Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

RegT.3xe Ws21Fsl.sys files delected Combofix,


  • This topic is locked This topic is locked
19 replies to this topic

#1 grandmother

grandmother

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 01 October 2012 - 12:07 PM

HP Pavilion dv6 , Windows Vista, 64 bit system, taking extremely long time to bootup, up to 7 minutes, so downloaded SuperAntispyware from this site, as you guys have helped me before. Super Antispyware deleted Trojan-Agent/General downloader and 300 tracking cookies. Looked at your site for additional help and decided to download Combofix. Their first scan said RegT.3xe is not recognized as an internal or external command, RegT.3xe attempted to delete, Illegal operation attempted on a registry key that has been marked for delettion - clicked on ok. The second scan a window popped up Regt.3xe terminated, files deleted; WS21FSL.SYS, AFD.SYS, WBEMESS.DLL, RET.3XE, MPSVC.DLL, and all registry keys associated with these files were deleted (I didn't write them down).

Now everytime I bootup, I get a Windows Security Alert, and can't access those setting. I also ran System File Checker, and it found files that it can't repair and placed them in Windows\Logs\CBS\CBS.log, which I can send if needed.

Lastly, when I use the 'administrator user', I get the following message: CLMLSVC.exe - no disk--- There is no disk in th drive, please insert a disk into drive\device\harddisk2\DR8. Cancel,try again, Continue. Only closing the window gets me out of this.

I researched on the internet the first two files deleted by Combofix and it appears they are needed system files, thus my concern for contacting you. Sorry, I now see that I should have contacted you before running Combofix. And unfortunately, it still takes up to 7 minutes to startup. Iam not sure what is going on.

DDS. txt below and Attach.txt file attached. No GMER file for Windows Vista. Thanks Grandma

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_35
Run by Dolores at 11:15:51 on 2012-10-01
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.1445 [GMT -5:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_265_ActiveX.exe
C:\Program Files (x86)\AVG\AVG2012\avgscana.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://login.yahoo.com/config/login_verify2?&.src=ym
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
mURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Advertising Cookie Opt-out: {8e425eb4-adbd-4816-b1e8-49bb9decf034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - C:\Program Files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
Trusted Zone: intuit.com\ttlc
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {A52FB87E-8BF5-46A2-8380-F75FA604AE4F} - hxxp://www.cerenade.com/controls/CerFillerInstall.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pbells.broadjump.com/wizlet/attPreQual/static/controls/MotiveClient.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{51ED37CA-98D3-4E81-921B-537E01A8B800} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Advertising Cookie Opt-out: {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} - C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll
BHO-X64: Advertising Cookie Opt-out - No File
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rvtiq6qe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie8
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Dolores\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Users\Dolores\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/02/28 20:37:24];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-2-28 146928]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2012/08/17 20:20:03];C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [2012-7-5 147704]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [?]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [2012-8-17 90640]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [2012-8-17 78352]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [2012-8-17 295440]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-1-25 92216]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-11-3 33672]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-11-3 827520]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 ntk_PowerDVD12;ntk_PowerDVD12;C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [2012-8-17 83704]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-13 365952]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-2-9 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-2-9 116096]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-13 228408]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-12 250568]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-5-12 1025352]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 114144]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-09-26 22:52:20 -------- d-----w- C:\ProgramData\MemeoCommon
2012-09-26 22:47:08 -------- d-----w- C:\Users\Dolores\AppData\Roaming\Memeo
2012-09-26 22:46:46 -------- d-----w- C:\Windows\SysWow64\Seagate
2012-09-26 22:46:46 -------- d-----w- C:\Users\Dolores\AppData\Roaming\Seagate
2012-09-26 22:46:02 -------- d-----w- C:\Program Files (x86)\Common Files\Memeo
2012-09-26 22:45:54 -------- d-----w- C:\Program Files (x86)\Memeo
2012-09-26 22:44:17 -------- d-----w- C:\Program Files (x86)\Seagate
2012-09-19 23:04:37 -------- d-sh--w- C:\$RECYCLE.BIN
2012-09-19 17:48:01 270304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\updater.exe
2012-09-19 17:48:01 19424 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
2012-09-19 17:48:01 15632352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\xul.dll
2012-09-19 17:48:00 91104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\smime3.dll
2012-09-19 17:48:00 883896 ----a-w- C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
2012-09-19 17:48:00 155104 ----a-w- C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
2012-09-19 17:48:00 145376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
2012-09-18 22:31:34 98816 ----a-w- C:\Windows\sed.exe
2012-09-18 22:31:34 518144 ----a-w- C:\Windows\SWREG.exe
2012-09-18 22:31:34 256000 ----a-w- C:\Windows\PEV.exe
2012-09-18 22:31:34 208896 ----a-w- C:\Windows\MBR.exe
2012-09-18 19:14:28 -------- d-----w- C:\Users\Dolores\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 19:12:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-09-18 19:12:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-09-18 01:36:40 -------- d-----w- C:\Autoruns
2012-09-13 00:28:38 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-09-13 00:27:37 -------- d-----w- C:\Program Files\iPod
2012-09-13 00:27:36 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-13 00:27:36 -------- d-----w- C:\Program Files\iTunes
2012-09-13 00:27:36 -------- d-----w- C:\Program Files (x86)\iTunes
.
==================== Find3M ====================
.
2012-09-07 22:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-31 01:08:39 73416 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 01:08:39 696520 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24:56 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24:53 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-24 20:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-21 18:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-08-21 18:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-26 08:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2012-07-04 14:33:06 2769408 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 11:17:23.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 02 October 2012 - 08:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 02 October 2012 - 05:59 PM

Thanks so much nasdaq for the speeding response. Here are the logs

17:38:46.0917 4488 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:38:47.0448 4488 ============================================================
17:38:47.0448 4488 Current date / time: 2012/10/02 17:38:47.0448
17:38:47.0448 4488 SystemInfo:
17:38:47.0448 4488
17:38:47.0448 4488 OS Version: 6.0.6002 ServicePack: 2.0
17:38:47.0448 4488 Product type: Workstation
17:38:47.0448 4488 ComputerName: USER-PC
17:38:47.0448 4488 UserName: Dolores
17:38:47.0448 4488 Windows directory: C:\Windows
17:38:47.0448 4488 System windows directory: C:\Windows
17:38:47.0448 4488 Running under WOW64
17:38:47.0448 4488 Processor architecture: Intel x64
17:38:47.0448 4488 Number of processors: 2
17:38:47.0448 4488 Page size: 0x1000
17:38:47.0448 4488 Boot type: Normal boot
17:38:47.0448 4488 ============================================================
17:38:49.0382 4488 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:38:49.0382 4488 ============================================================
17:38:49.0382 4488 \Device\Harddisk0\DR0:
17:38:49.0398 4488 MBR partitions:
17:38:49.0398 4488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x38A5D000
17:38:49.0398 4488 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x38A5D800, BlocksNum 0x1927000
17:38:49.0398 4488 ============================================================
17:38:49.0429 4488 C: <-> \Device\Harddisk0\DR0\Partition1
17:38:49.0523 4488 D: <-> \Device\Harddisk0\DR0\Partition2
17:38:49.0523 4488 ============================================================
17:38:49.0523 4488 Initialize success
17:38:49.0523 4488 ============================================================
17:38:54.0265 4792 ============================================================
17:38:54.0265 4792 Scan started
17:38:54.0265 4792 Mode: Manual;
17:38:54.0265 4792 ============================================================
17:38:55.0388 4792 ================ Scan system memory ========================
17:38:55.0388 4792 System memory - ok
17:38:55.0388 4792 ================ Scan services =============================
17:38:55.0404 4792 !SASCORE - ok
17:38:55.0466 4792 Accelerometer - ok
17:38:55.0466 4792 ACPI - ok
17:38:55.0482 4792 AdobeARMservice - ok
17:38:55.0513 4792 AdobeFlashPlayerUpdateSvc - ok
17:38:55.0529 4792 adp94xx - ok
17:38:55.0544 4792 adpahci - ok
17:38:55.0544 4792 adpu160m - ok
17:38:55.0560 4792 adpu320 - ok
17:38:55.0575 4792 AeLookupSvc - ok
17:38:55.0591 4792 AESTFilters - ok
17:38:55.0607 4792 AFD - ok
17:38:55.0622 4792 AgereModemAudio - ok
17:38:55.0638 4792 AgereSoftModem - ok
17:38:55.0638 4792 agp440 - ok
17:38:55.0653 4792 aic78xx - ok
17:38:55.0653 4792 ALG - ok
17:38:55.0653 4792 aliide - ok
17:38:55.0669 4792 amdide - ok
17:38:55.0669 4792 AmdK8 - ok
17:38:55.0685 4792 Appinfo - ok
17:38:55.0700 4792 Apple Mobile Device - ok
17:38:55.0716 4792 arc - ok
17:38:55.0716 4792 arcsas - ok
17:38:55.0731 4792 AsyncMac - ok
17:38:55.0747 4792 atapi - ok
17:38:55.0747 4792 Ati External Event Utility - ok
17:38:55.0747 4792 atikmdag - ok
17:38:55.0763 4792 AudioEndpointBuilder - ok
17:38:55.0763 4792 AudioSrv - ok
17:38:55.0778 4792 AVG Security Toolbar Service - ok
17:38:55.0794 4792 AVGIDSAgent - ok
17:38:55.0809 4792 AVGIDSDriver - ok
17:38:55.0809 4792 AVGIDSFilter - ok
17:38:55.0809 4792 AVGIDSHA - ok
17:38:55.0825 4792 Avgldx64 - ok
17:38:55.0825 4792 Avgmfx64 - ok
17:38:55.0825 4792 Avgrkx64 - ok
17:38:55.0841 4792 Avgtdia - ok
17:38:55.0841 4792 avgwd - ok
17:38:55.0841 4792 BCM43XX - ok
17:38:55.0856 4792 Beep - ok
17:38:55.0887 4792 BFE - ok
17:38:55.0903 4792 BITS - ok
17:38:55.0903 4792 blbdrive - ok
17:38:55.0934 4792 Bonjour Service - ok
17:38:55.0934 4792 bowser - ok
17:38:55.0950 4792 BrFiltLo - ok
17:38:55.0950 4792 BrFiltUp - ok
17:38:55.0965 4792 Browser - ok
17:38:55.0965 4792 Brserid - ok
17:38:55.0965 4792 BrSerWdm - ok
17:38:55.0981 4792 BrUsbMdm - ok
17:38:55.0981 4792 BrUsbSer - ok
17:38:55.0981 4792 BTHMODEM - ok
17:38:55.0997 4792 BTWUSB - ok
17:38:56.0012 4792 catchme - ok
17:38:56.0012 4792 cdfs - ok
17:38:56.0012 4792 cdrom - ok17:38:56.0028 4792 CertPropSvc - ok
17:38:56.0028 4792 circlass - ok
17:38:56.0028 4792 CLFS - ok
17:38:56.0043 4792 CLHNServiceForPowerDVD12 - ok
17:38:56.0043 4792 clr_optimization_v2.0.50727_32 - ok
17:38:56.0043 4792 clr_optimization_v2.0.50727_64 - ok
17:38:56.0059 4792 clr_optimization_v4.0.30319_32 - ok
17:38:56.0059 4792 clr_optimization_v4.0.30319_64 - ok
17:38:56.0059 4792 CmBatt - ok
17:38:56.0059 4792 cmdide - ok
17:38:56.0090 4792 Com4QLBEx - ok
17:38:56.0090 4792 Compbatt - ok
17:38:56.0090 4792 COMSysApp - ok
17:38:56.0106 4792 crcdisk - ok
17:38:56.0121 4792 CryptSvc - ok
17:38:56.0137 4792 CyberLink PowerDVD 12 Media Server Monitor Service - ok
17:38:56.0137 4792 CyberLink PowerDVD 12 Media Server Service - ok
17:38:56.0153 4792 DcomLaunch - ok
17:38:56.0153 4792 DfsC - ok
17:38:56.0168 4792 dg_ssudbus - ok
17:38:56.0168 4792 Dhcp - ok
17:38:56.0184 4792 disk - ok
17:38:56.0184 4792 Dnscache - ok
17:38:56.0184 4792 dot3svc - ok
17:38:56.0184 4792 DPS - ok
17:38:56.0199 4792 drmkaud - ok
17:38:56.0199 4792 DXGKrnl - ok
17:38:56.0215 4792 E1G60 - ok
17:38:56.0231 4792 EapHost - ok
17:38:56.0231 4792 Ecache - ok
17:38:56.0231 4792 ehRecvr - ok
17:38:56.0231 4792 ehSched - ok
17:38:56.0246 4792 ehstart - ok
17:38:56.0246 4792 elxstor - ok
17:38:56.0262 4792 EMDMgmt - ok
17:38:56.0262 4792 enecir - ok
17:38:56.0262 4792 EPSON_PM_RPCV4_01 - ok
17:38:56.0277 4792 ErrDev - ok
17:38:56.0293 4792 EventSystem - ok
17:38:56.0293 4792 exfat - ok
17:38:56.0309 4792 fastfat - ok
17:38:56.0309 4792 fdc - ok
17:38:56.0309 4792 fdPHost - ok
17:38:56.0324 4792 FDResPub - ok
17:38:56.0324 4792 FileInfo - ok
17:38:56.0324 4792 Filetrace - ok
17:38:56.0324 4792 flpydisk - ok
17:38:56.0340 4792 FltMgr - ok
17:38:56.0371 4792 FontCache - ok
17:38:56.0387 4792 FontCache3.0.0.0 - ok
17:38:56.0387 4792 Fs_Rec - ok
17:38:56.0387 4792 gagp30kx - ok
17:38:56.0402 4792 GEARAspiWDM - ok
17:38:56.0449 4792 getPlusHelper - ok
17:38:56.0465 4792 gpsvc - ok
17:38:56.0558 4792 gupdate - ok
17:38:56.0589 4792 gupdatem - ok
17:38:56.0589 4792 HdAudAddService - ok
17:38:56.0589 4792 HDAudBus - ok
17:38:56.0605 4792 HidBth - ok
17:38:56.0605 4792 HidIr - ok
17:38:56.0621 4792 hidserv - ok
17:38:56.0621 4792 HidUsb - ok
17:38:56.0621 4792 hkmsvc - ok
17:38:56.0652 4792 HP Health Check Service - ok
17:38:56.0652 4792 HpCISSs - ok
17:38:56.0667 4792 HPDrvMntSvc.exe - ok
17:38:56.0667 4792 hpdskflt - ok
17:38:56.0667 4792 HpqKbFiltr - ok
17:38:56.0683 4792 hpqwmiex - ok
17:38:56.0683 4792 hpsrv - ok
17:38:56.0699 4792 HTTP - ok
17:38:56.0699 4792 i2omp - ok
17:38:56.0714 4792 i8042prt - ok
17:38:56.0714 4792 iaStorV - ok
17:38:56.0730 4792 IDriverT - ok
17:38:56.0730 4792 idsvc - ok
17:38:56.0730 4792 iirsp - ok
17:38:56.0745 4792 IKEEXT - ok
17:38:56.0745 4792 intelide - ok
17:38:56.0761 4792 intelppm - ok
17:38:56.0777 4792 IntuitUpdateService - ok
17:38:56.0777 4792 IPBusEnum - ok
17:38:56.0792 4792 IpFilterDriver - ok
17:38:56.0792 4792 iphlpsvc - ok
17:38:56.0792 4792 IpInIp - ok
17:38:56.0808 4792 IPMIDRV - ok
17:38:56.0808 4792 IPNAT - ok
17:38:56.0823 4792 iPod Service - ok
17:38:56.0839 4792 IRENUM - ok
17:38:56.0839 4792 isapnp - ok
17:38:56.0839 4792 iScsiPrt - ok
17:38:56.0855 4792 ISWKL - ok
17:38:56.0870 4792 IswSvc - ok
17:38:56.0870 4792 iteatapi - ok
17:38:56.0886 4792 iteraid - ok
17:38:56.0901 4792 JMCR - ok
17:38:56.0901 4792 kbdclass - ok
17:38:56.0917 4792 kbdhid - ok
17:38:56.0917 4792 KeyIso - ok
17:38:56.0917 4792 KSecDD - ok
17:38:56.0933 4792 ksthunk - ok
17:38:56.0933 4792 KtmRm - ok
17:38:56.0948 4792 LanmanServer - ok
17:38:56.0964 4792 LanmanWorkstation - ok
17:38:56.0979 4792 LightScribeService - ok
17:38:56.0979 4792 lltdio - ok
17:38:56.0995 4792 lltdsvc - ok
17:38:56.0995 4792 lmhosts - ok
17:38:56.0995 4792 LSI_FC - ok
17:38:57.0011 4792 LSI_SAS - ok
17:38:57.0011 4792 LSI_SCSI - ok
17:38:57.0026 4792 luafv - ok
17:38:57.0026 4792 McciCMService - ok
17:38:57.0042 4792 Mcx2Svc - ok
17:38:57.0042 4792 megasas - ok
17:38:57.0042 4792 MegaSR - ok
17:38:57.0073 4792 MemeoBackgroundService - ok
17:38:57.0073 4792 MMCSS - ok
17:38:57.0073 4792 Modem - ok
17:38:57.0089 4792 monitor - ok
17:38:57.0089 4792 mouclass - ok
17:38:57.0104 4792 mouhid - ok
17:38:57.0104 4792 MountMgr - ok
17:38:57.0120 4792 MozillaMaintenance - ok
17:38:57.0135 4792 mpio - ok
17:38:57.0151 4792 mpsdrv - ok
17:38:57.0151 4792 MpsSvc - ok
17:38:57.0167 4792 Mraid35x - ok
17:38:57.0167 4792 MREMP50 - ok
17:38:57.0182 4792 MREMP50a64 - ok
17:38:57.0198 4792 MRESP50 - ok
17:38:57.0198 4792 MRESP50a64 - ok
17:38:57.0198 4792 MRxDAV - ok
17:38:57.0213 4792 mrxsmb - ok
17:38:57.0213 4792 mrxsmb10 - ok
17:38:57.0229 4792 mrxsmb20 - ok
17:38:57.0229 4792 msahci - ok
17:38:57.0229 4792 msdsm - ok
17:38:57.0245 4792 MSDTC - ok
17:38:57.0245 4792 Msfs - ok
17:38:57.0260 4792 msisadrv - ok
17:38:57.0276 4792 MSiSCSI - ok
17:38:57.0276 4792 msiserver - ok
17:38:57.0291 4792 MSKSSRV - ok
17:38:57.0291 4792 MSPCLOCK - ok
17:38:57.0307 4792 MSPQM - ok
17:38:57.0307 4792 MsRPC - ok
17:38:57.0307 4792 mssmbios - ok
17:38:57.0323 4792 MSTEE - ok
17:38:57.0323 4792 Mup - ok
17:38:57.0338 4792 napagent - ok
17:38:57.0354 4792 NativeWifiP - ok
17:38:57.0354 4792 NDIS - ok
17:38:57.0354 4792 NdisTapi - ok
17:38:57.0369 4792 Ndisuio - ok
17:38:57.0369 4792 NdisWan - ok
17:38:57.0369 4792 NDProxy - ok
17:38:57.0385 4792 NetBIOS - ok
17:38:57.0385 4792 netbt - ok
17:38:57.0385 4792 Netlogon - ok
17:38:57.0401 4792 Netman - ok
17:38:57.0401 4792 netprofm - ok
17:38:57.0401 4792 NetTcpPortSharing - ok
17:38:57.0416 4792 NETw3v64 - ok
17:38:57.0432 4792 nfrd960 - ok
17:38:57.0432 4792 NlaSvc - ok
17:38:57.0432 4792 Npfs - ok
17:38:57.0447 4792 nsi - ok
17:38:57.0447 4792 nsiproxy - ok
17:38:57.0447 4792 Ntfs - ok
17:38:57.0463 4792 ntk_PowerDVD12 - ok
17:38:57.0463 4792 NuidFltr - ok
17:38:57.0463 4792 Null - ok
17:38:57.0463 4792 nvraid - ok
17:38:57.0479 4792 nvstor - ok
17:38:57.0479 4792 nv_agp - ok
17:38:57.0479 4792 NwlnkFlt - ok
17:38:57.0494 4792 NwlnkFwd - ok
17:38:57.0494 4792 ohci1394 - ok
17:38:57.0494 4792 p2pimsvc - ok
17:38:57.0494 4792 p2psvc - ok
17:38:57.0510 4792 Parport - ok
17:38:57.0510 4792 partmgr - ok
17:38:57.0510 4792 PcaSvc - ok
17:38:57.0525 4792 pci - ok
17:38:57.0525 4792 pciide - ok
17:38:57.0541 4792 pcmcia - ok
17:38:57.0541 4792 PEAUTH - ok
17:38:57.0541 4792 PerfHost - ok
17:38:57.0557 4792 pla - ok
17:38:57.0557 4792 PlugPlay - ok
17:38:57.0572 4792 PNRPAutoReg - ok
17:38:57.0572 4792 PNRPsvc - ok
17:38:57.0572 4792 PolicyAgent - ok
17:38:57.0588 4792 PptpMiniport - ok
17:38:57.0588 4792 Processor - ok
17:38:57.0588 4792 ProfSvc - ok
17:38:57.0603 4792 ProtectedStorage - ok
17:38:57.0603 4792 PSched - ok
17:38:57.0603 4792 ql2300 - ok
17:38:57.0603 4792 ql40xx - ok
17:38:57.0619 4792 QWAVE - ok
17:38:57.0619 4792 QWAVEdrv - ok
17:38:57.0666 4792 RapiMgr - ok
17:38:57.0681 4792 RasAcd - ok
17:38:57.0681 4792 RasAuto - ok
17:38:57.0681 4792 Rasl2tp - ok
17:38:57.0697 4792 RasMan - ok
17:38:57.0697 4792 RasPppoe - ok
17:38:57.0697 4792 RasSstp - ok
17:38:57.0713 4792 rdbss - ok
17:38:57.0713 4792 RDPCDD - ok
17:38:57.0713 4792 rdpdr - ok
17:38:57.0713 4792 RDPENCDD - ok
17:38:57.0728 4792 RDPWD - ok
17:38:57.0728 4792 Recovery Service for Windows - ok
17:38:57.0728 4792 RemoteAccess - ok
17:38:57.0744 4792 RemoteRegistry - ok
17:38:57.0744 4792 RichVideo - ok
17:38:57.0744 4792 RpcLocator - ok
17:38:57.0759 4792 RpcSs - ok
17:38:57.0759 4792 rspndr - ok
17:38:57.0759 4792 RTL8169 - ok
17:38:57.0775 4792 SamSs - ok
17:38:57.0775 4792 SASDIFSV - ok
17:38:57.0775 4792 SASKUTIL - ok
17:38:57.0775 4792 sbp2port - ok
17:38:57.0791 4792 SCardSvr - ok
17:38:57.0791 4792 Schedule - ok
17:38:57.0791 4792 SCPolicySvc - ok
17:38:57.0806 4792 sdbus - ok
17:38:57.0806 4792 SDRSVC - ok
17:38:57.0806 4792 SeagateDashboardService - ok
17:38:57.0822 4792 secdrv - ok
17:38:57.0822 4792 seclogon - ok
17:38:57.0822 4792 SENS - ok
17:38:57.0822 4792 Serenum - ok
17:38:57.0837 4792 Serial - ok
17:38:57.0837 4792 sermouse - ok
17:38:57.0853 4792 SessionEnv - ok
17:38:57.0853 4792 sffdisk - ok
17:38:57.0853 4792 sffp_mmc - ok
17:38:57.0869 4792 sffp_sd - ok
17:38:57.0869 4792 sfloppy - ok
17:38:57.0869 4792 SharedAccess - ok
17:38:57.0884 4792 ShellHWDetection - ok
17:38:57.0884 4792 SiSRaid2 - ok
17:38:57.0884 4792 SiSRaid4 - ok
17:38:57.0900 4792 slsvc - ok
17:38:57.0900 4792 SLUINotify - ok
17:38:57.0900 4792 Smb - ok
17:38:57.0915 4792 SNMPTRAP - ok
17:38:57.0915 4792 spldr - ok
17:38:57.0915 4792 Spooler - ok
17:38:57.0931 4792 srv - ok
17:38:57.0931 4792 srv2 - ok
17:38:57.0931 4792 srvnet - ok
17:38:57.0947 4792 SSDPSRV - ok
17:38:57.0947 4792 SstpSvc - ok
17:38:57.0962 4792 ssudmdm - ok
17:38:57.0978 4792 STacSV - ok
17:38:57.0978 4792 STHDA - ok
17:38:57.0993 4792 stisvc - ok
17:38:57.0993 4792 swenum - ok
17:38:57.0993 4792 swprv - ok
17:38:58.0009 4792 Symc8xx - ok
17:38:58.0009 4792 Sym_hi - ok
17:38:58.0009 4792 Sym_u3 - ok
17:38:58.0009 4792 SynTP - ok
17:38:58.0025 4792 SysMain - ok
17:38:58.0025 4792 TabletInputService - ok
17:38:58.0025 4792 TapiSrv - ok
17:38:58.0040 4792 TBS - ok
17:38:58.0040 4792 Tcpip - ok
17:38:58.0040 4792 Tcpip6 - ok
17:38:58.0056 4792 tcpipreg - ok
17:38:58.0056 4792 TDPIPE - ok
17:38:58.0056 4792 TDTCP - ok
17:38:58.0056 4792 tdx - ok
17:38:58.0071 4792 TermDD - ok
17:38:58.0071 4792 TermService - ok
17:38:58.0071 4792 Themes - ok
17:38:58.0087 4792 THREADORDER - ok
17:38:58.0087 4792 TrkWks - ok
17:38:58.0087 4792 TrustedInstaller - ok
17:38:58.0103 4792 tssecsrv - ok
17:38:58.0103 4792 tunmp - ok
17:38:58.0103 4792 tunnel - ok
17:38:58.0103 4792 TVCapSvc - ok
17:38:58.0118 4792 TVSched - ok
17:38:58.0118 4792 uagp35 - ok
17:38:58.0118 4792 udfs - ok
17:38:58.0134 4792 UI0Detect - ok
17:38:58.0134 4792 uliagpkx - ok
17:38:58.0149 4792 uliahci - ok
17:38:58.0149 4792 UlSata - ok
17:38:58.0149 4792 ulsata2 - ok
17:38:58.0149 4792 umbus - ok
17:38:58.0196 4792 UMPass - ok
17:38:58.0196 4792 upnphost - ok
17:38:58.0212 4792 USBAAPL64 - ok
17:38:58.0227 4792 usbccgp - ok
17:38:58.0227 4792 usbcir - ok
17:38:58.0243 4792 usbehci - ok
17:38:58.0243 4792 usbhub - ok
17:38:58.0259 4792 usbohci - ok
17:38:58.0259 4792 usbprint - ok
17:38:58.0259 4792 usbscan - ok
17:38:58.0274 4792 USBSTOR - ok
17:38:58.0274 4792 usbuhci - ok
17:38:58.0274 4792 usbvideo - ok
17:38:58.0274 4792 UxSms - ok
17:38:58.0290 4792 vds - ok
17:38:58.0305 4792 vga - ok
17:38:58.0305 4792 VgaSave - ok
17:38:58.0305 4792 viaide - ok
17:38:58.0305 4792 volmgr - ok
17:38:58.0321 4792 volmgrx - ok
17:38:58.0321 4792 volsnap - ok
17:38:58.0321 4792 Vsdatant - ok
17:38:58.0337 4792 vsdatant7 - ok
17:38:58.0352 4792 vsmon - ok
17:38:58.0352 4792 vsmraid - ok
17:38:58.0352 4792 VSS - ok
17:38:58.0368 4792 vToolbarUpdater11.2.0 - ok
17:38:58.0383 4792 W32Time - ok
17:38:58.0383 4792 WacomPen - ok
17:38:58.0383 4792 Wanarp - ok
17:38:58.0399 4792 Wanarpv6 - ok
17:38:58.0399 4792 WcesComm - ok
17:38:58.0399 4792 wcncsvc - ok
17:38:58.0415 4792 WcsPlugInService - ok
17:38:58.0415 4792 Wd - ok
17:38:58.0415 4792 Wdf01000 - ok
17:38:58.0430 4792 WdiServiceHost - ok
17:38:58.0430 4792 WdiSystemHost - ok
17:38:58.0430 4792 WebClient - ok
17:38:58.0446 4792 Wecsvc - ok
17:38:58.0461 4792 wercplsupport - ok
17:38:58.0461 4792 WerSvc - ok
17:38:58.0461 4792 WinDefend - ok
17:38:58.0477 4792 WinHttpAutoProxySvc - ok
17:38:58.0477 4792 Winmgmt - ok
17:38:58.0477 4792 WinRM - ok
17:38:58.0493 4792 winusb - ok
17:38:58.0493 4792 Wlansvc - ok
17:38:58.0508 4792 WmiAcpi - ok
17:38:58.0508 4792 wmiApSrv - ok
17:38:58.0508 4792 WMPNetworkSvc - ok
17:38:58.0524 4792 WPCSvc - ok
17:38:58.0524 4792 WPDBusEnum - ok
17:38:58.0524 4792 WpdUsb - ok
17:38:58.0539 4792 WPFFontCache_v0400 - ok
17:38:58.0539 4792 WSearch - ok
17:38:58.0539 4792 wuauserv - ok
17:38:58.0602 4792 WUDFRd - ok
17:38:58.0617 4792 wudfsvc - ok
17:38:58.0617 4792 YahooAUService - ok
17:38:58.0633 4792 yukonx64 - ok
17:38:58.0649 4792 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
17:38:58.0649 4792 {73526619-C24F-470B-9BED-53D455FBB5C6} - ok
17:38:58.0649 4792 ================ Scan global ===============================
17:38:58.0664 4792 [Global] - ok
17:38:58.0664 4792 ================ Scan MBR ==================================
17:38:58.0680 4792 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
17:38:59.0101 4792 \Device\Harddisk0\DR0 - ok
17:38:59.0101 4792 ================ Scan VBR ==================================
17:38:59.0101 4792 [ 99C55D8D4DE0A2D9C197EB888D42F8F6 ] \Device\Harddisk0\DR0\Partition1
17:38:59.0101 4792 \Device\Harddisk0\DR0\Partition1 - ok
17:38:59.0101 4792 [ F300A136D52C25E8EA9A4386EDBD7C13 ] \Device\Harddisk0\DR0\Partition2
17:38:59.0101 4792 \Device\Harddisk0\DR0\Partition2 - ok
17:38:59.0117 4792 ============================================================
17:38:59.0117 4792 Scan finished
17:38:59.0117 4792 ============================================================
17:38:59.0117 3996 Detected object count: 0
17:38:59.0117 3996 Actual detected object count: 0
17:40:00.0097 6124 ============================================================
17:40:00.0097 6124 Scan started
17:40:00.0097 6124 Mode: Manual;
17:40:00.0097 6124 ============================================================
17:40:00.0596 6124 ================ Scan system memory ========================
17:40:00.0596 6124 System memory - ok
17:40:00.0596 6124 ================ Scan services =============================
17:40:00.0799 6124 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
17:40:00.0799 6124 !SASCORE - ok
17:40:01.0080 6124 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
17:40:01.0080 6124 Accelerometer - ok
17:40:01.0158 6124 [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:40:01.0158 6124 ACPI - ok
17:40:01.0283 6124 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:40:01.0283 6124 AdobeARMservice - ok
17:40:01.0439 6124 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:40:01.0454 6124 AdobeFlashPlayerUpdateSvc - ok
17:40:01.0485 6124 [ F14215E37CF124104575073F782111D2 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:40:01.0517 6124 adp94xx - ok
17:40:01.0532 6124 [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:40:01.0548 6124 adpahci - ok
17:40:01.0579 6124 [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:40:01.0579 6124 adpu160m - ok
17:40:01.0595 6124 [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:40:01.0610 6124 adpu320 - ok
17:40:01.0641 6124 [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:40:01.0641 6124 AeLookupSvc - ok
17:40:01.0735 6124 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe
17:40:01.0751 6124 AESTFilters - ok
17:40:01.0797 6124 [ C4F6CE6087760AD70960C9EB130E7943 ] AFD C:\Windows\system32\drivers\afd.sys
17:40:01.0813 6124 AFD - ok
17:40:01.0829 6124 [ 8FE65709982F2CB7D291F6C9B2C60805 ] AgereModemAudio C:\Windows\system32\agr64svc.exe
17:40:01.0829 6124 AgereModemAudio - ok
17:40:01.0907 6124 [ 70E15CDA25E151DFC60636EF73F5A7BE ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:40:01.0953 6124 AgereSoftModem - ok
17:40:01.0985 6124 [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:40:01.0985 6124 agp440 - ok
17:40:02.0000 6124 [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:40:02.0016 6124 aic78xx - ok
17:40:02.0031 6124 [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG C:\Windows\System32\alg.exe
17:40:02.0031 6124 ALG - ok
17:40:02.0047 6124 [ E0CA5BB8E6C79533DC6B1DA7361A201E ] aliide C:\Windows\system32\drivers\aliide.sys
17:40:02.0047 6124 aliide - ok
17:40:02.0063 6124 [ 7034F8D1B9703D711D3F92C95DEB377D ] amdide C:\Windows\system32\drivers\amdide.sys
17:40:02.0063 6124 amdide - ok
17:40:02.0078 6124 [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:40:02.0078 6124 AmdK8 - ok
17:40:02.0094 6124 [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo C:\Windows\System32\appinfo.dll
17:40:02.0094 6124 Appinfo - ok
17:40:02.0187 6124 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:40:02.0187 6124 Apple Mobile Device - ok
17:40:02.0219 6124 [ BA8417D4765F3988FF921F30F630E303 ] arc C:\Windows\system32\drivers\arc.sys
17:40:02.0219 6124 arc - ok
17:40:02.0234 6124 [ 9D41C435619733B34CC16A511E644B11 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:40:02.0234 6124 arcsas - ok
17:40:02.0250 6124 [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:40:02.0250 6124 AsyncMac - ok
17:40:02.0297 6124 [ E68D9B3A3905619732F7FE039466A623 ] atapi C:\Windows\system32\drivers\atapi.sys
17:40:02.0312 6124 atapi - ok
17:40:02.0343 6124 [ 54CA8AAC988B441A692311E3B584D944 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
17:40:02.0343 6124 Ati External Event Utility - ok
17:40:02.0453 6124 [ 4B42547AE95A31D0E1E200B68A6C7647 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:40:02.0562 6124 atikmdag - ok
17:40:02.0640 6124 [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:40:02.0640 6124 AudioEndpointBuilder - ok
17:40:02.0655 6124 [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:40:02.0655 6124 AudioSrv - ok
17:40:02.0843 6124 [ 3A457C2F798CAD79CD30224E723E01FB ] AVG Security Toolbar Service C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe
17:40:02.0874 6124 AVG Security Toolbar Service - ok
17:40:03.0061 6124 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
17:40:03.0108 6124 AVGIDSAgent - ok
17:40:03.0311 6124 [ 1B2E9FCDC26DC7C81D4131430E2DC936 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
17:40:03.0311 6124 AVGIDSDriver - ok
17:40:03.0373 6124 [ 0F293406F64B48D5D2F0D3A1117F3A83 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfiltera.sys
17:40:03.0373 6124 AVGIDSFilter - ok
17:40:03.0420 6124 [ CFFC3A4A638F462E0561CB368B9A7A3A ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
17:40:03.0420 6124 AVGIDSHA - ok
17:40:03.0467 6124 [ 221FEBAB02D6C97C95558348CC354A85 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
17:40:03.0482 6124 Avgldx64 - ok
17:40:03.0529 6124 [ A6AEC362AAE5E2DDA7445E7690CB0F33 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
17:40:03.0529 6124 Avgmfx64 - ok
17:40:03.0591 6124 [ 645C7F0A0E39758A0024A9B1748273C0 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
17:40:03.0591 6124 Avgrkx64 - ok
17:40:03.0638 6124 [ F8C3C7ED612A41B05C66358FC9786BFD ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
17:40:03.0638 6124 Avgtdia - ok
17:40:03.0701 6124 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
17:40:03.0701 6124 avgwd - ok
17:40:03.0841 6124 [ EEF98DDD0FC6A5DA452EB8120D57CE44 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
17:40:03.0888 6124 BCM43XX - ok
17:40:03.0888 6124 Beep - ok
17:40:03.0966 6124 [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE C:\Windows\System32\bfe.dll
17:40:03.0981 6124 BFE - ok
17:40:04.0059 6124 [ 6D316F4859634071CC25C4FD4589AD2C ] BITS C:\Windows\system32\qmgr.dll
17:40:04.0075 6124 BITS - ok
17:40:04.0106 6124 [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:40:04.0106 6124 blbdrive - ok
17:40:04.0153 6124 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:40:04.0153 6124 Bonjour Service - ok
17:40:04.0215 6124 [ 2348447A80920B2493A9B582A23E81E1 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:40:04.0231 6124 bowser - ok
17:40:04.0247 6124 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:40:04.0247 6124 BrFiltLo - ok
17:40:04.0278 6124 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:40:04.0278 6124 BrFiltUp - ok
17:40:04.0293 6124 [ A1B39DE453433B115B4EA69EE0343816 ] Browser C:\Windows\System32\browser.dll
17:40:04.0293 6124 Browser - ok
17:40:04.0325 6124 [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid C:\Windows\system32\drivers\brserid.sys
17:40:04.0325 6124 Brserid - ok
17:40:04.0340 6124 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:40:04.0340 6124 BrSerWdm - ok
17:40:04.0371 6124 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:40:04.0371 6124 BrUsbMdm - ok
17:40:04.0403 6124 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:40:04.0403 6124 BrUsbSer - ok
17:40:04.0418 6124 [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:40:04.0418 6124 BTHMODEM - ok
17:40:04.0481 6124 [ E74B413A857328F489661203CBEB8410 ] BTWUSB C:\Windows\system32\Drivers\btwusb.sys
17:40:04.0481 6124 BTWUSB - ok
17:40:04.0481 6124 catchme - ok
17:40:04.0512 6124 [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:40:04.0512 6124 cdfs - ok
17:40:04.0574 6124 [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:40:04.0574 6124 cdrom - ok
17:40:04.0637 6124 [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc C:\Windows\System32\certprop.dll
17:40:04.0637 6124 CertPropSvc - ok
17:40:04.0668 6124 [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:40:04.0668 6124 circlass - ok
17:40:04.0730 6124 [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS C:\Windows\system32\CLFS.sys
17:40:04.0761 6124 CLFS - ok
17:40:04.0902 6124 [ EC6B664082E04D9007513C7090110B0E ] CLHNServiceForPowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
17:40:04.0902 6124 CLHNServiceForPowerDVD12 - ok
17:40:05.0042 6124 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:40:05.0042 6124 clr_optimization_v2.0.50727_32 - ok
17:40:05.0136 6124 [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:40:05.0136 6124 clr_optimization_v2.0.50727_64 - ok
17:40:05.0261 6124 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:40:05.0261 6124 clr_optimization_v4.0.30319_32 - ok
17:40:05.0292 6124 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:40:05.0323 6124 clr_optimization_v4.0.30319_64 - ok
17:40:05.0370 6124 [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:40:05.0370 6124 CmBatt - ok
17:40:05.0385 6124 [ 8C6AA24C1D7273A02284588426AB8CE3 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:40:05.0385 6124 cmdide - ok
17:40:05.0432 6124 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:40:05.0448 6124 Com4QLBEx - ok
17:40:05.0448 6124 [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:40:05.0448 6124 Compbatt - ok
17:40:05.0448 6124 COMSysApp - ok
17:40:05.0463 6124 [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:40:05.0463 6124 crcdisk - ok
17:40:05.0526 6124 [ 62740B9D2A137E8CED41A9E4239A7A31 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:40:05.0526 6124 CryptSvc - ok
17:40:05.0619 6124 [ 9519CB1BEF593A29EB8C8BE0E7E9D7CF ] CyberLink PowerDVD 12 Media Server Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
17:40:05.0619 6124 CyberLink PowerDVD 12 Media Server Monitor Service - ok
17:40:05.0635 6124 [ 8570A9460AAD8C1A0E53CC6D71BF51D0 ] CyberLink PowerDVD 12 Media Server Service C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
17:40:05.0635 6124 CyberLink PowerDVD 12 Media Server Service - ok
17:40:05.0713 6124 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:40:05.0713 6124 DcomLaunch - ok
17:40:05.0744 6124 [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:40:05.0744 6124 DfsC - ok
17:40:05.0807 6124 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:40:05.0807 6124 dg_ssudbus - ok
17:40:05.0869 6124 [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:40:05.0869 6124 Dhcp - ok
17:40:05.0931 6124 [ B0107E40ECDB5FA692EBF832F295D905 ] disk C:\Windows\system32\drivers\disk.sys
17:40:05.0947 6124 disk - ok
17:40:06.0009 6124 [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:40:06.0009 6124 Dnscache - ok
17:40:06.0072 6124 [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc C:\Windows\System32\dot3svc.dll
17:40:06.0087 6124 dot3svc - ok
17:40:06.0119 6124 [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS C:\Windows\system32\dps.dll
17:40:06.0119 6124 DPS - ok
17:40:06.0181 6124 [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:40:06.0181 6124 drmkaud - ok
17:40:06.0275 6124 [ B8E554E502D5123BC111F99D6A2181B4 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:40:06.0290 6124 DXGKrnl - ok
17:40:06.0306 6124 [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
17:40:06.0321 6124 E1G60 - ok
17:40:06.0353 6124 [ C2303883FD9BE49DC36A6400643002EA ] EapHost C:\Windows\System32\eapsvc.dll
17:40:06.0353 6124 EapHost - ok
17:40:06.0415 6124 [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache C:\Windows\system32\drivers\ecache.sys
17:40:06.0431 6124 Ecache - ok
17:40:06.0493 6124 [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:40:06.0493 6124 ehRecvr - ok
17:40:06.0509 6124 [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched C:\Windows\ehome\ehsched.exe
17:40:06.0509 6124 ehSched - ok
17:40:06.0524 6124 [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart C:\Windows\ehome\ehstart.dll
17:40:06.0524 6124 ehstart - ok
17:40:06.0571 6124 [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:40:06.0571 6124 elxstor - ok
17:40:06.0665 6124 [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:40:06.0665 6124 EMDMgmt - ok
17:40:06.0696 6124 [ F218A3A27ED6592C0E22EC3595554447 ] enecir C:\Windows\system32\DRIVERS\enecir.sys
17:40:06.0696 6124 enecir - ok
17:40:06.0789 6124 [ 000598EAA293D5139F3DBC68516F901E ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
17:40:06.0789 6124 EPSON_PM_RPCV4_01 - ok
17:40:06.0805 6124 [ BC3A58E938BB277E46BF4B3003B01ABD ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:40:06.0805 6124 ErrDev - ok
17:40:06.0883 6124 [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem C:\Windows\system32\es.dll
17:40:06.0899 6124 EventSystem - ok
17:40:06.0961 6124 [ 486844F47B6636044A42454614ED4523 ] exfat C:\Windows\system32\drivers\exfat.sys
17:40:06.0977 6124 exfat - ok
17:40:07.0023 6124 [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:40:07.0039 6124 fastfat - ok
17:40:07.0070 6124 [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:40:07.0086 6124 fdc - ok
17:40:07.0101 6124 [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost C:\Windows\system32\fdPHost.dll
17:40:07.0101 6124 fdPHost - ok
17:40:07.0133 6124 [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub C:\Windows\system32\fdrespub.dll
17:40:07.0133 6124 FDResPub - ok
17:40:07.0148 6124 [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:40:07.0148 6124 FileInfo - ok
17:40:07.0164 6124 [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:40:07.0179 6124 Filetrace - ok
17:40:07.0195 6124 [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:40:07.0195 6124 flpydisk - ok
17:40:07.0257 6124 [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:40:07.0257 6124 FltMgr - ok
17:40:07.0335 6124 [ BE1C5BD1CA7ED015BC6FA1AE67E592C8 ] FontCache C:\Windows\system32\FntCache.dll
17:40:07.0335 6124 FontCache - ok
17:40:07.0413 6124 [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:40:07.0413 6124 FontCache3.0.0.0 - ok
17:40:07.0476 6124 [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:40:07.0476 6124 Fs_Rec - ok
17:40:07.0507 6124 [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:40:07.0507 6124 gagp30kx - ok
17:40:07.0554 6124 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:40:07.0569 6124 GEARAspiWDM - ok
17:40:07.0569 6124 getPlusHelper - ok
17:40:07.0632 6124 [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc C:\Windows\System32\gpsvc.dll
17:40:07.0632 6124 gpsvc - ok
17:40:07.0757 6124 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:07.0757 6124 gupdate - ok
17:40:07.0772 6124 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:40:07.0772 6124 gupdatem - ok
17:40:07.0835 6124 [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:40:07.0835 6124 HdAudAddService - ok
17:40:07.0913 6124 [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:40:07.0944 6124 HDAudBus - ok
17:40:07.0959 6124 [ B4881C84A180E75B8C25DC1D726C375F ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:40:07.0959 6124 HidBth - ok
17:40:07.0991 6124 [ 1D4E03E5C5BA4C3679C38CB6B4C60D5F ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:40:07.0991 6124 HidIr - ok
17:40:08.0053 6124 [ 59361D38A297755D46A540E450202B2A ] hidserv C:\Windows\system32\hidserv.dll
17:40:08.0053 6124 hidserv - ok
17:40:08.0069 6124 [ 59A7B5E13356C20D67983868242167C5 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:40:08.0084 6124 HidUsb - ok
17:40:08.0115 6124 [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc C:\Windows\system32\kmsvc.dll
17:40:08.0115 6124 hkmsvc - ok
17:40:08.0225 6124 [ 45A12CACB97B4F15858FCFD59355A1E9 ] HP Health Check Service C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
17:40:08.0225 6124 HP Health Check Service - ok
17:40:08.0256 6124 [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:40:08.0256 6124 HpCISSs - ok
17:40:08.0287 6124 [ F55442690A70A0278A7EED4FAAEBF576 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:40:08.0287 6124 HPDrvMntSvc.exe - ok
17:40:08.0318 6124 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
17:40:08.0318 6124 hpdskflt - ok
17:40:08.0365 6124 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:40:08.0381 6124 HpqKbFiltr - ok
17:40:08.0443 6124 [ 640E51DB253265C3EAC075866B3D2B33 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:40:08.0474 6124 hpqwmiex - ok
17:40:08.0537 6124 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
17:40:08.0537 6124 hpsrv - ok
17:40:08.0615 6124 [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:40:08.0630 6124 HTTP - ok
17:40:08.0661 6124 [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:40:08.0661 6124 i2omp - ok
17:40:08.0677 6124 [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:40:08.0677 6124 i8042prt - ok
17:40:08.0693 6124 [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:40:08.0708 6124 iaStorV - ok
17:40:08.0755 6124 [ DAF66902F08796F9C694901660E5A64A ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
17:40:08.0755 6124 IDriverT - ok
17:40:08.0849 6124 [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:40:08.0880 6124 idsvc - ok
17:40:08.0927 6124 [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:40:08.0927 6124 iirsp - ok
17:40:08.0989 6124 [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT C:\Windows\System32\ikeext.dll
17:40:09.0020 6124 IKEEXT - ok
17:40:09.0051 6124 [ 475490CAF376E55E6E8B37BBDFEB2E81 ] intelide C:\Windows\system32\drivers\intelide.sys
17:40:09.0051 6124 intelide - ok
17:40:09.0067 6124 [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:40:09.0067 6124 intelppm - ok
17:40:09.0192 6124 [ 7BDB4E00E1CB174B56E5B2C31DDE68A7 ] IntuitUpdateService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
17:40:09.0192 6124 IntuitUpdateService - ok
17:40:09.0223 6124 [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:40:09.0223 6124 IPBusEnum - ok
17:40:09.0239 6124 [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:40:09.0254 6124 IpFilterDriver - ok
17:40:09.0301 6124 [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:40:09.0301 6124 iphlpsvc - ok
17:40:09.0317 6124 IpInIp - ok
17:40:09.0348 6124 [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:40:09.0348 6124 IPMIDRV - ok
17:40:09.0363 6124 [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:40:09.0363 6124 IPNAT - ok
17:40:09.0410 6124 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:40:09.0441 6124 iPod Service - ok
17:40:09.0457 6124 [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:40:09.0457 6124 IRENUM - ok
17:40:09.0473 6124 [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:40:09.0473 6124 isapnp - ok
17:40:09.0535 6124 [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:40:09.0535 6124 iScsiPrt - ok
17:40:09.0644 6124 [ BF65E6D039AE37C988D5B2B680E7D718 ] ISWKL C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
17:40:09.0660 6124 ISWKL - ok
17:40:09.0738 6124 [ 99148599FE4D0A5CD7C7EB74ED5A63E4 ] IswSvc C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
17:40:09.0753 6124 IswSvc - ok
17:40:09.0785 6124 [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:40:09.0785 6124 iteatapi - ok
17:40:09.0800 6124 [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:40:09.0800 6124 iteraid - ok
17:40:09.0831 6124 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
17:40:09.0831 6124 JMCR - ok
17:40:09.0831 6124 [ 423696F3BA6472DD17699209B933BC26 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:40:09.0831 6124 kbdclass - ok
17:40:09.0863 6124 [ DBDF75D51464FBC47D0104EC3D572C05 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:40:09.0863 6124 kbdhid - ok
17:40:09.0894 6124 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso C:\Windows\system32\lsass.exe
17:40:09.0894 6124 KeyIso - ok
17:40:09.0956 6124 [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:40:09.0972 6124 KSecDD - ok
17:40:10.0003 6124 [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:40:10.0003 6124 ksthunk - ok
17:40:10.0019 6124 [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm C:\Windows\system32\msdtckrm.dll
17:40:10.0050 6124 KtmRm - ok
17:40:10.0097 6124 [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:40:10.0097 6124 LanmanServer - ok
17:40:10.0175 6124 [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:40:10.0175 6124 LanmanWorkstation - ok
17:40:10.0206 6124 [ C2E324014D54DAA2B5A4DE47CB696FD8 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:40:10.0206 6124 LightScribeService - ok
17:40:10.0221 6124 [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:40:10.0221 6124 lltdio - ok
17:40:10.0268 6124 [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:40:10.0268 6124 lltdsvc - ok
17:40:10.0284 6124 [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:40:10.0299 6124 lmhosts - ok
17:40:10.0315 6124 [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:40:10.0315 6124 LSI_FC - ok
17:40:10.0331 6124 [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:40:10.0331 6124 LSI_SAS - ok
17:40:10.0346 6124 [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:40:10.0346 6124 LSI_SCSI - ok
17:40:10.0346 6124 [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv C:\Windows\system32\drivers\luafv.sys
17:40:10.0346 6124 luafv - ok
17:40:10.0424 6124 [ 4F74184920B2D6E33024409B4C5C57C1 ] McciCMService C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
17:40:10.0424 6124 McciCMService - ok
17:40:10.0440 6124 [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc C:\Windows\system32\Mcx2svc.dll
17:40:10.0440 6124 Mcx2Svc - ok
17:40:10.0455 6124 [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas C:\Windows\system32\drivers\megasas.sys
17:40:10.0455 6124 megasas - ok
17:40:10.0471 6124 [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:40:10.0471 6124 MegaSR - ok
17:40:10.0533 6124 [ 671A03CA9CD0259CCBB7B78A9CE234EC ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
17:40:10.0533 6124 MemeoBackgroundService - ok
17:40:10.0533 6124 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS C:\Windows\system32\mmcss.dll
17:40:10.0549 6124 MMCSS - ok
17:40:10.0565 6124 [ 59848D5CC74606F0EE7557983BB73C2E ] Modem C:\Windows\system32\drivers\modem.sys
17:40:10.0565 6124 Modem - ok
17:40:10.0580 6124 [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:40:10.0580 6124 monitor - ok
17:40:10.0596 6124 [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:40:10.0596 6124 mouclass - ok
17:40:10.0611 6124 [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:40:10.0611 6124 mouhid - ok
17:40:10.0627 6124 [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:40:10.0627 6124 MountMgr - ok
17:40:10.0705 6124 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:40:10.0705 6124 MozillaMaintenance - ok
17:40:10.0736 6124 [ F8276EB8698142884498A528DFEA8478 ] mpio C:\Windows\system32\drivers\mpio.sys
17:40:10.0736 6124 mpio - ok
17:40:10.0752 6124 [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:40:10.0752 6124 mpsdrv - ok
17:40:10.0814 6124 [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc C:\Windows\system32\mpssvc.dll
17:40:10.0814 6124 MpsSvc - ok
17:40:10.0845 6124 [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:40:10.0845 6124 Mraid35x - ok
17:40:10.0892 6124 [ 80B2EC735495823AE5771A5F603E73BD ] MREMP50 C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
17:40:10.0892 6124 MREMP50 - ok
17:40:10.0892 6124 MREMP50a64 - ok
17:40:10.0923 6124 [ 37D7C22F7E26DA90E2D2D260E5D27846 ] MRESP50 C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
17:40:10.0923 6124 MRESP50 - ok
17:40:10.0923 6124 MRESP50a64 - ok
17:40:10.0955 6124 [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:40:10.0955 6124 MRxDAV - ok
17:40:11.0001 6124 [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:40:11.0001 6124 mrxsmb - ok
17:40:11.0033 6124 [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:40:11.0048 6124 mrxsmb10 - ok
17:40:11.0048 6124 [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:40:11.0048 6124 mrxsmb20 - ok
17:40:11.0079 6124 [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci C:\Windows\system32\drivers\msahci.sys
17:40:11.0079 6124 msahci - ok
17:40:11.0126 6124 [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:40:11.0126 6124 msdsm - ok
17:40:11.0142 6124 [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC C:\Windows\System32\msdtc.exe
17:40:11.0142 6124 MSDTC - ok
17:40:11.0157 6124 [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:40:11.0157 6124 Msfs - ok
17:40:11.0173 6124 [ 00EBC952961664780D43DCA157E79B27 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:40:11.0173 6124 msisadrv - ok
17:40:11.0204 6124 [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:40:11.0220 6124 MSiSCSI - ok
17:40:11.0220 6124 msiserver - ok
17:40:11.0235 6124 [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:40:11.0235 6124 MSKSSRV - ok
17:40:11.0267 6124 [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:40:11.0267 6124 MSPCLOCK - ok
17:40:11.0282 6124 [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:40:11.0282 6124 MSPQM - ok
17:40:11.0345 6124 [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:40:11.0345 6124 MsRPC - ok
17:40:11.0376 6124 [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:40:11.0376 6124 mssmbios - ok
17:40:11.0391 6124 [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:40:11.0391 6124 MSTEE - ok
17:40:11.0407 6124 [ 0CC49F78D8ACA0877D885F149084E543 ] Mup C:\Windows\system32\Drivers\mup.sys
17:40:11.0407 6124 Mup - ok
17:40:11.0469 6124 [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent C:\Windows\system32\qagentRT.dll
17:40:11.0485 6124 napagent - ok
17:40:11.0563 6124 [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:40:11.0563 6124 NativeWifiP - ok
17:40:11.0641 6124 [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:40:11.0672 6124 NDIS - ok
17:40:11.0688 6124 [ 64DF698A425478E321981431AC171334 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:40:11.0688 6124 NdisTapi - ok
17:40:11.0703 6124 [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:40:11.0719 6124 Ndisuio - ok
17:40:11.0766 6124 [ F8158771905260982CE724076419EF19 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:40:11.0781 6124 NdisWan - ok
17:40:11.0797 6124 [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:40:11.0797 6124 NDProxy - ok
17:40:11.0813 6124 [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:40:11.0828 6124 NetBIOS - ok
17:40:11.0906 6124 [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:40:11.0906 6124 netbt - ok
17:40:11.0937 6124 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon C:\Windows\system32\lsass.exe
17:40:11.0937 6124 Netlogon - ok
17:40:11.0969 6124 [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman C:\Windows\System32\netman.dll
17:40:11.0984 6124 Netman - ok
17:40:12.0000 6124 [ 7846D0136CC2B264926A73047BA7688A ] netprofm C:\Windows\System32\netprofm.dll
17:40:12.0031 6124 netprofm - ok
17:40:12.0093 6124 [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:40:12.0093 6124 NetTcpPortSharing - ok
17:40:12.0218 6124 [ C86984AEE87900C1EEB6942EDE3BF4B6 ] NETw3v64 C:\Windows\system32\DRIVERS\NETw3v64.sys
17:40:12.0327 6124 NETw3v64 - ok
17:40:12.0343 6124 [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:40:12.0343 6124 nfrd960 - ok
17:40:12.0374 6124 [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc C:\Windows\System32\nlasvc.dll
17:40:12.0374 6124 NlaSvc - ok
17:40:12.0421 6124 [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:40:12.0421 6124 Npfs - ok
17:40:12.0452 6124 [ ACB62BAA1C319B17752553DF3026EEEB ] nsi C:\Windows\system32\nsisvc.dll
17:40:12.0468 6124 nsi - ok
17:40:12.0483 6124 [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:40:12.0483 6124 nsiproxy - ok
17:40:12.0593 6124 [ BAC869DFB98E499BA4D9BB1FB43270E1 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:40:12.0655 6124 Ntfs - ok
17:40:12.0717 6124 [ A773AA47341A1FD16C6A9BA3C11D7DAA ] ntk_PowerDVD12 C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys
17:40:12.0717 6124 ntk_PowerDVD12 - ok
17:40:12.0780 6124 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
17:40:12.0780 6124 NuidFltr - ok
17:40:12.0795 6124 [ DD5D684975352B85B52E3FD5347C20CB ] Null C:\Windows\system32\drivers\Null.sys
17:40:12.0795 6124 Null - ok
17:40:12.0811 6124 [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:40:12.0827 6124 nvraid - ok
17:40:12.0842 6124 [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:40:12.0842 6124 nvstor - ok
17:40:12.0858 6124 [ 19067CA93075EF4823E3938A686F532F ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:40:12.0873 6124 nv_agp - ok
17:40:12.0873 6124 NwlnkFlt - ok
17:40:12.0873 6124 NwlnkFwd - ok
17:40:12.0936 6124 [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
17:40:12.0936 6124 ohci1394 - ok
17:40:13.0014 6124 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:40:13.0014 6124 p2pimsvc - ok
17:40:13.0045 6124 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc C:\Windows\system32\p2psvc.dll
17:40:13.0045 6124 p2psvc - ok
17:40:13.0076 6124 [ AECD57F94C887F58919F307C35498EA0 ] Parport C:\Windows\system32\drivers\parport.sys
17:40:13.0076 6124 Parport - ok
17:40:13.0139 6124 [ B43751085E2ABE389DA466BC62A4B987 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:40:13.0139 6124 partmgr - ok
17:40:13.0170 6124 [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc C:\Windows\System32\pcasvc.dll
17:40:13.0170 6124 PcaSvc - ok
17:40:13.0201 6124 [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci C:\Windows\system32\drivers\pci.sys
17:40:13.0201 6124 pci - ok
17:40:13.0232 6124 [ 15E5C3F89A3452EFBDA3B39816DBC4EE ] pciide C:\Windows\system32\drivers\pciide.sys
17:40:13.0232 6124 pciide - ok
17:40:13.0263 6124 [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:40:13.0263 6124 pcmcia - ok
17:40:13.0295 6124 [ 58865916F53592A61549B04941BFD80D ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:40:13.0326 6124 PEAUTH - ok
17:40:13.0419 6124 [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:40:13.0419 6124 PerfHost - ok
17:40:13.0466 6124 [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla C:\Windows\system32\pla.dll
17:40:13.0482 6124 pla - ok
17:40:13.0544 6124 [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:40:13.0544 6124 PlugPlay - ok
17:40:13.0575 6124 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:40:13.0575 6124 PNRPAutoReg - ok
17:40:13.0607 6124 [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:40:13.0622 6124 PNRPsvc - ok
17:40:13.0685 6124 [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:40:13.0700 6124 PolicyAgent - ok
17:40:13.0763 6124 [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:40:13.0763 6124 PptpMiniport - ok
17:40:13.0809 6124 [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor C:\Windows\system32\drivers\processr.sys
17:40:13.0809 6124 Processor - ok
17:40:13.0856 6124 [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc C:\Windows\system32\profsvc.dll
17:40:13.0872 6124 ProfSvc - ok
17:40:13.0872 6124 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
17:40:13.0872 6124 ProtectedStorage - ok
17:40:13.0934 6124 [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:40:13.0934 6124 PSched - ok
17:40:13.0981 6124 [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:40:14.0028 6124 ql2300 - ok
17:40:14.0028 6124 [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:40:14.0028 6124 ql40xx - ok
17:40:14.0059 6124 [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE C:\Windows\system32\qwave.dll
17:40:14.0059 6124 QWAVE - ok
17:40:14.0075 6124 [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:40:14.0075 6124 QWAVEdrv - ok
17:40:14.0153 6124 [ ED4E69C31EF566266BE13638EBE9DA56 ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
17:40:14.0153 6124 RapiMgr - ok
17:40:14.0168 6124 [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:40:14.0168 6124 RasAcd - ok
17:40:14.0184 6124 [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto C:\Windows\System32\rasauto.dll
17:40:14.0184 6124 RasAuto - ok
17:40:14.0246 6124 [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:40:14.0262 6124 Rasl2tp - ok
17:40:14.0277 6124 [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan C:\Windows\System32\rasmans.dll
17:40:14.0277 6124 RasMan - ok
17:40:14.0324 6124 [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:40:14.0340 6124 RasPppoe - ok
17:40:14.0355 6124 [ C6A593B51F34C33E5474539544072527 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:40:14.0371 6124 RasSstp - ok
17:40:14.0418 6124 [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:40:14.0418 6124 rdbss - ok
17:40:14.0449 6124 [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:40:14.0449 6124 RDPCDD - ok
17:40:14.0480 6124 [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:40:14.0496 6124 rdpdr - ok
17:40:14.0511 6124 [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:40:14.0511 6124 RDPENCDD - ok
17:40:14.0574 6124 [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:40:14.0589 6124 RDPWD - ok
17:40:14.0652 6124 [ BC0A4D47472B042537F4E57B950415FA ] Recovery Service for Windows C:\Program Files (x86)\SMINST\BLService.exe
17:40:14.0667 6124 Recovery Service for Windows - ok
17:40:14.0699 6124 [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:40:14.0699 6124 RemoteAccess - ok
17:40:14.0761 6124 [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:40:14.0761 6124 RemoteRegistry - ok
17:40:14.0808 6124 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:40:14.0808 6124 RichVideo - ok
17:40:14.0839 6124 [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator C:\Windows\system32\locator.exe
17:40:14.0839 6124 RpcLocator - ok
17:40:14.0933 6124 [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs C:\Windows\system32\rpcss.dll
17:40:14.0933 6124 RpcSs - ok
17:40:14.0964 6124 [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:40:14.0964 6124 rspndr - ok
17:40:15.0011 6124 [ 8B91737DA75ADD21CB1554B38089196A ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh64.sys
17:40:15.0011 6124 RTL8169 - ok
17:40:15.0026 6124 [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs C:\Windows\system32\lsass.exe
17:40:15.0026 6124 SamSs - ok
17:40:15.0073 6124 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
17:40:15.0073 6124 SASDIFSV - ok
17:40:15.0089 6124 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
17:40:15.0089 6124 SASKUTIL - ok
17:40:15.0104 6124 [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:40:15.0104 6124 sbp2port - ok
17:40:15.0182 6124 [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:40:15.0198 6124 SCardSvr - ok
17:40:15.0260 6124 [ 0F838C811AD295D2A4489B9993096C63 ] Schedule C:\Windows\system32\schedsvc.dll
17:40:15.0291 6124 Schedule - ok
17:40:15.0354 6124 [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:40:15.0354 6124 SCPolicySvc - ok
17:40:15.0369 6124 [ B42EE50F7D24F837F925332EB349ECA5 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
17:40:15.0385 6124 sdbus - ok
17:40:15.0416 6124 [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:40:15.0416 6124 SDRSVC - ok
17:40:15.0463 6124 [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
17:40:15.0463 6124 SeagateDashboardService - ok
17:40:15.0494 6124 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:40:15.0494 6124 secdrv - ok
17:40:15.0525 6124 [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon C:\Windows\system32\seclogon.dll
17:40:15.0525 6124 seclogon - ok
17:40:15.0541 6124 [ 90973A64B96CD647FF81C79443618EED ] SENS C:\Windows\system32\sens.dll
17:40:15.0557 6124 SENS - ok
17:40:15.0572 6124 [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:40:15.0572 6124 Serenum - ok
17:40:15.0588 6124 [ E62FAC91EE288DB29A9696A9D279929C ] Serial C:\Windows\system32\drivers\serial.sys
17:40:15.0603 6124 Serial - ok
17:40:15.0635 6124 [ A842F04833684BCEEA7336211BE478DF ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:40:15.0635 6124 sermouse - ok
17:40:15.0681 6124 [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv C:\Windows\system32\sessenv.dll
17:40:15.0681 6124 SessionEnv - ok
17:40:15.0697 6124 [ 14D4B4465193A87C127933978E8C4106 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:40:15.0697 6124 sffdisk - ok
17:40:15.0697 6124 [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:40:15.0697 6124 sffp_mmc - ok
17:40:15.0728 6124 [ 35E59EBE4A01A0532ED67975161C7B82 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:40:15.0728 6124 sffp_sd - ok
17:40:15.0791 6124 [ 40567781F0785C4A69411D1B40DA8987 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:40:15.0791 6124 sfloppy - ok
17:40:15.0822 6124 [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:40:15.0822 6124 SharedAccess - ok
17:40:15.0884 6124 [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:40:15.0884 6124 ShellHWDetection - ok
17:40:15.0900 6124 [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:40:15.0915 6124 SiSRaid2 - ok
17:40:15.0915 6124 [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:40:15.0915 6124 SiSRaid4 - ok
17:40:16.0025 6124 [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc C:\Windows\system32\SLsvc.exe
17:40:16.0040 6124 slsvc - ok
17:40:16.0103 6124 [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:40:16.0103 6124 SLUINotify - ok
17:40:16.0165 6124 [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:40:16.0165 6124 Smb - ok
17:40:16.0196 6124 [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:40:16.0196 6124 SNMPTRAP - ok
17:40:16.0259 6124 [ 386C3C63F00A7040C7EC5E384217E89D ] spldr C:\Windows\system32\drivers\spldr.sys
17:40:16.0259 6124 spldr - ok
17:40:16.0321 6124 [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler C:\Windows\System32\spoolsv.exe
17:40:16.0321 6124 Spooler - ok
17:40:16.0399 6124 [ 880A57FCCB571EBD063D4DD50E93E46D ] srv C:\Windows\system32\DRIVERS\srv.sys
17:40:16.0399 6124 srv - ok
17:40:16.0430 6124 [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:40:16.0430 6124 srv2 - ok
17:40:16.0446 6124 [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:40:16.0446 6124 srvnet - ok
17:40:16.0493 6124 [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:40:16.0493 6124 SSDPSRV - ok
17:40:16.0508 6124 [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:40:16.0508 6124 SstpSvc - ok
17:40:16.0571 6124 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:40:16.0571 6124 ssudmdm - ok
17:40:16.0711 6124 [ 72EB6157E892A674E47E08732BB5CCE3 ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe
17:40:16.0727 6124 STacSV - ok
17:40:16.0789 6124 [ 0C7BDA7E9A329A071C080EB5210FE019 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:40:16.0820 6124 STHDA - ok
17:40:16.0883 6124 [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc C:\Windows\System32\wiaservc.dll
17:40:16.0898 6124 stisvc - ok
17:40:16.0914 6124 [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:40:16.0914 6124 swenum - ok
17:40:17.0007 6124 [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv C:\Windows\System32\swprv.dll
17:40:17.0007 6124 swprv - ok
17:40:17.0023 6124 [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:40:17.0039 6124 Symc8xx - ok
17:40:17.0039 6124 [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:40:17.0054 6124 Sym_hi - ok
17:40:17.0070 6124 [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:40:17.0070 6124 Sym_u3 - ok
17:40:17.0132 6124 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:40:17.0148 6124 SynTP - ok
17:40:17.0226 6124 [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain C:\Windows\system32\sysmain.dll
17:40:17.0241 6124 SysMain - ok
17:40:17.0273 6124 [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:40:17.0288 6124 TabletInputService - ok
17:40:17.0335 6124 [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:40:17.0351 6124 TapiSrv - ok
17:40:17.0366 6124 [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS C:\Windows\System32\tbssvc.dll
17:40:17.0366 6124 TBS - ok
17:40:17.0475 6124 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:40:17.0522 6124 Tcpip - ok
17:40:17.0569 6124 [ AC8D5728E6AD6A7C4819D9A67008337A ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:40:17.0585 6124 Tcpip6 - ok
17:40:17.0600 6124 [ FD8FDE859E38E40A20085EBB0C22B416 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:40:17.0600 6124 tcpipreg - ok
17:40:17.0616 6124 [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:40:17.0616 6124 TDPIPE - ok
17:40:17.0647 6124 [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:40:17.0647 6124 TDTCP - ok
17:40:17.0694 6124 [ 458919C8C42E398DC4802178D5FFEE27 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:40:17.0709 6124 tdx - ok
17:40:17.0756 6124 [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:40:17.0756 6124 TermDD - ok
17:40:17.0819 6124 [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService C:\Windows\System32\termsrv.dll
17:40:17.0834 6124 TermService - ok
17:40:17.0850 6124 [ 56793271ECDEDD350C5ADD305603E963 ] Themes C:\Windows\system32\shsvcs.dll
17:40:17.0850 6124 Themes - ok
17:40:17.0881 6124 [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER C:\Windows\system32\mmcss.dll
17:40:17.0881 6124 THREADORDER - ok
17:40:17.0912 6124 [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks C:\Windows\System32\trkwks.dll
17:40:17.0912 6124 TrkWks - ok
17:40:17.0990 6124 [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:40:17.0990 6124 TrustedInstaller - ok
17:40:18.0021 6124 [ 9E5409CD17C8BEF193AAD498F3BC2CB8 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:40:18.0021 6124 tssecsrv - ok
17:40:18.0053 6124 [ 89EC74A9E602D16A75A4170511029B3C ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:40:18.0240 6124 tunmp - ok
17:40:18.0302 6124 [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:40:18.0302 6124 tunnel - ok
17:40:18.0458 6124 [ 862E9DEC4B802DD58D897A151A17C527 ] TVCapSvc C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
17:40:18.0474 6124 TVCapSvc - ok
17:40:18.0489 6124 [ 5DCE4656BF1EBA4EB475D192F23B0B56 ] TVSched C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
17:40:18.0489 6124 TVSched - ok
17:40:18.0521 6124 [ FEC266EF401966311744BD0F359F7F56 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:40:18.0536 6124 uagp35 - ok
17:40:18.0599 6124 [ FAF2640A2A76ED03D449E443194C4C34 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:40:18.0614 6124 udfs - ok
17:40:18.0661 6124 [ 060507C4113391394478F6953A79EEDC ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:40:18.0677 6124 UI0Detect - ok
17:40:18.0692 6124 [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:40:18.0692 6124 uliagpkx - ok
17:40:18.0723 6124 [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:40:18.0739 6124 uliahci - ok
17:40:18.0755 6124 [ 31707F09846056651EA2C37858F5DDB0 ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:40:18.0770 6124 UlSata - ok
17:40:18.0786 6124 [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:40:18.0786 6124 ulsata2 - ok
17:40:18.0801 6124 [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:40:18.0801 6124 umbus - ok
17:40:18.0817 6124 [ 01ABE05C401E70795B43A8933B44831E ] UMPass C:\Windows\system32\DRIVERS\umpass.sys
17:40:18.0817 6124 UMPass - ok
17:40:18.0864 6124 [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost C:\Windows\System32\upnphost.dll
17:40:18.0864 6124 upnphost - ok
17:40:18.0926 6124 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:40:18.0926 6124 USBAAPL64 - ok
17:40:18.0957 6124 [ 07E3498FC60834219D2356293DA0FECC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:40:18.0973 6124 usbccgp - ok
17:40:18.0989 6124 [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:40:18.0989 6124 usbcir - ok
17:40:19.0051 6124 [ 827E44DE934A736EA31E91D353EB126F ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:40:19.0051 6124 usbehci - ok
17:40:19.0113 6124 [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:40:19.0129 6124 usbhub - ok
17:40:19.0160 6124 [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:40:19.0160 6124 usbohci - ok
17:40:19.0223 6124 [ 28B693B6D31E7B9332C1BDCEFEF228C1 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:40:19.0223 6124 usbprint - ok
17:40:19.0285 6124 [ EA0BF666868964FBE8CB10E50C97B9F1 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:40:19.0285 6124 usbscan - ok
17:40:19.0347 6124 [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:40:19.0347 6124 USBSTOR - ok
17:40:19.0379 6124 [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:40:19.0379 6124 usbuhci - ok
17:40:19.0410 6124 [ FC33099877790D51B0927B7039059855 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:40:19.0425 6124 usbvideo - ok
17:40:19.0457 6124 [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms C:\Windows\System32\uxsms.dll
17:40:19.0457 6124 UxSms - ok
17:40:19.0503 6124 [ 294945381DFA7CE58CECF0A9896AF327 ] vds C:\Windows\System32\vds.exe
17:40:19.0519 6124 vds - ok
17:40:19.0550 6124 [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:40:19.0550 6124 vga - ok
17:40:19.0566 6124 [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:40:19.0581 6124 VgaSave - ok
17:40:19.0597 6124 [ 4F964E6828156F0EF3FA8D3A9A7895DE ] viaide C:\Windows\system32\drivers\viaide.sys
17:40:19.0597 6124 viaide - ok
17:40:19.0659 6124 [ 2B7E885ED951519A12C450D24535DFCA ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:40:19.0659 6124 volmgr - ok
17:40:19.0706 6124 [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:40:19.0722 6124 volmgrx - ok
17:40:19.0800 6124 [ 5280AADA24AB36B01A84A6424C475C8D ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:40:19.0800 6124 volsnap - ok
17:40:19.0987 6124 [ 1B6892429CB452F4434F1B51CF921369 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
17:40:20.0003 6124 Vsdatant - ok
17:40:20.0018 6124 vsdatant7 - ok
17:40:20.0096 6124 vsmon - ok
17:40:20.0143 6124 [ A68F455ED2673835209318DD61BFBB0E ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:40:20.0143 6124 vsmraid - ok
17:40:20.0237 6124 [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS C:\Windows\system32\vssvc.exe
17:40:20.0268 6124 VSS - ok
17:40:20.0439 6124 [ 8ED347BAD8D1FB7C40B593BFB01786D2 ] vToolbarUpdater11.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
17:40:20.0471 6124 vToolbarUpdater11.2.0 - ok
17:40:20.0549 6124 [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time C:\Windows\system32\w32time.dll
17:40:20.0564 6124 W32Time - ok
17:40:20.0580 6124 [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:40:20.0580 6124 WacomPen - ok
17:40:20.0642 6124 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:40:20.0642 6124 Wanarp - ok
17:40:20.0658 6124 [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:40:20.0673 6124 Wanarpv6 - ok
17:40:20.0736 6124 [ 382A7B0B632EC98DE5F0658DA9DE6159 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
17:40:20.0736 6124 WcesComm - ok
17:40:20.0814 6124 [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:40:20.0829 6124 wcncsvc - ok
17:40:20.0845 6124 [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:40:20.0861 6124 WcsPlugInService - ok
17:40:20.0892 6124 [ 0C17A0816F65B89E362E682AD5E7266E ] Wd C:\Windows\system32\drivers\wd.sys
17:40:20.0892 6124 Wd - ok
17:40:20.0970 6124 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:40:21.0001 6124 Wdf01000 - ok
17:40:21.0017 6124 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:40:21.0032 6124 WdiServiceHost - ok
17:40:21.0048 6124 [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:40:21.0048 6124 WdiSystemHost - ok
17:40:21.0063 6124 [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient C:\Windows\System32\webclnt.dll
17:40:21.0079 6124 WebClient - ok
17:40:21.0141 6124 [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:40:21.0141 6124 Wecsvc - ok
17:40:21.0157 6124 [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:40:21.0173 6124 wercplsupport - ok
17:40:21.0173 6124 [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc C:\Windows\System32\WerSvc.dll
17:40:21.0188 6124 WerSvc - ok
17:40:21.0204 6124 WinDefend - ok
17:40:21.0204 6124 WinHttpAutoProxySvc - ok
17:40:21.0282 6124 [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:40:21.0282 6124 Winmgmt - ok
17:40:21.0391 6124 [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM C:\Windows\system32\WsmSvc.dll
17:40:21.0407 6124 WinRM - ok
17:40:21.0469 6124 [ 7F2F9E48566B2087F2AAAD258CB2A8D4 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
17:40:21.0469 6124 winusb - ok
17:40:21.0531 6124 [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:40:21.0531 6124 Wlansvc - ok
17:40:21.0563 6124 [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
17:40:21.0563 6124 WmiAcpi - ok
17:40:21.0625 6124 [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:40:21.0625 6124 wmiApSrv - ok
17:40:21.0641 6124 WMPNetworkSvc - ok
17:40:21.0672 6124 [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:40:21.0672 6124 WPCSvc - ok
17:40:21.0734 6124 [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:40:21.0734 6124 WPDBusEnum - ok
17:40:21.0797 6124 [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:40:21.0812 6124 WpdUsb - ok
17:40:21.0968 6124 [ 991E2C2CF3BC204C2BB2EE1476149E4E ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:40:21.0968 6124 WPFFontCache_v0400 - ok
17:40:21.0984 6124 WSearch - ok
17:40:22.0109 6124 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:40:22.0140 6124 wuauserv - ok
17:40:22.0311 6124 [ 501A65252617B495C0F1832F908D54D8 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:40:22.0311 6124 WUDFRd - ok
17:40:22.0343 6124 [ 6CBD51FF913C851D56ED9DC7F2A27DDE ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:40:22.0343 6124 wudfsvc - ok
17:40:22.0483 6124 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
17:40:22.0499 6124 YahooAUService - ok
17:40:22.0530 6124 [ 07F7285220307AAFB755D890295F0F9A ] yukonx64 C:\Windows\system32\DRIVERS\yk60x64.sys
17:40:22.0545 6124 yukonx64 - ok
17:40:22.0592 6124 [ 74983ADDCA2D9618512C088D856D6615 ] {55662437-DA8C-40c0-AADA-2C816A897A49} C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
17:40:22.0592 6124 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
17:40:22.0764 6124 [ 6F610F00DC6B4489811EDCBC76D3EBA6 ] {73526619-C24F-470B-9BED-53D455FBB5C6} C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl
17:40:22.0764 6124 {73526619-C24F-470B-9BED-53D455FBB5C6} - ok
17:40:22.0779 6124 ================ Scan global ===============================
17:40:22.0811 6124 [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
17:40:22.0889 6124 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:40:22.0935 6124 [ AA137104CDFC81818A309CDE32ABB74A ] C:\Windows\system32\winsrv.dll
17:40:23.0013 6124 [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
17:40:23.0013 6124 [Global] - ok
17:40:23.0013 6124 ================ Scan MBR ==================================
17:40:23.0029 6124 [ 5C86ADEC17B739C437E145E3B3FC2E6D ] \Device\Harddisk0\DR0
17:40:23.0419 6124 \Device\Harddisk0\DR0 - ok
17:40:23.0419 6124 ================ Scan VBR ==================================
17:40:23.0419 6124 [ 99C55D8D4DE0A2D9C197EB888D42F8F6 ] \Device\Harddisk0\DR0\Partition1
17:40:23.0419 6124 \Device\Harddisk0\DR0\Partition1 - ok
17:40:23.0419 6124 [ F300A136D52C25E8EA9A4386EDBD7C13 ] \Device\Harddisk0\DR0\Partition2
17:40:23.0419 6124 \Device\Harddisk0\DR0\Partition2 - ok
17:40:23.0419 6124 ============================================================
17:40:23.0419 6124 Scan finished
17:40:23.0419 6124 ============================================================
17:40:23.0435 3544 Detected object count: 0
17:40:23.0435 3544 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-02 17:47:02
-----------------------------
17:47:02.954 OS Version: Windows x64 6.0.6002 Service Pack 2
17:47:02.954 Number of processors: 2 586 0x170A
17:47:02.954 ComputerName: USER-PC UserName: Dolores
17:47:06.308 Initialize success
17:49:18.678 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:49:18.678 Disk 0 Vendor: FUJITSU_MJA2500BH_G2 8919 Size: 476940MB BusType: 3
17:49:18.740 Disk 0 MBR read successfully
17:49:18.740 Disk 0 MBR scan
17:49:18.756 Disk 0 unknown MBR code
17:49:18.771 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 464058 MB offset 2048
17:49:18.803 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 12878 MB offset 950392832
17:49:18.849 Disk 0 scanning C:\Windows\system32\drivers
17:49:29.099 Service scanning
17:49:59.519 Modules scanning
17:49:59.534 Disk 0 trace - called modules:
17:49:59.581 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys acpi.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
17:49:59.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005092560]
17:49:59.597 3 CLASSPNP.SYS[fffffa6000a25c33] -> nt!IofCallDriver -> [0xfffffa800508d200]
17:49:59.612 5 hpdskflt.sys[fffffa6001a02189] -> nt!IofCallDriver -> [0xfffffa8004be76e0]
17:49:59.628 7 acpi.sys[fffffa60008c8fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004be9060]
17:49:59.628 Scan finished successfully
17:50:12.857 Disk 0 MBR has been saved successfully to "C:\Users\Dolores\Desktop\MBR.dat"
17:50:12.857 The log file has been saved successfully to "C:\Users\Dolores\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   548bytes   0 downloads


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 03 October 2012 - 10:40 AM

Your master boot records are good.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html


Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

Please post the logs for my review.

#5 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 03 October 2012 - 01:10 PM

I had already downloaded ComboFix... that's what I think deleted Windows files.. So do I uninstall then reinstall. Just want to be clear with instructions. Thanks Grandmother

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 04 October 2012 - 08:20 AM

Then just post the ComboFix.txt log for my review.

Run the other tools and post the logs also.

#7 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 04 October 2012 - 10:37 AM

Thanks again for the fast response.
Combofix log that I think deleted files. Also had difficulty finding adwCleaner log file, so had to run it twice.


ComboFix 12-09-18.06 - Dolores 09/18/2012 17:37:49.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4062.2445 [GMT -5:00]
Running from: c:\users\Dolores\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9GMJ0LZ2\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Dolores\CL.12.0.11211.1926_DVD120709-03.exe
c:\users\Dolores\CyberLink_PowerDVD_Downloader_CNET.exe
c:\windows\SysWow64\Cache
c:\windows\SysWow64\Cache\23506d54af1fbc73.fb
c:\windows\SysWow64\Cache\272512937d9e61a4.fb
c:\windows\SysWow64\Cache\287204568329e189.fb
c:\windows\SysWow64\Cache\28bc8f716fd76a47.fb
c:\windows\SysWow64\Cache\2c53092c95605355.fb
c:\windows\SysWow64\Cache\31a0997e9a5b5eb3.fb
c:\windows\SysWow64\Cache\32c84fe32bb74d60.fb
c:\windows\SysWow64\Cache\3917078cb68ec657.fb
c:\windows\SysWow64\Cache\590ba23ce359fd0c.fb
c:\windows\SysWow64\Cache\610289e025a3ee9a.fb
c:\windows\SysWow64\Cache\651c5d3cdbfb8bd1.fb
c:\windows\SysWow64\Cache\672d7b1bef3b914a.fb
c:\windows\SysWow64\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\SysWow64\Cache\6d03dad1035885d3.fb
c:\windows\SysWow64\Cache\a8556537add6dfc5.fb
c:\windows\SysWow64\Cache\ad10a52aff5e038d.fb
c:\windows\SysWow64\Cache\bf7788d43514fd42.fb
c:\windows\SysWow64\Cache\c1fa887b03019701.fb
c:\windows\SysWow64\Cache\c4d28dca2e7648be.fb
c:\windows\SysWow64\Cache\d201ef9910cd39de.fb
c:\windows\SysWow64\Cache\d2e94710a5708128.fb
c:\windows\SysWow64\Cache\d79b9dfe81484ec4.fb
c:\windows\SysWow64\Cache\e0de16f883bea794.fb
c:\windows\SysWow64\Cache\e4189ddb7a1f1d38.fb
c:\windows\SysWow64\Cache\f6484014be281adb.fb
c:\windows\SysWow64\Cache\f998975c9cc711ee.fb
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 22:50 . 2012-09-18 22:50 -------- d-----w- c:\users\user\AppData\Local\temp
2012-09-18 22:50 . 2012-09-18 22:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-18 22:50 . 2012-09-18 22:50 -------- d-----w- c:\users\Stephen\AppData\Local\temp
2012-09-18 22:50 . 2012-09-18 22:50 -------- d-----w- c:\users\Nana\AppData\Local\temp
2012-09-18 22:50 . 2012-09-18 22:50 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-09-18 19:14 . 2012-09-18 19:14 -------- d-----w- c:\users\Dolores\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 19:12 . 2012-09-18 19:14 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-09-18 19:12 . 2012-09-18 19:12 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-18 01:36 . 2012-09-18 01:39 -------- d-----w- C:\Autoruns
2012-09-13 00:28 . 2012-08-21 18:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2012-09-13 00:27 . 2012-09-13 00:27 -------- d-----w- c:\program files\iPod
2012-09-13 00:27 . 2012-09-13 00:28 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-13 00:27 . 2012-09-13 00:28 -------- d-----w- c:\program files\iTunes
2012-09-13 00:27 . 2012-09-13 00:28 -------- d-----w- c:\program files (x86)\iTunes
2012-09-05 19:28 . 2012-09-05 19:28 -------- d-----w- c:\programdata\McAfee
2012-09-02 20:08 . 2012-09-02 20:08 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-23 19:29 . 2012-08-23 19:44 -------- d-----w- c:\users\Dolores\AppData\Roaming\calibre
2012-08-23 19:28 . 2012-08-26 03:12 -------- d-----w- c:\program files (x86)\Calibre2
2012-08-20 01:42 . 2012-08-20 01:42 -------- d-----w- c:\program files (x86)\DVD-Cloner
2012-08-20 01:42 . 2012-08-20 01:43 -------- d-----w- c:\users\Dolores\AppData\Roaming\dvd-cloner
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-13 15:42 . 2006-11-02 12:35 64462936 ----a-w- c:\windows\system32\mrt.exe
2012-09-07 22:04 . 2010-06-22 12:29 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 01:08 . 2012-03-14 23:55 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-31 01:08 . 2011-12-12 18:26 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-29 01:24 . 2012-06-23 19:23 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-08-29 01:24 . 2010-05-23 03:22 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-21 18:01 . 2009-10-04 01:46 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
2012-08-21 18:01 . 2009-10-04 01:46 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
2012-07-04 14:33 . 2012-08-17 03:42 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 16:20 . 2012-08-15 12:55 648192 ----a-w- c:\windows\system32\netapi32.dll
2012-06-28 04:10 . 2012-08-17 03:42 17809920 ----a-w- c:\windows\system32\mshtml.dll
2012-06-28 03:39 . 2012-08-17 03:42 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-06-28 03:28 . 2012-08-17 03:42 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-28 03:22 . 2012-08-17 03:42 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-28 03:21 . 2012-08-17 03:42 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-28 03:20 . 2012-08-17 03:42 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-28 03:19 . 2012-08-17 03:42 237056 ----a-w- c:\windows\system32\url.dll
2012-06-28 03:17 . 2012-08-17 03:42 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-28 03:16 . 2012-08-17 03:42 816640 ----a-w- c:\windows\system32\jscript.dll
2012-06-28 03:16 . 2012-08-17 03:42 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-28 03:14 . 2012-08-17 03:42 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-28 03:13 . 2012-08-17 03:42 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-28 03:12 . 2012-08-17 03:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-28 03:08 . 2012-08-17 03:42 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-28 00:27 . 2012-08-17 03:42 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-28 00:19 . 2012-08-17 03:42 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-28 00:18 . 2012-08-17 03:42 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-28 00:12 . 2012-08-17 03:42 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-28 00:07 . 2012-08-17 03:42 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-26 21:03 . 2012-07-17 00:22 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-06-26 21:02 . 2012-06-26 21:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 21:02 . 2012-06-26 21:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 21:02 . 2012-06-26 21:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 21:02 . 2012-06-26 21:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-26 21:02 . 2012-06-26 21:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 21:02 . 2012-06-26 21:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 21:02 . 2012-06-26 21:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 21:02 . 2012-06-26 21:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-26 21:02 . 2012-06-26 21:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-26 21:02 . 2012-06-26 21:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 21:02 . 2012-06-26 21:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 21:02 . 2012-06-26 21:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 21:02 . 2012-06-26 21:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 21:02 . 2012-06-26 21:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 21:02 . 2012-06-26 21:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-26 21:02 . 2012-06-26 21:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-26 21:02 . 2012-06-26 21:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-26 21:02 . 2012-06-26 21:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 21:02 . 2012-06-26 21:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-26 21:02 . 2012-06-26 21:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-26 21:02 . 2012-06-26 21:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-26 21:02 . 2012-06-26 21:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-26 21:02 . 2012-06-26 21:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 21:02 . 2012-06-26 21:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-26 21:02 . 2012-06-26 21:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-26 21:02 . 2012-06-26 21:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-26 21:02 . 2012-07-17 00:21 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-06-26 21:02 . 2012-07-17 00:21 319456 ----a-w- c:\windows\SysWow64\DIFxAPI.dll
2012-06-26 21:02 . 2012-07-17 00:21 20032 ----a-w- c:\windows\SysWow64\drivers\dgderdrv.sys
2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files (x86)\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-06-11 1524056]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-07-09 11:26 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-09 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-31 250568]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [2009-03-03 89600]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 20:28 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-12 01:08]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 20:41]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-29 20:41]
.
2012-09-17 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-05-11 17:51]
.
2012-09-17 c:\windows\Tasks\HPCeeScheduleForDolores.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 09:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 1125504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-04 442368]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1&ltmpl=default&ltmplcache=2&hl=en
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.comcast.net/
mLocal Page = c:\windows\SysWOW64\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\IOGEAR\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: intuit.com\ttlc
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
DPF: {8A5BE387-D09A-4DFA-A56B-DCB89BD11468} - hxxps://lowes.2020.net/planner/Core/Player/2020PlayerAX_WEB_Win32.cab
DPF: {A52FB87E-8BF5-46A2-8380-F75FA604AE4F} - hxxp://www.cerenade.com/controls/CerFillerInstall.cab
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rvtiq6qe.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?fr=fp-yie8
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\!SASCORE]
"ImagePath"="\"c:\program files\SUPERAntiSpyware\SASCORE64.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Accelerometer]
"ImagePath"="system32\DRIVERS\Accelerometer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeFlashPlayerUpdateSvc]
"ImagePath"="c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ImagePath"="system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AESTFilters]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AgereModemAudio]
"ImagePath"="c:\windows\system32\agr64svc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AgereSoftModem]
"ImagePath"="system32\DRIVERS\agrsm64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ImagePath"="system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
"ImagePath"="system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
"ImagePath"="system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="\SystemRoot\system32\drivers\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Apple Mobile Device]
"ImagePath"="\"c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ati External Event Utility]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Atierecord]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atikmdag]
"ImagePath"="system32\DRIVERS\atikmdag.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVG Security Toolbar Service]
"ImagePath"="c:\program files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdrivera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSFilter]
"ImagePath"="system32\DRIVERS\avgidsfiltera.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHA]
"ImagePath"="system32\DRIVERS\avgidsha.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx64]
"ImagePath"="system32\DRIVERS\avgldx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx64]
"ImagePath"="system32\DRIVERS\avgmfx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx64]
"ImagePath"="system32\DRIVERS\avgrkx64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdia]
"ImagePath"="system32\DRIVERS\avgtdia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XX]
"ImagePath"="system32\DRIVERS\bcmwl664.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Bonjour Service]
"ImagePath"="\"c:\program files\Bonjour\mDNSResponder.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTWUSB]
"ImagePath"="System32\Drivers\btwusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="system32\DRIVERS\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLHNServiceForPowerDVD12]
"ImagePath"="c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_64]
"ImagePath"="%systemroot%\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_64]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
"ImagePath"="system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Com4QLBEx]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CyberLink PowerDVD 12 Media Server Monitor Service]
"ImagePath"="\"c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CyberLink PowerDVD 12 Media Server Service]
"ImagePath"="\"c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dg_ssudbus]
"ImagePath"="system32\DRIVERS\ssudbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G6032E.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabfiltr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
"ImagePath"="system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\enecir]
"ImagePath"="system32\DRIVERS\enecir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EPSON_PM_RPCV4_01]
"ImagePath"="c:\programdata\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\getPlusHelper]
"ServiceDll"="c:\program files (x86)\NOS\bin\getPlus_Helper.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files (x86)\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="system32\DRIVERS\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\system32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Health Check Service]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
"ImagePath"="system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HPDrvMntSvc.exe]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpdskflt]
"ImagePath"="system32\DRIVERS\hpdskflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpqKbFiltr]
"ImagePath"="system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpqwmiex]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpsrv]
"ImagePath"="%SystemRoot%\system32\Hpservice.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ImagePath"="system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntuitUpdateService]
"ImagePath"="\"c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ISWKL]
"ImagePath"="\??\c:\program files\CheckPoint\ZAForceField\ISWKL.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IswSvc]
"ImagePath"="\"c:\program files\CheckPoint\ZAForceField\IswSvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
"ImagePath"="system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
"ImagePath"="system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\JMCR]
"ImagePath"="system32\DRIVERS\jmcr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ksthunk]
"ImagePath"="\SystemRoot\system32\drivers\ksthunk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\system32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
"ImagePath"="system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\McciCMService]
"ImagePath"="\"c:\program files (x86)\Common Files\Motive\McciCMService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
"ImagePath"="system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
"ImagePath"="system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MREMP50]
"ImagePath"="\??\c:\progra~2\COMMON~1\Motive\MREMP50.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MREMP50a64]
"ImagePath"="\??\c:\progra~2\COMMON~1\Motive\MREMP50a64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRESP50]
"ImagePath"="\??\c:\progra~2\COMMON~1\Motive\MRESP50.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRESP50a64]
"ImagePath"="\??\c:\progra~2\COMMON~1\Motive\MRESP50a64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
"ImagePath"="system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETw3v64]
"ImagePath"="system32\DRIVERS\NETw3v64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
"ImagePath"="system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntk_PowerDVD12]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NuidFltr]
"ImagePath"="system32\DRIVERS\NuidFltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
"ImagePath"="system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
"ImagePath"="system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
"ImagePath"="system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfHost]
"ImagePath"="%SystemRoot%\SysWow64\perfhost.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
"ImagePath"="system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
"ImagePath"="system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RapiMgr]
"ServiceDll"="%windir%\WindowsMobile\rapimgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Recovery Service for Windows]
"ImagePath"="c:\program files (x86)\SMINST\BLService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RichVideo]
"ImagePath"="\"c:\program files (x86)\CyberLink\Shared files\RichVideo.exe\"\00\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\01\03\10\02\01\03\01\03\01\03\01\03\01\03\01\03\01\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03\02\03"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTL8169]
"ImagePath"="system32\DRIVERS\Rtlh64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASDIFSV]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SASKUTIL]
"ImagePath"="\??\c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
"ImagePath"="system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
"ImagePath"="\SystemRoot\system32\drivers\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
"ImagePath"="\SystemRoot\system32\drivers\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
"ImagePath"="system32\DRIVERS\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
"ImagePath"="system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssudmdm]
"ImagePath"="system32\DRIVERS\ssudmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STacSV]
"ImagePath"="c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\STHDA]
"ImagePath"="system32\DRIVERS\stwrt64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
"ImagePath"="system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
"ImagePath"="system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
"ImagePath"="system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TVCapSvc]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe\"\00\00\00\00\00\00\00\00\02\00\00\00\03\00\00\00\02\00\00\00\01\00\00\00RÖlS\00\00\00\008\17\18\00 \07\00\00\00\01\00\00dÍ\16\00\0aq‘w\03\00\00\00\00\00\00\00\02\00\00\00(Í\16\00ÈÌ\16\00€\03"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TVSched]
"ImagePath"="\"c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe\"\00r\00d\00\\00M\00e\00d\00i\00a\00\\00T\00V\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00T\00V\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
"ImagePath"="system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
"ImagePath"="system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
"ImagePath"="system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UMPass]
"ImagePath"="system32\DRIVERS\umpass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBAAPL64]
"ImagePath"="System32\Drivers\usbaapl64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"ImagePath"="\SystemRoot\system32\drivers\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
"ImagePath"="system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Vsdatant]
"ImagePath"="system32\DRIVERS\vsdatant.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsdatant7]
"ImagePath"="System32\drivers\vsdatant.win7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmon]
"ImagePath"="c:\program files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
"ImagePath"="system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vToolbarUpdater11.2.0]
"ImagePath"="c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcesComm]
"ServiceDll"="%windir%\WindowsMobile\wcescomm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
"ImagePath"="system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebPost]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles(x86)%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winusb]
"ImagePath"="system32\DRIVERS\winusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\YahooAUService]
"ImagePath"="\"c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\yukonx64]
"ImagePath"="system32\DRIVERS\yk60x64.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{51ED37CA-98D3-4E81-921B-537E01A8B800}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{73526619-C24F-470B-9BED-53D455FBB5C6}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{D53292B6-8F47-450D-B32A-B6B45569B1E8}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{EB95D8DD-7166-463A-A1D5-AFCD4EA1A369}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Motive\McciCMService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
c:\program files (x86)\AVG\AVG2012\avgtray.exe
c:\program files (x86)\AVG Secure Search\vprot.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
c:\program files (x86)\Hp\HP Software Update\hpwuschd2.exe
c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
c:\program files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
c:\program files (x86)\iTunes\iTunesHelper.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
c:\program files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
.
**************************************************************************
.
Completion time: 2012-09-18 18:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-18 23:07
.
Pre-Run: 280,052,355,072 bytes free
Post-Run: 280,287,277,056 bytes free
.
- - End Of File - - C42C7E3F6CABCAAEC1A9854E8C60D7A2

Results of screen317's Security Check version 0.99.51
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Disabled!
AVG Anti-Virus Free Edition 2012
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.0.1400
AVG PC Tuneup 2011
Java™ 6 Update 35
Java version out of Date!
Adobe Flash Player 11.4.402.265
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (15.0)
Google Chrome 14.0.835.202
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

# AdwCleaner v2.003 - Logfile created 10/04/2012 at 09:21:55
# Updated 23/09/2012 by Xplode
# Operating system : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# User : Dolores - USER-PC
# Boot Mode : Normal
# Running from : C:\Users\Dolores\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0 (en-US)

Profile name : default
File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\61m76n0q.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Dolores\AppData\Roaming\Mozilla\Firefox\Profiles\rvtiq6qe.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\jpgzu8qm.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1107 octets] - [04/10/2012 09:19:06]
AdwCleaner[R1] #2.txt - [1107 octets] - [04/10/2012 09:20:43]
AdwCleaner[S1].txt - [1163 octets] - [04/10/2012 09:21:55]

########## EOF - C:\AdwCleaner[S1].txt - [1223 octets] ##########

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 04 October 2012 - 12:33 PM

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 35


Remove also this old version of Adobe Reader 9


===

Download this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#9 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 05 October 2012 - 09:14 AM

Thanks. Check web and I have the current version of Java. I see Adobe Reader 9 within programs, but not in Add/Remove Programs... only the current version Adobe Reader X. How do I remove it. The Adobe forums say to use Windows Installer, but I would like your recommendations, as I have never used that before. Below log from FRST64

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-10-2012 01
Ran by SYSTEM at 05-10-2012 08:57:02
Running from F:\
Windows Vista ™ Home Premium Service Pack 1 (X64) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden" [1125504 2011-11-03] (Check Point Software Technologies)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [442368 2009-06-03] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2596984 2012-07-31] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [73360 2011-11-09] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [x]
HKLM-x32\...\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 [x]
HKLM-x32\...\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-02-18] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [HF_G_Jul] "C:\Program Files (x86)\AVG Secure Search\HF_G_Jul.exe" /DoAction [x]
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-09-09] (Apple Inc.)
HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Dolores\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\Guest\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1689144 2010-06-29] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\Nana\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1689144 2010-06-29] (Hewlett-Packard)
HKU\Nana\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\Stephen\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY [1689144 2010-06-29] (Hewlett-Packard)
HKU\Stephen\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\Stephen\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKU\Stephen\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\user\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2009-11-20] (Hewlett-Packard Company)
HKU\user\...\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1689144 2010-06-29] (Hewlett-Packard)
HKU\user\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ===================

2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2012-07-11] (SUPERAntiSpyware.com)
2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [1025352 2011-09-01] ()
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [90640 2012-07-26] (CyberLink Corp.)
2 CyberLink PowerDVD 12 Media Server Monitor Service; "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe" [78352 2012-07-26] (CyberLink)
2 CyberLink PowerDVD 12 Media Server Service; "C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe" [295440 2012-07-26] (CyberLink)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [827520 2011-11-03] (Check Point Software Technologies)
2 McciCMService; "C:\Program Files (x86)\Common Files\Motive\McciCMService.exe" [303104 2008-03-13] (Motive Communications, Inc.)
2 Recovery Service for Windows; C:\Program Files (x86)\SMINST\BLService.exe [365952 2008-12-17] ()
2 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [241734 2008-09-15] ()
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_6ef279c8\STacSV64.exe [239104 2009-06-03] (IDT, Inc.)
2 TVCapSvc; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe" [296320 2009-02-09] ()
2 TVSched; "C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe" [116096 2009-02-09] ()
2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service [2420616 2011-11-09] (Check Point Software Technologies LTD)
3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]
3 WinDefend; C:\Program Files (x86)\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) =====================

3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [291680 2012-07-26] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [384352 2012-08-24] (AVG Technologies CZ, s.r.o.)
3 BTWUSB; C:\Windows\System32\Drivers\BTWUSB.sys [62720 2006-04-12] (Broadcom Corporation.)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [33672 2011-11-03] (Check Point Software Technologies)
2 ntk_PowerDVD12; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [83704 2012-06-20] (Cyberlink Corp.)
1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
1 Vsdatant; C:\Windows\System32\Drivers\Vsdatant.sys [448088 2011-05-07] (Check Point Software Technologies LTD)
2 {55662437-DA8C-40c0-AADA-2C816A897A49}; \??\C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2010-02-26] (CyberLink Corp.)
2 {73526619-C24F-470B-9BED-53D455FBB5C6}; \??\C:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl [147704 2012-07-05] (CyberLink Corp.)
1 Beep; [x]
3 catchme; \??\C:\ComboFix\catchme.sys [x]
4 eabfiltr; [x]
3 IpInIp; C:\Windows\System32\DRIVERS\ipinip.sys [x]
3 MREMP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50a64.SYS [x]
3 MRESP50a64; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50a64.SYS [x]
3 NwlnkFlt; C:\Windows\System32\DRIVERS\nwlnkflt.sys [x]
3 NwlnkFwd; C:\Windows\System32\DRIVERS\nwlnkfwd.sys [x]
3 vsdatant7; C:\Windows\System32\drivers\vsdatant.win7.sys [x]

==================== NetSvcs (Whitelisted) ====================


==================== One Month Created Files and Folders ========

2012-10-04 06:25 - 2012-10-04 06:25 - 00001290 ____A C:\Users\Dolores\Desktop\AdwCleaner[S1].txt
2012-10-04 06:21 - 2012-10-04 06:22 - 00001290 ____A C:\AdwCleaner[S1].txt
2012-10-04 06:20 - 2012-10-04 06:20 - 00001107 ____A C:\AdwCleaner[R1] #2.txt
2012-10-04 06:19 - 2012-10-04 06:19 - 00001107 ____A C:\AdwCleaner[R1].txt
2012-10-04 05:49 - 2012-10-04 05:49 - 00513501 ____A C:\Users\Dolores\adwcleaner.exe
2012-10-04 05:40 - 2012-10-04 05:40 - 00001266 ____A C:\Users\Dolores\Desktop\security check checkup.txt
2012-10-04 05:35 - 2012-10-04 05:36 - 00881724 ____A C:\Users\Dolores\Desktop\SecurityCheck.exe
2012-10-02 14:53 - 2012-10-02 14:53 - 00000548 ____A C:\Users\Dolores\Desktop\MBR.zip
2012-10-02 14:50 - 2012-10-02 14:50 - 00001735 ____A C:\Users\Dolores\Desktop\aswMBR.txt
2012-10-02 14:50 - 2012-10-02 14:50 - 00000512 ____A C:\Users\Dolores\Desktop\MBR.dat
2012-10-02 14:44 - 2012-10-02 14:46 - 04731392 ____A (AVAST Software) C:\Users\Dolores\Desktop\aswMBR.exe
2012-10-02 14:43 - 2012-10-02 14:43 - 00081593 ____A C:\Users\Dolores\Desktop\TDSSKiller report 10012012.txt
2012-10-01 08:26 - 2012-10-01 08:26 - 00012185 ____A C:\Users\Dolores\Desktop\Attach.txt
2012-10-01 08:25 - 2012-10-01 08:25 - 00028130 ____A C:\Users\Dolores\Desktop\DDS.txt
2012-10-01 08:15 - 2012-10-01 08:15 - 00607260 ____R (Swearware) C:\Users\Dolores\Desktop\dds.com
2012-10-01 08:14 - 2012-10-01 08:14 - 00607260 ____A (Swearware) C:\Users\Dolores\Downloads\dds.com
2012-10-01 08:12 - 2012-10-01 08:12 - 00000476 ____A C:\Users\Dolores\Desktop\defogger_disable.log
2012-10-01 08:12 - 2012-10-01 08:12 - 00000000 ____A C:\Users\Dolores\defogger_reenable
2012-10-01 08:11 - 2012-10-01 08:11 - 00050477 ____A C:\Users\Dolores\Desktop\Defogger.exe
2012-10-01 07:42 - 2012-10-01 07:42 - 00000000 ____D C:\Users\Dolores\My Documents\CBS Log dr
2012-10-01 07:42 - 2012-10-01 07:42 - 00000000 ____D C:\Users\Dolores\Documents\CBS Log dr
2012-10-01 05:05 - 2012-10-01 05:05 - 00002026 ____A C:\Windows\System32\startup 10012012 changes cccleaner.txt
2012-09-27 16:36 - 2012-09-27 16:36 - 00000488 ____A C:\Users\user\My Documents\systemfilecheckerscan09272012.txt
2012-09-27 16:36 - 2012-09-27 16:36 - 00000488 ____A C:\Users\user\Documents\systemfilecheckerscan09272012.txt
2012-09-27 15:26 - 2012-09-27 15:26 - 00000000 ____A C:\Users\user\Desktop\sfcdetails.txt
2012-09-26 14:52 - 2012-09-26 14:52 - 00000000 ____D C:\Users\All Users\MemeoCommon
2012-09-26 14:52 - 2012-09-26 14:52 - 00000000 ____D C:\Users\All Users\Application Data\MemeoCommon
2012-09-26 14:47 - 2012-09-26 14:47 - 00000000 ____D C:\Users\Dolores\Application Data\Memeo
2012-09-26 14:47 - 2012-09-26 14:47 - 00000000 ____D C:\Users\Dolores\AppData\Roaming\Memeo
2012-09-26 14:46 - 2012-09-27 13:51 - 00037924 ____A C:\SeagateAdapter
2012-09-26 14:46 - 2012-09-26 14:46 - 00001076 ____A C:\Users\Public\Desktop\Seagate Dashboard.lnk
2012-09-26 14:46 - 2012-09-26 14:46 - 00001076 ____A C:\Users\All Users\Desktop\Seagate Dashboard.lnk
2012-09-26 14:46 - 2012-09-26 14:46 - 00000000 ____D C:\Windows\SysWOW64\Seagate
2012-09-26 14:46 - 2012-09-26 14:46 - 00000000 ____D C:\Users\Dolores\Application Data\Seagate
2012-09-26 14:46 - 2012-09-26 14:46 - 00000000 ____D C:\Users\Dolores\AppData\Roaming\Seagate
2012-09-26 14:45 - 2012-09-26 14:45 - 00000000 ____D C:\Program Files (x86)\Memeo
2012-09-26 14:44 - 2012-09-26 14:45 - 00000000 ____D C:\Program Files (x86)\Seagate
2012-09-26 14:41 - 2012-09-26 14:41 - 00000000 ____D C:\Users\Dolores\Application Data\Leadertech
2012-09-26 14:41 - 2012-09-26 14:41 - 00000000 ____D C:\Users\Dolores\AppData\Roaming\Leadertech
2012-09-21 14:42 - 2012-08-24 03:15 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-09-21 14:42 - 2012-08-24 02:39 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-09-21 14:42 - 2012-08-24 02:31 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-09-21 14:42 - 2012-08-24 02:22 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-09-21 14:42 - 2012-08-24 02:21 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-09-21 14:42 - 2012-08-24 02:20 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-09-21 14:42 - 2012-08-24 02:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-09-21 14:42 - 2012-08-24 02:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-09-21 14:42 - 2012-08-24 02:14 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-09-21 14:42 - 2012-08-24 02:14 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-09-21 14:42 - 2012-08-24 02:13 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-09-21 14:42 - 2012-08-24 02:12 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-09-21 14:42 - 2012-08-24 02:11 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-09-21 14:42 - 2012-08-24 02:10 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-09-21 14:42 - 2012-08-24 02:09 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-09-21 14:42 - 2012-08-24 02:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-09-21 14:42 - 2012-08-23 23:27 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-09-21 14:42 - 2012-08-23 23:03 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-09-21 14:42 - 2012-08-23 22:59 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-09-21 14:42 - 2012-08-23 22:51 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-09-21 14:42 - 2012-08-23 22:51 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-09-21 14:42 - 2012-08-23 22:51 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-09-21 14:42 - 2012-08-23 22:49 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-09-21 14:42 - 2012-08-23 22:48 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-09-21 14:42 - 2012-08-23 22:47 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-09-21 14:42 - 2012-08-23 22:47 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-09-21 14:42 - 2012-08-23 22:47 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-09-21 14:42 - 2012-08-23 22:45 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-09-21 14:42 - 2012-08-23 22:44 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-09-21 14:42 - 2012-08-23 22:44 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-09-21 14:42 - 2012-08-23 22:43 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-09-21 14:42 - 2012-08-23 22:40 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-09-21 07:19 - 2012-09-21 13:01 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForUSER-PC$.job
2012-09-19 09:47 - 2012-09-19 09:48 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2012-09-18 15:07 - 2012-09-18 15:07 - 00077137 ____A C:\ComboFix.txt
2012-09-18 14:31 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-09-18 14:31 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-09-18 14:31 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-09-18 14:31 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-09-18 14:31 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-09-18 14:31 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-09-18 14:31 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-09-18 14:31 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-09-18 14:30 - 2012-09-18 15:08 - 00000000 ____D C:\Qoobox
2012-09-18 14:29 - 2012-09-18 15:05 - 00000000 ____D C:\Windows\erdnt
2012-09-18 11:14 - 2012-09-18 11:14 - 00000000 ____D C:\Users\Dolores\Application Data\SUPERAntiSpyware.com
2012-09-18 11:14 - 2012-09-18 11:14 - 00000000 ____D C:\Users\Dolores\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 11:12 - 2012-09-18 11:14 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2012-09-18 11:12 - 2012-09-18 11:12 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-18 11:12 - 2012-09-18 11:12 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-18 11:12 - 2012-09-18 11:12 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com
2012-09-18 11:12 - 2012-09-18 11:12 - 00000000 ____D C:\Users\All Users\Application Data\SUPERAntiSpyware.com
2012-09-18 09:55 - 2012-09-18 14:55 - 00002002 ____A C:\Windows\PFRO.log
2012-09-17 17:36 - 2012-09-17 17:39 - 00000000 ____D C:\Autoruns
2012-09-17 17:34 - 2012-09-17 17:34 - 00540921 ____A C:\Users\Dolores\Desktop\Autoruns.zip
2012-09-17 16:25 - 2012-10-02 14:38 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Dolores\Desktop\TDSSKiller.exe
2012-09-17 12:44 - 2012-09-17 12:44 - 00000000 ____D C:\Users\Dolores\My Documents\Samsung Galaxy Skyrocket manuel
2012-09-17 12:44 - 2012-09-17 12:44 - 00000000 ____D C:\Users\Dolores\Documents\Samsung Galaxy Skyrocket manuel
2012-09-17 12:43 - 2012-09-17 12:43 - 00010234 ____A C:\Windows\System32\startup09172012.txt
2012-09-17 11:39 - 2012-09-17 11:46 - 00000000 ____D C:\Users\Dolores\My Documents\nabi manual
2012-09-17 11:39 - 2012-09-17 11:46 - 00000000 ____D C:\Users\Dolores\Documents\nabi manual
2012-09-12 16:28 - 2012-09-12 16:28 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-12 16:28 - 2012-09-12 16:28 - 00001694 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-12 16:28 - 2012-08-21 10:01 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-09-12 16:27 - 2012-09-12 16:28 - 00000000 ____D C:\Users\All Users\Application Data\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 16:27 - 2012-09-12 16:28 - 00000000 ____D C:\Users\All Users\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-09-12 16:27 - 2012-09-12 16:28 - 00000000 ____D C:\Program Files\iTunes
2012-09-12 16:27 - 2012-09-12 16:28 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-09-12 16:27 - 2012-09-12 16:27 - 00000000 ____D C:\Program Files\iPod
2012-09-07 15:37 - 2012-09-07 15:38 - 00275656 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-09-05 14:38 - 2012-09-05 14:38 - 00001075 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-05 14:38 - 2012-09-05 14:38 - 00001075 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-05 11:32 - 2012-08-28 17:10 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-09-05 11:32 - 2012-08-28 17:10 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-09-05 11:32 - 2012-08-28 17:09 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-09-05 11:31 - 2012-09-05 11:32 - 00002919 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log
2012-09-05 11:28 - 2012-09-05 11:28 - 00000000 ____D C:\Users\All Users\McAfee
2012-09-05 11:28 - 2012-09-05 11:28 - 00000000 ____D C:\Users\All Users\Application Data\McAfee


==================== 3 Months Modified Files ==================

2012-10-05 05:52 - 2009-09-28 11:58 - 01784930 ____A C:\Windows\WindowsUpdate.log
2012-10-05 05:52 - 2006-11-02 07:42 - 00032566 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-10-05 05:52 - 2006-11-02 07:42 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-10-05 05:52 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2012-10-05 05:52 - 2006-11-02 07:22 - 00003216 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2012-10-05 05:52 - 2006-11-02 04:46 - 00703516 ____A C:\Windows\System32\PerfStringBackup.INI
2012-10-05 05:13 - 2011-12-12 10:26 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-10-04 06:25 - 2012-10-04 06:25 - 00001290 ____A C:\Users\Dolores\Desktop\AdwCleaner[S1].txt
2012-10-04 06:22 - 2012-10-04 06:21 - 00001290 ____A C:\AdwCleaner[S1].txt
2012-10-04 06:20 - 2012-10-04 06:20 - 00001107 ____A C:\AdwCleaner[R1] #2.txt
2012-10-04 06:19 - 2012-10-04 06:19 - 00001107 ____A C:\AdwCleaner[R1].txt
2012-10-04 05:49 - 2012-10-04 05:49 - 00513501 ____A C:\Users\Dolores\adwcleaner.exe
2012-10-04 05:40 - 2012-10-04 05:40 - 00001266 ____A C:\Users\Dolores\Desktop\security check checkup.txt
2012-10-04 05:36 - 2012-10-04 05:35 - 00881724 ____A C:\Users\Dolores\Desktop\SecurityCheck.exe
2012-10-02 14:53 - 2012-10-02 14:53 - 00000548 ____A C:\Users\Dolores\Desktop\MBR.zip
2012-10-02 14:50 - 2012-10-02 14:50 - 00001735 ____A C:\Users\Dolores\Desktop\aswMBR.txt
2012-10-02 14:50 - 2012-10-02 14:50 - 00000512 ____A C:\Users\Dolores\Desktop\MBR.dat
2012-10-02 14:46 - 2012-10-02 14:44 - 04731392 ____A (AVAST Software) C:\Users\Dolores\Desktop\aswMBR.exe
2012-10-02 14:43 - 2012-10-02 14:43 - 00081593 ____A C:\Users\Dolores\Desktop\TDSSKiller report 10012012.txt
2012-10-02 14:38 - 2012-09-17 16:25 - 02212440 ____A (Kaspersky Lab ZAO) C:\Users\Dolores\Desktop\TDSSKiller.exe
2012-10-01 17:15 - 2010-12-29 12:41 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-10-01 17:15 - 2010-12-29 12:41 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-10-01 17:15 - 2010-02-02 08:37 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForDolores.job
2012-10-01 08:26 - 2012-10-01 08:26 - 00012185 ____A C:\Users\Dolores\Desktop\Attach.txt
2012-10-01 08:25 - 2012-10-01 08:25 - 00028130 ____A C:\Users\Dolores\Desktop\DDS.txt
2012-10-01 08:15 - 2012-10-01 08:15 - 00607260 ____R (Swearware) C:\Users\Dolores\Desktop\dds.com
2012-10-01 08:14 - 2012-10-01 08:14 - 00607260 ____A (Swearware) C:\Users\Dolores\Downloads\dds.com
2012-10-01 08:12 - 2012-10-01 08:12 - 00000476 ____A C:\Users\Dolores\Desktop\defogger_disable.log
2012-10-01 08:12 - 2012-10-01 08:12 - 00000000 ____A C:\Users\Dolores\defogger_reenable
2012-10-01 08:11 - 2012-10-01 08:11 - 00050477 ____A C:\Users\Dolores\Desktop\Defogger.exe
2012-10-01 06:39 - 2009-09-30 18:33 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-10-01 05:36 - 2011-09-24 12:35 - 00000770 ____A C:\Users\Public\Desktop\CCleaner.lnk
2012-10-01 05:36 - 2011-09-24 12:35 - 00000770 ____A C:\Users\All Users\Desktop\CCleaner.lnk
2012-10-01 05:05 - 2012-10-01 05:05 - 00002026 ____A C:\Windows\System32\startup 10012012 changes cccleaner.txt
2012-09-27 16:36 - 2012-09-27 16:36 - 00000488 ____A C:\Users\user\My Documents\systemfilecheckerscan09272012.txt
2012-09-27 16:36 - 2012-09-27 16:36 - 00000488 ____A C:\Users\user\Documents\systemfilecheckerscan09272012.txt
2012-09-27 15:26 - 2012-09-27 15:26 - 00000000 ____A C:\Users\user\Desktop\sfcdetails.txt
2012-09-27 15:05 - 2009-09-28 13:35 - 00104856 ____A C:\Users\user\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-27 15:05 - 2009-09-28 13:35 - 00104856 ____A C:\Users\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-27 15:05 - 2009-09-28 13:35 - 00104856 ____A C:\Users\user\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-27 13:51 - 2012-09-26 14:46 - 00037924 ____A C:\SeagateAdapter
2012-09-26 14:46 - 2012-09-26 14:46 - 00001076 ____A C:\Users\Public\Desktop\Seagate Dashboard.lnk
2012-09-26 14:46 - 2012-09-26 14:46 - 00001076 ____A C:\Users\All Users\Desktop\Seagate Dashboard.lnk
2012-09-23 12:56 - 2009-11-19 07:27 - 00030208 ____A C:\Users\Dolores\Local Settings\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-23 12:56 - 2009-11-19 07:27 - 00030208 ____A C:\Users\Dolores\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-23 12:56 - 2009-11-19 07:27 - 00030208 ____A C:\Users\Dolores\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-09-21 13:01 - 2012-09-21 07:19 - 00000340 ____A C:\Windows\Tasks\HPCeeScheduleForUSER-PC$.job
2012-09-21 07:27 - 2011-09-24 03:14 - 00000788 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-09-21 07:27 - 2011-09-24 03:14 - 00000788 ____A C:\Users\All Users\Desktop\AVG 2012.lnk
2012-09-18 15:07 - 2012-09-18 15:07 - 00077137 ____A C:\ComboFix.txt
2012-09-18 14:58 - 2006-11-02 04:34 - 00000215 ____A C:\Windows\system.ini
2012-09-18 14:55 - 2012-09-18 09:55 - 00002002 ____A C:\Windows\PFRO.log
2012-09-18 11:12 - 2012-09-18 11:12 - 00001756 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-18 11:12 - 2012-09-18 11:12 - 00001756 ____A C:\Users\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
2012-09-17 17:34 - 2012-09-17 17:34 - 00540921 ____A C:\Users\Dolores\Desktop\Autoruns.zip
2012-09-17 12:51 - 2011-09-24 12:25 - 00000328 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job
2012-09-17 12:43 - 2012-09-17 12:43 - 00010234 ____A C:\Windows\System32\startup09172012.txt
2012-09-13 07:42 - 2006-11-02 04:35 - 64462936 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2012-09-12 16:28 - 2012-09-12 16:28 - 00001694 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-09-12 16:28 - 2012-09-12 16:28 - 00001694 ____A C:\Users\All Users\Desktop\iTunes.lnk
2012-09-11 09:25 - 2012-02-05 15:06 - 00000948 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-11 09:25 - 2012-02-05 15:06 - 00000948 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2012-09-07 15:38 - 2012-09-07 15:37 - 00275656 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-09-07 14:04 - 2010-06-22 04:29 - 00025928 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-09-05 15:03 - 2009-10-01 05:37 - 00104856 ____A C:\Users\Dolores\Local Settings\GDIPFONTCACHEV1.DAT
2012-09-05 15:03 - 2009-10-01 05:37 - 00104856 ____A C:\Users\Dolores\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-09-05 15:03 - 2009-10-01 05:37 - 00104856 ____A C:\Users\Dolores\AppData\Local\GDIPFONTCACHEV1.DAT
2012-09-05 14:52 - 2006-11-02 07:21 - 00386048 ____A C:\Windows\System32\FNTCACHE.DAT
2012-09-05 14:38 - 2012-09-05 14:38 - 00001075 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-05 14:38 - 2012-09-05 14:38 - 00001075 ____A C:\Users\All Users\Desktop\OpenOffice.org 3.4.1.lnk
2012-09-05 11:32 - 2012-09-05 11:31 - 00002919 ____A C:\Windows\SysWOW64\jupdate-1.6.0_35-b10.log
2012-09-03 08:25 - 2012-09-03 08:25 - 03927560 ____A (Piriform Ltd) C:\Users\Dolores\Downloads\ccsetup322.exe
2012-08-30 17:08 - 2012-03-14 15:55 - 00073416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-30 17:08 - 2011-12-12 10:26 - 00696520 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-28 17:24 - 2012-06-23 11:23 - 00477168 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-08-28 17:24 - 2010-05-22 19:22 - 00473072 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-08-28 17:10 - 2012-09-05 11:32 - 00157680 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-08-28 17:10 - 2012-09-05 11:32 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-08-28 17:09 - 2012-09-05 11:32 - 00149488 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-08-25 19:12 - 2012-08-23 11:29 - 00000871 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-08-25 19:12 - 2012-08-23 11:29 - 00000871 ____A C:\Users\All Users\Desktop\calibre - E-book management.lnk
2012-08-24 12:43 - 2012-08-24 12:43 - 00384352 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgtdia.sys
2012-08-24 03:15 - 2012-09-21 14:42 - 17810944 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-08-24 02:39 - 2012-09-21 14:42 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-08-24 02:31 - 2012-09-21 14:42 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-08-24 02:22 - 2012-09-21 14:42 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-08-24 02:21 - 2012-09-21 14:42 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-08-24 02:20 - 2012-09-21 14:42 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-08-24 02:18 - 2012-09-21 14:42 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-08-24 02:17 - 2012-09-21 14:42 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-08-24 02:14 - 2012-09-21 14:42 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-08-24 02:14 - 2012-09-21 14:42 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-08-24 02:13 - 2012-09-21 14:42 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-08-24 02:12 - 2012-09-21 14:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-08-24 02:11 - 2012-09-21 14:42 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-08-24 02:10 - 2012-09-21 14:42 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-08-24 02:09 - 2012-09-21 14:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-08-24 02:04 - 2012-09-21 14:42 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-08-23 23:27 - 2012-09-21 14:42 - 12319744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-08-23 23:03 - 2012-09-21 14:42 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-08-23 22:59 - 2012-09-21 14:42 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-08-23 22:51 - 2012-09-21 14:42 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-08-23 22:51 - 2012-09-21 14:42 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-08-23 22:51 - 2012-09-21 14:42 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-08-23 22:49 - 2012-09-21 14:42 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-08-23 22:48 - 2012-09-21 14:42 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-08-23 22:47 - 2012-09-21 14:42 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-08-23 22:47 - 2012-09-21 14:42 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-08-23 22:47 - 2012-09-21 14:42 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-08-23 22:45 - 2012-09-21 14:42 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-08-23 22:44 - 2012-09-21 14:42 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-08-23 22:44 - 2012-09-21 14:42 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-08-23 22:43 - 2012-09-21 14:42 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-08-23 22:40 - 2012-09-21 14:42 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-08-21 10:01 - 2012-09-12 16:28 - 00033240 ____A (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2012-08-21 10:01 - 2009-10-03 17:46 - 00125872 ____A (GEAR Software Inc.) C:\Windows\System32\GEARAspi64.dll
2012-08-21 10:01 - 2009-10-03 17:46 - 00106928 ____A (GEAR Software Inc.) C:\Windows\SysWOW64\GEARAspi.dll
2012-08-19 17:43 - 2011-08-08 04:20 - 00000000 ____A C:\Windows\SysWOW64\dvdtest10024.dat
2012-08-19 17:42 - 2012-08-19 17:42 - 00000802 ____A C:\Users\Dolores\Desktop\DVD-Cloner8.lnk
2012-08-17 17:19 - 2012-08-17 17:19 - 00001934 ____A C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk
2012-08-17 17:19 - 2012-08-17 17:19 - 00001934 ____A C:\Users\All Users\Desktop\CyberLink PowerDVD 12.lnk
2012-08-17 17:17 - 2012-08-17 17:16 - 00419626 ____A C:\Users\Dolores\Local Settings\dd_vcredistMSI4D38.txt
2012-08-17 17:17 - 2012-08-17 17:16 - 00419626 ____A C:\Users\Dolores\Local Settings\Application Data\dd_vcredistMSI4D38.txt
2012-08-17 17:17 - 2012-08-17 17:16 - 00419626 ____A C:\Users\Dolores\AppData\Local\dd_vcredistMSI4D38.txt
2012-08-17 17:17 - 2012-08-17 17:16 - 00012270 ____A C:\Users\Dolores\Local Settings\dd_vcredistUI4D38.txt
2012-08-17 17:17 - 2012-08-17 17:16 - 00012270 ____A C:\Users\Dolores\Local Settings\Application Data\dd_vcredistUI4D38.txt
2012-08-17 17:17 - 2012-08-17 17:16 - 00012270 ____A C:\Users\Dolores\AppData\Local\dd_vcredistUI4D38.txt
2012-08-17 16:37 - 2012-08-17 16:37 - 00002593 ____A C:\Users\Public\Desktop\HP MediaSmart.lnk
2012-08-17 16:37 - 2012-08-17 16:37 - 00002593 ____A C:\Users\All Users\Desktop\HP MediaSmart.lnk
2012-08-17 10:52 - 2012-08-17 10:50 - 12580553 ____A (OpenCloner Inc. ) C:\Users\Dolores\Downloads\dvdcloner870.exe
2012-08-16 07:17 - 2009-10-02 13:11 - 00000000 ____A C:\Users\Dolores\Local Settings\FnF4.txt
2012-08-16 07:17 - 2009-10-02 13:11 - 00000000 ____A C:\Users\Dolores\Local Settings\Application Data\FnF4.txt
2012-08-16 07:17 - 2009-10-02 13:11 - 00000000 ____A C:\Users\Dolores\AppData\Local\FnF4.txt
2012-08-12 16:35 - 2009-10-06 16:57 - 00104856 ____A C:\Users\Stephen\Local Settings\GDIPFONTCACHEV1.DAT
2012-08-12 16:35 - 2009-10-06 16:57 - 00104856 ____A C:\Users\Stephen\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2012-08-12 16:35 - 2009-10-06 16:57 - 00104856 ____A C:\Users\Stephen\AppData\Local\GDIPFONTCACHEV1.DAT
2012-07-27 14:43 - 2012-07-27 14:43 - 00032768 ____A C:\Users\Dolores\My Documents\QHI.IDB
2012-07-27 14:43 - 2012-07-27 14:43 - 00032768 ____A C:\Users\Dolores\Documents\QHI.IDB
2012-07-26 16:35 - 2012-07-26 16:30 - 09680384 ____A C:\Users\Dolores\Downloads\ShockwavePlayer_11.6.5.635.exe
2012-07-26 16:30 - 2012-07-26 16:29 - 00000901 ____A C:\Users\Public\Desktop\VLC media player.lnk
2012-07-26 16:30 - 2012-07-26 16:29 - 00000901 ____A C:\Users\All Users\Desktop\VLC media player.lnk
2012-07-26 16:30 - 2012-07-26 14:36 - 22804480 ____A C:\Users\Dolores\Downloads\vlc-2.0.2.exe
2012-07-26 00:21 - 2012-07-26 00:21 - 00291680 ____A (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys
2012-07-09 05:07 - 2012-07-09 05:07 - 00012225 ____A C:\Users\Dolores\My Documents\2012 budget.ods
2012-07-09 05:07 - 2012-07-09 05:07 - 00012225 ____A C:\Users\Dolores\Documents\2012 budget.ods

==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-07-16 15:58:48
Restore point made on: 2012-07-16 16:01:39
Restore point made on: 2012-07-16 16:18:36
Restore point made on: 2012-07-18 04:25:52
Restore point made on: 2012-07-18 04:26:56
Restore point made on: 2012-07-18 04:28:16
Restore point made on: 2012-07-18 04:29:41
Restore point made on: 2012-07-18 04:31:02
Restore point made on: 2012-08-16 19:37:02
Restore point made on: 2012-08-16 19:37:27
Restore point made on: 2012-08-17 12:03:16
Restore point made on: 2012-08-17 17:10:32
Restore point made on: 2012-08-21 10:47:36
Restore point made on: 2012-08-23 11:28:31
Restore point made on: 2012-08-25 19:10:00
Restore point made on: 2012-08-27 14:15:00
Restore point made on: 2012-09-01 15:14:28
Restore point made on: 2012-09-05 11:31:11
Restore point made on: 2012-09-05 14:34:21
Restore point made on: 2012-09-05 14:44:42
Restore point made on: 2012-09-07 15:37:41
Restore point made on: 2012-09-12 16:23:03
Restore point made on: 2012-09-13 07:38:44
Restore point made on: 2012-09-17 12:36:51
Restore point made on: 2012-09-17 12:37:31
Restore point made on: 2012-09-17 18:26:39
Restore point made on: 2012-09-17 18:31:09
Restore point made on: 2012-09-21 12:11:33
Restore point made on: 2012-09-21 14:41:55
Restore point made on: 2012-09-26 14:45:08

==================== Memory info ===========================

Percentage of memory in use: 17%
Total physical RAM: 4062.24 MB
Available physical RAM: 3361.17 MB
Total Pagefile: 3737.71 MB
Available Pagefile: 3342.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.91 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:453.18 GB) (Free:252.46 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
2 Drive d: (RECOVERY) (Fixed) (Total:12.58 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (KINGSTON) (Removable) (Total:3.73 GB) (Free:0.31 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 466 GB 1024 KB
Disk 1 Online 3828 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 453 GB 1024 KB
Partition 2 Primary 13 GB 453 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 453 GB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 D RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3824 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0C
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F KINGSTON FAT32 Removable 3824 MB Healthy

=========================================================

Last Boot: 2012-10-05 05:51

==================== End Of Log =============================

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 05 October 2012 - 10:07 AM

Run this tool and remove all items related to Adobe Reader 9

Download Revo Uninstaller and remove any programs you are having difficulties in completing the removal using the Add/Remove Programs list.
http://majorgeeks.com/Revo_Uninstaller_d5706.html
===


Lastly, when I use the 'administrator user', I get the following message: CLMLSVC.exe - no disk--- There is no disk in th drive, please insert a disk into drive\device\harddisk2\DR8. Cancel,try again, Continue. Only closing the window gets me out of this.

This CLMLSVC.EXE is from CyberLink PowerDVD.
Before starting the computer insert a DVD in the driver and close the application normally.
Restart the computer normally.
How is it now?

Now everytime I bootup, I get a Windows Security Alert


Run this tool.

Please download the Kaspersky Virus Removal Tool from here to your Desktop.

Double-click the Removal Tool.
Click the cog in the upper right corner:

Posted Image

Select down to and including your main drive.
Once done please select the Automatic Scan tab and press Start Scan.

Posted Image

Allow AVP to delete all infections found.
Once it has finished select the Report tab.
Select the Detected threats report from the left and press the Save button.
Save it to your Desktop and post the contents in your next reply.

Keep me posted as to what issues persists.

#11 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 07 October 2012 - 06:36 PM

Computer definately running faster and smoother, thanks so much. Unfortunately, Revo installer did not help in removing Adobe Reader 9.0, as it could not find it in the add/remove programs list. And I still get the Windows Security alert after running Kaspersky virus removal. Wow, it took 10 hours to run and found zero threats. I compressed the log file, but it is too long to upload. What to do here?
Help with these two finals issues is appreciated. Thanks again, Grandma.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 08 October 2012 - 09:43 AM

Forget about the Adobe Reader 9.0 it's just some remnant item in the registry. Nothing to worry about.

===

Go to this page.
http://www.malwarehelp.org/fake-windows-security-center-analysis-and-removal-2009.html

Look at the images under
Fake Windows Security Center — Screenshots

Do you get any of these images?

If so then run this tool.

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • alternate download link 2
    • Make sure you are connected to the Internet.
    • Double-click on Download_mbam-setup.exe to install the application.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • When installation has finished, make sure you leave both of these checked:[list]
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Post back with the Malwarebytes Anti-Malware log once it's complete.

If this does not work what can you tell me about the error message.
Post the exact message .

#13 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 08 October 2012 - 02:16 PM

First, I have MBAM. The last log run was 10-2-2012 with no threats found.

When I click on the Windows Security Alert shield, brings up Windows Security Center screen, which looks very different from those posted on Malware help.org website. And now that I am studying the various screens, my Security Center Screen used to look the ones that are real. I don't have a bar for "Firewall", "Automatic Updates" and "Virus Protection", and I used to have these. Should I go ahead and run another MBAM scan?


My screen, has a red bar with "Security Center" in it, to the right it is set of "OFF". and below that a button to click, says "TURN ON NOW". the error message "THE SECURITY CENTER SERVICE CAN'T BE STARTED", Close.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 09 October 2012 - 07:26 AM

No harm can come in running MBAM one more time.

===

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


#15 grandmother

grandmother
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:10:05 PM

Posted 09 October 2012 - 08:24 AM

Farbar Service scanner log.


Farbar Service Scanner Version: 07-10-2012
Ran by Dolores (administrator) on 09-10-2012 at 08:21:34
Running from "C:\Users\Dolores\Desktop"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============
wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend: "%ProgramFiles(x86)%\Windows Defender\mpsvc.dll".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcsvc.dll
[2009-12-04 15:08] - [2009-04-11 02:11] - 0268288 ____A (Microsoft Corporation) 3ED0321127CE70ACDAABBF77E157C2A7

C:\Windows\System32\drivers\afd.sys
[2012-02-17 12:53] - [2012-01-03 09:25] - 0404992 ____A (Microsoft Corporation) C4F6CE6087760AD70960C9EB130E7943

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-08 18:44] - [2012-03-30 07:45] - 1422720 ____A (Microsoft Corporation) AC8D5728E6AD6A7C4819D9A67008337A

C:\Windows\System32\dnsrslvr.dll
[2011-04-19 13:06] - [2011-03-02 11:12] - 0117760 ____A (Microsoft Corporation) 06230F1B721494A6DF8D47FD395BB1B0

C:\Windows\System32\mpssvc.dll
[2009-12-04 15:09] - [2009-04-11 02:11] - 0603136 ____A (Microsoft Corporation) 897E3BAF68BA406A61682AE39C83900C

C:\Windows\System32\bfe.dll
[2009-12-04 15:07] - [2009-04-11 02:11] - 0458240 ____A (Microsoft Corporation) FFB96C2589FFA60473EAD78B39FBDE29

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe
[2009-12-04 15:10] - [2009-04-11 02:11] - 1433600 ____A (Microsoft Corporation) B75232DAD33BFD95BF6F0A3E6BFF51E1

C:\Windows\System32\wscsvc.dll
[2009-12-04 15:07] - [2009-04-11 02:11] - 0074752 ____A (Microsoft Corporation) 9EA3E6D0EF7A5C2B9181961052A4B01A

C:\Windows\System32\wbem\WMIsvc.dll
[2009-12-04 15:08] - [2009-04-11 02:11] - 0221696 ____A (Microsoft Corporation) D2E7296ED1BD26D8DB2799770C077A02

C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll
[2009-12-04 15:10] - [2009-04-11 02:11] - 1081856 ____A (Microsoft Corporation) 6D316F4859634071CC25C4FD4589AD2C

C:\Windows\System32\es.dll
[2009-12-04 15:10] - [2009-04-11 02:11] - 0361984 ____A (Microsoft Corporation) E12F22B73F153DECE721CD45EC05B4AF

C:\Windows\System32\cryptsvc.dll
[2012-06-13 16:16] - [2012-04-23 11:25] - 0174592 ____A (Microsoft Corporation) 62740B9D2A137E8CED41A9E4239A7A31

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2009-12-04 15:10] - [2009-04-11 02:11] - 0719872 ____A (Microsoft Corporation) CF8B9A3A5E7DC57724A89D0C3E8CF9EF



**** End of log ****




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users