08-18 21:44:18 -------- d-----w- c:\users\owner\appdata\roaming\Remote
2011-08-18 19:36:03 0 ----a-w- c:\users\owner\appdata\local\Wjugamavesazuyuf.bin
2011-08-18 07:27:18 -------- d-----w- c:\users\owner\appdata\local\{F04890C6-F0B6-4771-A445-76424C430002}
2011-08-11 01:53:43 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:09:04 -------- d-----w- C:\f1a9fa7bdb143a91d361
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 21:21:13.17 ===============



Thanks much for for your help, I will not be able to reply till late tomorrow night or the next day.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 23 August 2011 - 04:38 PM

Thanks for the feedback.

The infection is ZeroAccess rootkit. But please don't run any tool at the moment as the infection locks them too. We will run the right tools later on. Once we remove the rootkit we restore all the locked files.

Without a Windows or boot DVD we are hampered but we have not run out of options first. The next move is very decisive.

  • Please go to C:\Windows directory and remove the following file:

    C:\Windows\1650063998

    In case you could not remove it drag it to the desktop and tell me what you did.
  • Please download DummyMaker.zip and unzip it.
    • Run the tool.
    • Copy and paste the following into the edit box:

      C:\Windows\1650063998
    • Press Create button and post the result.
  • Important: First reboot the computer and then run DDS and post only DDS.txt.


#5 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 24 August 2011 - 11:44 PM

1. I was able to find and delete said file.

2. Microsoft Windows dialog box popped up saying;

Console IME has stopped working

A problem caused the program to stop working correctly. Windows will close the and notify you if a solution is available.

Tried to rerun it from the usb key then another box saying Windows Command Processor had stopped??? So I created a folder and dragged the DM.exe into it seeing as I can't erase it, then I put it back on the destop and reran it but dont know if it worked as it just popped up a result saying it was run then it listed the C: folder name and end log.

3. Restarted and ran DDS, here are the results;
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_22
Run by Owner at 22:28:43 on 2011-08-24
Microsoft® Windows Vista Black Edition™ 2009 6.0.6002.2.1252.2.1033.18.1789.1098 [GMT -6:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conime.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyServer = http=127.0.0.1:61798
uInternet Settings,ProxyOverride = localhost
mSearchAssistant = hxxp://start.facemoods.com/?a=ppcb&s={searchTerms}&f=4
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uWindows: Load=c:\users\owner\appdata\local\temp\csrss.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
uRun: [Mgoyuj] rundll32.exe "c:\users\owner\appdata\local\wmamets0.dll",Startup
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [Ahinozeyesogufut] rundll32.exe "c:\users\owner\appdata\local\alukofeginu.dll",Startup
dRun: [lpc] rundll32.exe "c:\users\owner\appdata\roaming\remote\ew.dll",RegisterDll
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
LSP: mswsock.dll
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-ca.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-ca.cab
TCP: DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{13B88935-EA4D-4A33-AA23-8E9F8B5ABE1B} : DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
TCP: Interfaces\{6135697F-D337-44E6-B1FD-9AD8EC0364C8} : DhcpNameServer = 192.168.1.254
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
STS: Windows DreamScene: {e31004d1-a431-41b8-826f-e902f9d95c81} - %SystemRoot%\System32\DreamScene.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\gto40cxw.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c2548b4&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-GB&q=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-6-15 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-6-15 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-6-15 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-6-15 243152]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-7-17 21504]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-8-18 1153368]
S2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-11 116608]
S2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-26 921952]
S2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-26 308136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 1025352]
.
=============== Created Last 30 ================
.
2011-08-25 04:18:11 -------- d-----w- c:\windows\1650063998
2011-08-20 03:24:43 -------- d--h--w- c:\windows\PIF
2011-08-19 07:07:05 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2011-08-19 07:07:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 07:06:59 -------- d-----w- c:\programdata\Malwarebytes
2011-08-19 07:06:56 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 07:06:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 04:03:29 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-08-19 04:03:29 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-19 04:03:28 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-08-19 04:03:28 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-08-19 04:03:28 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-08-19 04:03:28 1850328 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-08-19 04:03:28 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-08-19 04:03:27 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-08-19 03:12:37 43408 --sha-w- c:\windows\system32\c_73823.nl_
2011-08-19 01:37:02 -------- d-----w- c:\users\owner\appdata\roaming\SUPERAntiSpyware.com
2011-08-19 01:36:21 -------- d-----w- c:\programdata\MFAData
2011-08-19 01:35:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-19 01:35:52 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-19 01:35:50 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-19 01:35:50 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-19 00:58:03 -------- d-----w- c:\program files\Cisco Systems
2011-08-19 00:57:36 -------- d-----w- c:\programdata\Cisco Systems
2011-08-18 21:44:18 -------- d-----w- c:\users\owner\appdata\roaming\Remote
2011-08-18 19:36:03 0 ----a-w- c:\users\owner\appdata\local\Wjugamavesazuyuf.bin
2011-08-18 07:27:18 -------- d-----w- c:\users\owner\appdata\local\{F04890C6-F0B6-4771-A445-76424C430002}
2011-08-11 01:53:43 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:09:04 -------- d-----w- C:\f1a9fa7bdb143a91d361
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-06 15:31:47 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 16:03:18 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 13:34:49 2043392 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 22:29:19.37 ===============





On a side note - is it possible for this thing to infect my laptop via the usb? Because my laptop is acting up now(hangs and delays mostly) not to get off topic but I am worried now.

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 25 August 2011 - 02:53 AM

Well done.:thumbup2:

On a side note - is it possible for this thing to infect my laptop via the usb? Because my laptop is acting up now(hangs and delays mostly) not to get off topic but I am worried now.

This is not a flash drive infection,. So if the infection is confined to this it will not infect other system via the USB.

  • popped up a result saying it was run then it listed the C: folder name and end log.

    The DDS log shows that it has worked.
    Please post the content of Result.txt which is made in the the same directory the tool is run to your reply. It should list a date and time too.
  • Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.

Edited by farbar, 25 August 2011 - 03:10 AM.


#7 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 25 August 2011 - 05:24 PM

"This is not a flash drive infection,. So if the infection is confined to this it will not infect other system via the USB"

Thanks for the heads up, I did some research on it and used TDSS and Trend Micros Housecall to check after you told me what it was called.



1. DummyMaker by Farbar
Ran by Owner (administrator) on 24-08-2011 at 22:18:10
**************************************************************

C:\Windows\1650063998 [24-08-2011 22:18:11]

== End of log ==

2, It needed a reboot.

2011/08/25 16:16:06.0566 2504 TDSS rootkit removing tool 2.5.17.0 Aug 22 2011 15:46:57
2011/08/25 16:16:07.0049 2504 ================================================================================
2011/08/25 16:16:07.0049 2504 SystemInfo:
2011/08/25 16:16:07.0049 2504
2011/08/25 16:16:07.0049 2504 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/25 16:16:07.0049 2504 Product type: Workstation
2011/08/25 16:16:07.0049 2504 ComputerName: OWNER-PC
2011/08/25 16:16:07.0049 2504 UserName: Owner
2011/08/25 16:16:07.0049 2504 Windows directory: C:\Windows
2011/08/25 16:16:07.0049 2504 System windows directory: C:\Windows
2011/08/25 16:16:07.0049 2504 Processor architecture: Intel x86
2011/08/25 16:16:07.0049 2504 Number of processors: 2
2011/08/25 16:16:07.0049 2504 Page size: 0x1000
2011/08/25 16:16:07.0049 2504 Boot type: Normal boot
2011/08/25 16:16:07.0049 2504 ================================================================================
2011/08/25 16:16:08.0157 2504 Initialize success
2011/08/25 16:16:42.0524 2992 ================================================================================
2011/08/25 16:16:42.0524 2992 Scan started
2011/08/25 16:16:42.0524 2992 Mode: Manual;
2011/08/25 16:16:42.0524 2992 ================================================================================
2011/08/25 16:16:43.0491 2992 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/25 16:16:43.0585 2992 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/08/25 16:16:43.0709 2992 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/08/25 16:16:43.0897 2992 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/08/25 16:16:43.0943 2992 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/08/25 16:16:44.0099 2992 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/25 16:16:44.0240 2992 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/25 16:16:44.0427 2992 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/08/25 16:16:44.0474 2992 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/25 16:16:44.0536 2992 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/08/25 16:16:44.0599 2992 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/08/25 16:16:44.0739 2992 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/08/25 16:16:44.0755 2992 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/08/25 16:16:44.0817 2992 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/08/25 16:16:44.0848 2992 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/08/25 16:16:44.0911 2992 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/08/25 16:16:44.0957 2992 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/25 16:16:45.0113 2992 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/25 16:16:45.0238 2992 athr (8899bbd6740fefbdffd38eb88693dd26) C:\Windows\system32\DRIVERS\athr.sys
2011/08/25 16:16:45.0550 2992 atikmdag (a23efb72057fed7128eb558866055fdf) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/08/25 16:16:45.0878 2992 AvgLdx86 (b8c187439d27aba430dd69fdcf1fa657) C:\Windows\system32\Drivers\avgldx86.sys
2011/08/25 16:16:45.0940 2992 AvgMfx86 (53b3f979930a786a614d29cafe99f645) C:\Windows\system32\Drivers\avgmfx86.sys
2011/08/25 16:16:45.0987 2992 AvgRkx86 (5bbcd8646074a3af4ee9b321d12c2b64) C:\Windows\system32\Drivers\avgrkx86.sys
2011/08/25 16:16:46.0143 2992 AvgTdiX (9a7a93388f503a34e7339ae7f9997449) C:\Windows\system32\Drivers\avgtdix.sys
2011/08/25 16:16:46.0221 2992 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/25 16:16:46.0377 2992 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/08/25 16:16:46.0439 2992 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/25 16:16:46.0502 2992 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/25 16:16:46.0549 2992 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/25 16:16:46.0595 2992 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/25 16:16:46.0642 2992 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/25 16:16:46.0720 2992 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/25 16:16:46.0751 2992 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/25 16:16:46.0783 2992 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/25 16:16:46.0829 2992 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/25 16:16:46.0907 2992 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/25 16:16:46.0985 2992 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/08/25 16:16:47.0079 2992 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/25 16:16:47.0204 2992 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/25 16:16:47.0297 2992 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/08/25 16:16:47.0360 2992 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/25 16:16:47.0453 2992 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/08/25 16:16:47.0531 2992 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/08/25 16:16:47.0641 2992 CSC (10ee04eae2f1e56f3aa7b0e4a75f6e64) C:\Windows\system32\drivers\csc.sys
2011/08/25 16:16:47.0656 2992 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: 10ee04eae2f1e56f3aa7b0e4a75f6e64, Fake md5: 9bdb2e89be8d0ef37b1f25c3d3fc192c
2011/08/25 16:16:47.0672 2992 CSC - detected Rootkit.Win32.ZAccess.f (0)
2011/08/25 16:16:47.0812 2992 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/25 16:16:47.0906 2992 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/25 16:16:48.0031 2992 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/25 16:16:48.0124 2992 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/25 16:16:48.0249 2992 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/25 16:16:48.0343 2992 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/25 16:16:48.0514 2992 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/08/25 16:16:48.0639 2992 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/08/25 16:16:48.0764 2992 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/25 16:16:48.0873 2992 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/25 16:16:48.0951 2992 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/25 16:16:49.0076 2992 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/25 16:16:49.0232 2992 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/25 16:16:49.0481 2992 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/25 16:16:49.0684 2992 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/25 16:16:49.0965 2992 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/25 16:16:50.0090 2992 fvevol (fecf4c2e42440a8d132bf94eee3c3fc9) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/25 16:16:50.0293 2992 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/25 16:16:50.0464 2992 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
2011/08/25 16:16:50.0714 2992 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/25 16:16:50.0854 2992 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/25 16:16:51.0010 2992 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/25 16:16:51.0119 2992 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/25 16:16:51.0291 2992 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/08/25 16:16:51.0603 2992 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/25 16:16:51.0743 2992 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/08/25 16:16:51.0806 2992 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/25 16:16:51.0884 2992 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/08/25 16:16:52.0305 2992 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/25 16:16:52.0492 2992 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/25 16:16:52.0617 2992 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/25 16:16:52.0757 2992 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/25 16:16:52.0851 2992 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/25 16:16:52.0960 2992 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/25 16:16:53.0366 2992 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/25 16:16:53.0756 2992 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/08/25 16:16:53.0849 2992 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/25 16:16:54.0193 2992 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/25 16:16:54.0255 2992 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/25 16:16:54.0302 2992 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/25 16:16:54.0473 2992 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/25 16:16:54.0629 2992 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/25 16:16:54.0957 2992 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/25 16:16:55.0191 2992 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/25 16:16:55.0347 2992 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/25 16:16:55.0519 2992 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/25 16:16:55.0643 2992 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/25 16:16:55.0784 2992 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/08/25 16:16:55.0924 2992 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/08/25 16:16:56.0221 2992 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/25 16:16:56.0377 2992 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/25 16:16:56.0704 2992 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/25 16:16:56.0954 2992 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/25 16:16:57.0063 2992 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/25 16:16:57.0515 2992 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/08/25 16:16:57.0687 2992 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/25 16:16:57.0781 2992 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/25 16:16:57.0859 2992 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/25 16:16:58.0202 2992 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/25 16:16:58.0342 2992 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/25 16:16:58.0561 2992 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/25 16:16:58.0670 2992 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/08/25 16:16:58.0826 2992 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/08/25 16:16:59.0013 2992 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/25 16:16:59.0091 2992 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/25 16:16:59.0263 2992 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/25 16:16:59.0325 2992 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/25 16:16:59.0372 2992 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/25 16:16:59.0575 2992 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/25 16:16:59.0809 2992 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/25 16:16:59.0980 2992 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/25 16:17:00.0089 2992 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/25 16:17:00.0386 2992 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/25 16:17:00.0729 2992 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/25 16:17:00.0901 2992 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/25 16:17:00.0947 2992 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/25 16:17:01.0010 2992 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/25 16:17:01.0197 2992 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/25 16:17:01.0291 2992 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/25 16:17:01.0556 2992 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/25 16:17:01.0868 2992 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/25 16:17:01.0946 2992 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/25 16:17:02.0180 2992 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/25 16:17:02.0273 2992 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/25 16:17:02.0570 2992 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/25 16:17:02.0741 2992 NuidFltr (cf7e041663119e09d2e118521ada9300) C:\Windows\system32\DRIVERS\NuidFltr.sys
2011/08/25 16:17:02.0835 2992 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/25 16:17:02.0975 2992 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/08/25 16:17:03.0022 2992 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/08/25 16:17:03.0100 2992 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/08/25 16:17:03.0506 2992 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/08/25 16:17:03.0740 2992 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/25 16:17:03.0896 2992 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/25 16:17:03.0974 2992 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/25 16:17:04.0270 2992 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/25 16:17:04.0582 2992 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/08/25 16:17:04.0816 2992 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/08/25 16:17:05.0097 2992 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/25 16:17:05.0347 2992 Point32 (5b6f99087cc1342b3d193e8155f26b6f) C:\Windows\system32\DRIVERS\point32k.sys
2011/08/25 16:17:05.0440 2992 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/25 16:17:05.0503 2992 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
2011/08/25 16:17:05.0768 2992 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/25 16:17:06.0142 2992 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/08/25 16:17:06.0376 2992 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/25 16:17:06.0470 2992 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/25 16:17:06.0626 2992 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/25 16:17:06.0704 2992 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/25 16:17:06.0922 2992 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/25 16:17:07.0031 2992 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/25 16:17:07.0141 2992 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/25 16:17:07.0187 2992 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/25 16:17:07.0328 2992 rdpdr (943b18305eae3935598a9b4a3d560b4c) C:\Windows\system32\DRIVERS\rdpdr.sys
2011/08/25 16:17:07.0499 2992 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/25 16:17:07.0780 2992 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/25 16:17:07.0967 2992 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/25 16:17:08.0045 2992 RTL8169 (7157e70a90cce49deb8885d23a073a39) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/25 16:17:08.0155 2992 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/25 16:17:08.0217 2992 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/25 16:17:08.0326 2992 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/25 16:17:08.0420 2992 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/25 16:17:08.0482 2992 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/25 16:17:08.0732 2992 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/25 16:17:08.0872 2992 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/25 16:17:09.0075 2992 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/08/25 16:17:09.0231 2992 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/25 16:17:09.0325 2992 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/25 16:17:09.0481 2992 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/25 16:17:09.0637 2992 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/08/25 16:17:09.0793 2992 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/08/25 16:17:09.0855 2992 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/08/25 16:17:09.0964 2992 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/25 16:17:10.0276 2992 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/25 16:17:10.0401 2992 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/25 16:17:10.0682 2992 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/25 16:17:10.0822 2992 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/25 16:17:10.0931 2992 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/25 16:17:11.0087 2992 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/25 16:17:11.0212 2992 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/25 16:17:11.0399 2992 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/25 16:17:11.0555 2992 Tcpip (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/08/25 16:17:11.0930 2992 Tcpip6 (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/25 16:17:12.0101 2992 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/25 16:17:12.0211 2992 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/25 16:17:12.0351 2992 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/25 16:17:12.0429 2992 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/25 16:17:12.0523 2992 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/25 16:17:12.0866 2992 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/25 16:17:13.0006 2992 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/25 16:17:13.0069 2992 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/25 16:17:13.0131 2992 TVALZ (792a8b80f8188aba4b2be271583f3e46) C:\Windows\system32\DRIVERS\TVALZ_O.SYS
2011/08/25 16:17:13.0240 2992 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/08/25 16:17:13.0303 2992 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/25 16:17:13.0427 2992 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/25 16:17:13.0552 2992 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/08/25 16:17:13.0724 2992 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/25 16:17:13.0802 2992 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/25 16:17:13.0927 2992 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/25 16:17:14.0020 2992 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/25 16:17:14.0098 2992 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/25 16:17:14.0254 2992 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/25 16:17:14.0317 2992 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/25 16:17:14.0395 2992 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/25 16:17:14.0519 2992 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/08/25 16:17:14.0597 2992 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/25 16:17:14.0675 2992 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/25 16:17:14.0753 2992 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/08/25 16:17:14.0894 2992 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/25 16:17:14.0956 2992 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/25 16:17:15.0019 2992 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/08/25 16:17:15.0050 2992 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/08/25 16:17:15.0081 2992 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/08/25 16:17:15.0128 2992 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/25 16:17:15.0268 2992 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/25 16:17:15.0346 2992 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/25 16:17:15.0424 2992 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/08/25 16:17:15.0565 2992 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/25 16:17:15.0611 2992 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 16:17:15.0627 2992 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/25 16:17:15.0767 2992 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/08/25 16:17:15.0939 2992 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/25 16:17:16.0189 2992 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/25 16:17:16.0376 2992 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/25 16:17:16.0438 2992 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/25 16:17:16.0516 2992 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/25 16:17:16.0579 2992 MBR (0x1B8) (04d4350ae5fb6fc2ad3e7c26b1323c68) \Device\Harddisk0\DR0
2011/08/25 16:17:16.0594 2992 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/25 16:17:16.0610 2992 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk2\DR3
2011/08/25 16:17:16.0719 2992 Boot (0x1200) (49e128f22042f9791036ca53f3b6f904) \Device\Harddisk0\DR0\Partition0
2011/08/25 16:17:16.0735 2992 Boot (0x1200) (0c438703b6b55361dfd0c8bd8daf8e98) \Device\Harddisk2\DR3\Partition0
2011/08/25 16:17:16.0750 2992 ================================================================================
2011/08/25 16:17:16.0750 2992 Scan finished
2011/08/25 16:17:16.0750 2992 ================================================================================
2011/08/25 16:17:16.0766 3572 Detected object count: 2
2011/08/25 16:17:16.0766 3572 Actual detected object count: 2
2011/08/25 16:17:59.0432 3572 CSC (10ee04eae2f1e56f3aa7b0e4a75f6e64) C:\Windows\system32\drivers\csc.sys
2011/08/25 16:17:59.0432 3572 Suspicious file (Forged): C:\Windows\system32\drivers\csc.sys. Real md5: 10ee04eae2f1e56f3aa7b0e4a75f6e64, Fake md5: 9bdb2e89be8d0ef37b1f25c3d3fc192c
2011/08/25 16:17:59.0697 3572 Backup copy found, using it..
2011/08/25 16:17:59.0744 3572 C:\Windows\system32\drivers\csc.sys - will be cured after reboot
2011/08/25 16:17:59.0744 3572 Rootkit.Win32.ZAccess.f(CSC) - User select action: Cure
2011/08/25 16:17:59.0806 3572 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/25 16:17:59.0806 3572 \Device\Harddisk0\DR0 - ok
2011/08/25 16:17:59.0822 3572 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/25 16:18:08.0573 0588 Deinitialize success



Again thanks for your help. Whats next bosss?

Edited by totallylostami, 25 August 2011 - 05:26 PM.


#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 26 August 2011 - 12:38 AM

First we need to find the locked files.

  • We need to scan the system with this special tool.
    • Please download Junction.zip and save it.
    • Unzip it and put junction.exe in the Windows directory (C:\Windows). No need to run it.
  • Please run Notepad (start > All Programs > Accessories > Notepad) and copy and paste the text in the code box into a new file:

    @ECHO OFF
    junction -s >log.txt
    start log.txt
    
    • Go to the File menu at the top of the Notepad and select Save as.
    • Select Save in: desktop
    • Fill in File name: look.bat
    • Save as type: All file types (*.*)
    • Click save.
    • Close the Notepad.
    • Locate look.bat on the desktop. It should look like this: Posted Image
    • Right-click and run it as administrator.
    • The command prompt opens, wait until a notepad opens, copy and paste the content (log.txt) to your reply.
  • Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Report IE Proxy Settings
    • Report FF Proxy Settings
    • List Winsock Entries
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.

Edited by farbar, 26 August 2011 - 12:46 AM.


#9 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 26 August 2011 - 12:06 PM

1. done no problems

2.
Junction v1.06 - Windows junction creator and reparse point viewer
Copyright © 2000-2010 Mark Russinovich
Sysinternals - www.sysinternals.com


Failed to open \\?\C:\Users\Owner\Contacts\Desktop\gmer.exe: Access is denied.



Failed to open \\?\C:\Users\Owner\Contacts\Desktop\New Folder\gmer.exe: Access is denied.


No reparse points found.

3. MiniToolBox by Farbar
Ran by Owner (administrator) on 26-08-2011 at 11:03:14
Windows Vista ™ Black Edition 2009 Service Pack 2 (X86)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=127.0.0.1:61798

========================= FF Proxy Settings: ==============================

"network.proxy.no_proxies_on", "localhost"
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 02 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 03 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 04 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 05 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 06 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 07 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 08 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 09 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 10 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 11 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 12 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 13 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 14 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 15 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 16 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 17 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 18 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 19 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 20 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 21 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 22 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 23 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog9 24 mswsock.dll [File Not found] (Microsoft Corporation)

**** End of log ****

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 26 August 2011 - 12:28 PM

  • Go to Start => Run, copy and paste the following line in the Run box and press Enter:

    cmd /c netsh winsock reset

    A black command window opens and closes. This is normal. In case you got an error please tell me about it.
  • Please run MiniToolBox.

    Checkmark following checkboxes:
    • Flush DNS
    • Reset IE Proxy Settings
    • Reset FF Proxy Settings
    • List Winsock Entries
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.
  • For x86 bit systems please download GrantPerms.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    C:\Users\Owner\Contacts\Desktop\gmer.exe
    C:\Users\Owner\Contacts\Desktop\New Folder\gmer.exe


    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result (Perms.txt) that pops up. A copy of Perms.txt will be saved in the same directory the tool is run.
  • Reboot the computer and tell me if you have Internet connection.


#11 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 28 August 2011 - 12:59 AM

1. no problems

2. MiniToolBox by Farbar
Ran by Owner (administrator) on 27-08-2011 at 23:47:32
Windows Vista ™ Black Edition 2009 Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 mswsock.dll [File Not found] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [223232] (Microsoft Corporation)

**** End of log ****

3. GrantPerms by Farbar
Ran by Owner at 2011-08-27 23:55:14

===============================================
\\?\C:\Users\Owner\Contacts\Desktop\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Power Users READ ALLOW (NI)
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


\\?\C:\Users\Owner\Contacts\Desktop\New Folder\gmer.exe

Owner: BUILTIN\Administrators

DACL(P)(AI):
BUILTIN\Power Users READ ALLOW (NI)
BUILTIN\Administrators FULL ALLOW (NI)
NT AUTHORITY\SYSTEM FULL ALLOW (NI)
BUILTIN\Users READ/EXECUTE ALLOW (NI)


4. yes i have internet

#12 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 28 August 2011 - 07:49 AM

Well done. :thumbup2:

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
  • Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.

#13 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 28 August 2011 - 10:09 AM

* IMPORTANT !!! Save ComboFix.exe to your Desktop

as in I have to download it from the host laptop? do not use the transfer method from the other laptop?

just want to make sure 8)

#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:02:38 PM

Posted 28 August 2011 - 11:08 AM

You have internet connection with the infected computer isn't it?

It doesn't matter if you download ComboFix using another computer.

#15 totallylostami

totallylostami
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:38 AM

Posted 28 August 2011 - 02:58 PM

ComboFix 11-08-28.01 - Owner 28/08/2011 10:51:39.1.2 - x86
Microsoft® Windows Vista Black Edition™ 2009 6.0.6002.2.1252.2.1033.18.1789.1180 [GMT -6:00]
Running from: c:\users\Owner\Contacts\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\FunWebProducts
c:\program files\FunWebProducts\Installr\1.bin\F3EZSETP.DLL
c:\program files\FunWebProducts\Installr\1.bin\F3PLUGIN.DLL
c:\program files\FunWebProducts\Installr\1.bin\NPFUNWEB.DLL
C:\Recycle.Bin
c:\recycle.bin\B6232F3A2AA.exe
c:\recycle.bin\D75038F993036A0
c:\users\Owner\AppData\Local\{F04890C6-F0B6-4771-A445-76424C430002}
c:\users\Owner\AppData\Local\{F04890C6-F0B6-4771-A445-76424C430002}\chrome.manifest
c:\users\Owner\AppData\Local\{F04890C6-F0B6-4771-A445-76424C430002}\chrome\content\_cfg.js
c:\users\Owner\AppData\Local\{F04890C6-F0B6-4771-A445-76424C430002}\chrome\content\overlay.xul
c:\users\Owner\AppData\Local\{F04890C6-F0B6-4771-A445-76424C430002}\install.rdf
c:\users\Owner\AppData\Local\alukofeginu.dll
c:\users\Owner\AppData\Local\wmamets0.dll
c:\users\Owner\AppData\Roaming\Microsoft\stor.cfg
c:\users\Owner\AppData\Roaming\Remote\ew.dll
c:\windows\$NtUninstallKB55399$\2130336098\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6}
c:\windows\$NtUninstallKB55399$\2130336098\click.tlb
c:\windows\$NtUninstallKB55399$\2130336098\L\fomtmfeh
c:\windows\$NtUninstallKB55399$\2130336098\loader.tlb
c:\windows\$NtUninstallKB55399$\2130336098\U\@00000001
c:\windows\$NtUninstallKB55399$\2130336098\U\@000000c0
c:\windows\$NtUninstallKB55399$\2130336098\U\@000000cb
c:\windows\$NtUninstallKB55399$\2130336098\U\@000000cf
c:\windows\$NtUninstallKB55399$\2130336098\U\@80000000
c:\windows\$NtUninstallKB55399$\2130336098\U\@800000c0
c:\windows\$NtUninstallKB55399$\2130336098\U\@800000cb
c:\windows\$NtUninstallKB55399$\2130336098\U\@800000cf
c:\windows\$NtUninstallKB55399$\2873760610
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\Microsoft\7.EXE
c:\windows\system32\Microsoft\CC.exe
c:\windows\system32\Microsoft\FF.EXE
c:\windows\system32\Microsoft\FP.EXE
c:\windows\system32\Microsoft\KL.exe
c:\windows\system32\Microsoft\SIM.EXE
c:\windows\system32\Microsoft\Z.exe
.
c:\program files\SUPERAntiSpyware\SASCORE.EXE . . . is infected!!
.
Infected copy of c:\program files\AVG\AVG9\avgemc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!AVG!AVG9!avgemc.exe
.
Infected copy of c:\program files\AVG\AVG9\avgwdsvc.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!AVG!AVG9!avgwdsvc.exe
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_7efa5962
.
.
((((((((((((((((((((((((( Files Created from 2011-07-28 to 2011-08-28 )))))))))))))))))))))))))))))))
.
.
2011-08-26 16:53 . 2010-09-07 21:39 150392 ----a-w- C:\junction.exe
2011-08-25 04:18 . 2011-08-25 04:18 -------- d-----w- c:\windows\1650063998
2011-08-20 03:24 . 2011-08-20 03:24 -------- d--h--w- c:\windows\PIF
2011-08-19 07:07 . 2011-08-19 07:07 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2011-08-19 07:07 . 2011-07-07 01:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-19 07:06 . 2011-08-19 07:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-19 07:06 . 2011-08-19 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-19 07:06 . 2011-07-07 01:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-19 04:03 . 2011-08-19 04:03 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-08-19 04:03 . 2011-08-19 04:03 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2011-08-19 04:03 . 2011-08-19 04:03 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
2011-08-19 04:03 . 2011-08-19 04:03 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-08-19 04:03 . 2011-08-19 04:03 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-08-19 04:03 . 2011-08-19 04:03 1850328 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-08-19 04:03 . 2011-08-19 04:03 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-08-19 04:03 . 2011-08-19 04:03 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-08-19 03:12 . 2011-08-28 18:01 43408 --sha-w- c:\windows\system32\c_73823.nl_
2011-08-19 01:37 . 2011-08-19 01:37 -------- d-----w- c:\users\Owner\AppData\Roaming\SUPERAntiSpyware.com
2011-08-19 01:36 . 2011-08-19 01:37 -------- d-----w- c:\programdata\MFAData
2011-08-19 01:35 . 2011-08-28 16:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-19 01:35 . 2011-08-19 01:35 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-08-19 01:35 . 2011-08-28 17:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-08-19 01:35 . 2011-08-19 01:35 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-19 00:58 . 2011-08-19 00:58 -------- d-----w- c:\program files\Cisco Systems
2011-08-19 00:57 . 2011-08-19 00:57 -------- d-----w- c:\programdata\Cisco Systems
2011-08-18 21:44 . 2011-08-28 16:58 -------- d-----w- c:\users\Owner\AppData\Roaming\Remote
2011-08-18 19:36 . 2011-08-28 16:41 0 ----a-w- c:\users\Owner\AppData\Local\Wjugamavesazuyuf.bin
2011-08-11 01:53 . 2011-06-17 20:13 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 09:09 . 2011-08-10 09:11 -------- d-----w- C:\f1a9fa7bdb143a91d361
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-25 22:19 . 2009-09-18 05:38 351744 ----a-w- c:\windows\system32\drivers\csc.sys
2011-06-02 13:34 . 2011-07-13 14:39 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-19 04:03 . 2011-08-19 04:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2011-07-26 16:15 2532680 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-07-26 2532680]
.
[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-08-12 4603264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 07:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-07-17 12:58 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2008-03-26 03:27 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-03-13 15:34 81920 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2008-06-10 19:56 1406024 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype]
2008-06-10 19:56 1442888 ----a-w- c:\program files\Microsoft IntelliType Pro\itype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
2010-11-21 23:46 20480 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\backWeb-8876480.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
2004-04-20 23:50 118784 ----a-w- c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetPoint]
2004-10-28 16:29 581632 ----a-w- c:\program files\Logitech\SetPoint\KEM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28 1233920 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 18:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-07-17 12:52 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-07-17 13:00 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2010214779-3118870786-23954997-1000]
"EnableNotificationsRef"=dword:00000002
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-07-26 1025352]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-06-26 52872]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-06-27 216400]
S1 AvgTdiX;AVG Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-20 921952]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-06-27 308136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = localhost
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
TCP: DhcpNameServer = 65.255.176.27 65.255.176.26 65.255.176.25
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\gto40cxw.default\
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4c2548b4&v=6.103.018.001&i=26&tp=ab&iy=&ychte=ca&lng=en-GB&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-4Y3Y0C3A9F7XXVWDVFYMR - c:\recycle.bin\B6232F3A2AA.exe
HKCU-Run-Mgoyuj - c:\users\Owner\AppData\Local\wmamets0.dll
HKLM-Run-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
HKLM-Run-Ahinozeyesogufut - c:\users\Owner\AppData\Local\alukofeginu.dll
HKU-Default-Run-lpc - c:\users\Owner\AppData\Roaming\Remote\ew.dll
SafeBoot-20867698.sys
MSConfigStartUp-Ahinozeyesogufut - c:\users\Owner\AppData\Local\alukofeginu.dll
MSConfigStartUp-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.1\facemoodssrv.exe
MSConfigStartUp-FilmFanatic Browser Plugin Loader - c:\progra~1\FILMFA~2\bar\1.bin\pabrmon.exe
MSConfigStartUp-Google Update - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Mgoyuj - c:\users\Owner\AppData\Local\wmamets0.dll
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-svchost - c:\users\Owner\AppData\Roaming\Microsoft\conhost.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-28 13:43
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\windows\$NtUninstallKB55399$:SummaryInformation 0 bytes hidden from API
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\WUDFHost.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\conime.exe
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2011-08-28 13:46:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-28 19:45
.
Pre-Run: 91,736,678,400 bytes free
Post-Run: 87,214,243,840 bytes free
.
Current=4 Default=4 Failed=3 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 672A684BBFC926B82D4F3CF1D58B5678



OK I did all that and then I got the popup asking about making firefox the default browser(I clicked yes)
So whats up next 8)
Thankx!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users