Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

8.22.70.252 & 63.209.69.107 redirects


  • This topic is locked This topic is locked
43 replies to this topic

#1 mstcraig

mstcraig

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 26 November 2012 - 05:23 PM

Hi Gents,

Over the Thanksgiving holiday, I got stung by the redirect bug which is affecting all my browsers (Google, IE). I am an MCP and so began troubleshooting on my own, but have not gottent rid of the problem yet, obviously. The following programs have been run to clean this up (all with up to date definitions): MalwareBytes, Stinger, Spybot, Spyware Doctor, OTL, ComboFix, TDSS remover (forgot the full name), CCleaner, Auslogics Registry Cleaner. I have all logs available for inspection as to what I have done. I understand the process will take some time; Just as long as I get rid of this pest and NOT have to replace the PC (HP Netbook Mini 110-3135DX). I rely on this machine here at my turntable shop for business. I think I'll begin with the logs for OTL, main log first:

OTL logfile created on: 11/24/2012 7:12:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mstcraig\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 390.12 Mb Available Physical Memory | 38.55% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.66 Gb Total Space | 188.95 Gb Free Space | 87.21% Space Free | Partition Type: NTFS
Drive D: | 15.93 Gb Total Space | 2.56 Gb Free Space | 16.06% Space Free | Partition Type: NTFS
Drive F: | 1.91 Gb Total Space | 1.17 Gb Free Space | 61.08% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 3.99 Gb Free Space | 53.59% Space Free | Partition Type: FAT32

Computer Name: MSTCRAIG-HP | User Name: mstcraig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/24 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mstcraig\Desktop\OTL.exe
PRC - [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/11/10 13:52:13 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
PRC - [2012/05/14 13:55:06 | 003,150,928 | ---- | M] (VS Revo Group) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
PRC - [2011/06/23 23:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 07:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\Windows\System32\ZoneLabs\vsmon.exe
PRC - [2010/11/16 17:46:04 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/21 17:11:44 | 002,400,224 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/11/10 13:52:13 | 014,586,808 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_110.dll
MOD - [2009/07/09 23:03:56 | 000,370,312 | ---- | M] () -- C:\Windows\System32\sqlite3.dll


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SeaPort)
SRV - File not found [Disabled | Stopped] -- -- (HP Health Check Service)
SRV - File not found [On_Demand | Stopped] -- -- (gupdatem)
SRV - File not found [Auto | Stopped] -- -- (gupdate)
SRV - [2010/11/16 17:47:56 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [On_Demand | Running] -- C:\Windows\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/25 15:55:34 | 000,092,216 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/18 18:26:18 | 000,103,992 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe -- (HP Wireless Assistant Service)
SRV - [2010/06/09 04:06:18 | 000,237,650 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010/04/03 18:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/13 13:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009/10/13 07:39:04 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/03/03 05:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Program Files\IDT\WDM\AEstSrv.exe -- (AESTFilters)


========== Driver Services (SafeList) ==========

DRV - [2010/11/20 05:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/06/09 04:06:18 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2010/05/15 16:30:50 | 000,461,400 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\System32\drivers\vsdatant.sys -- (Vsdatant)
DRV - [2010/05/07 12:18:10 | 000,230,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV - [2009/11/11 15:09:22 | 000,018,136 | -H-- | M] (DeviceVM, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\dvmio.sys -- (DVMIO)
DRV - [2009/07/13 18:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/13 18:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/13 17:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {956265FC-1C0E-4569-BA38-5FF28A9EFDEC}
IE - HKLM\..\SearchScopes\{3A009B50-248A-4C10-B267-601CF769537B}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{956265FC-1C0E-4569-BA38-5FF28A9EFDEC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{D6ADAEB9-39F3-48BC-9947-18EB460B4E25}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{E4018202-BA97-4CA0-87E8-ED82E2DAF9C4}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\SearchScopes,DefaultScope = {956265FC-1C0E-4569-BA38-5FF28A9EFDEC}
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\SearchScopes\{3A009B50-248A-4C10-B267-601CF769537B}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\SearchScopes\{956265FC-1C0E-4569-BA38-5FF28A9EFDEC}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\SearchScopes\{D6ADAEB9-39F3-48BC-9947-18EB460B4E25}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\SearchScopes\{E4018202-BA97-4CA0-87E8-ED82E2DAF9C4}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0
FF - prefs.js..extensions.enabledItems: @themediafinder.com:1.0.1
FF - prefs.js..extensions.enabledItems: gencrawler@some.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=8c974033000000000000ac811206d862&tlver=1.6.9.12&instlRef=sst&babTrack&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.ConservativeTalkNow_4n.com/Plugin: C:\Program Files\ConservativeTalkNow_4nEI\Installr\3.bin\NP4nEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/11/21 17:11:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/11/21 17:11:35 | 000,000,000 | ---D | M]

[2010/12/01 17:20:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mstcraig\AppData\Roaming\Mozilla\Extensions
[2012/08/28 18:04:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mstcraig\AppData\Roaming\Mozilla\Firefox\Profiles\rxv0vujn.default\extensions
[2012/11/21 17:11:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/21 17:11:45 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/28 17:57:49 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/11 17:17:56 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: ConservativeTalkNow Installer Plugin Stub (Enabled) = C:\Program Files\ConservativeTalkNow_4nEI\Installr\3.bin\NP4nEISB.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Java Deployment Toolkit 7.0.50.255 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: YouTube = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: SpeedDial = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj\4.0_0\
CHR - Extension: Google Search = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: General Crawler = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0\
CHR - Extension: Bcool = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\nibhdcoaeeaabgecallhoogkoaiocpmo\1.0_0\
CHR - Extension: Gmail = C:\Users\mstcraig\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/11/24 18:56:51 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O4 - HKU\S-1-5-20..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-3610542846-2152132565-3389012359-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html File not found
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B3434BE-A898-487D-BE99-F86FD7093B77}: DhcpNameServer = 192.168.254.254 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D86F7B7C-C35A-4C97-8256-698CE2D85693}: DhcpNameServer = 10.0.0.4
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\wlmailhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/11/22 14:08:16 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{91eab899-0794-11e0-845f-ac811206d862}\Shell - "" = AutoRun
O33 - MountPoints2\{91eab899-0794-11e0-845f-ac811206d862}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Media Suite.lnk - - File not found
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WhiteSmoke 2011.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found
MsConfig - StartUpReg: APSDaemon - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: DVMOOBE - hkey= - key= - File not found
MsConfig - StartUpReg: HotKeysCmds - hkey= - key= - File not found
MsConfig - StartUpReg: HP Quick Launch - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig - StartUpReg: hpqSRMon - hkey= - key= - C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
MsConfig - StartUpReg: HPWirelessAssistant - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
MsConfig - StartUpReg: IgfxTray - hkey= - key= - File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Media Finder - hkey= - key= - File not found
MsConfig - StartUpReg: Persistence - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - File not found
MsConfig - StartUpReg: RegistryBooster - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: SynTPEnh - hkey= - key= - File not found
MsConfig - StartUpReg: SysTrayApp - hkey= - key= - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ZumoDrive - hkey= - key= - File not found
MsConfig - State: "startup" - 1
MsConfig - State: "services" - 2

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {4FB2407C-C8E4-BBC8-BB1C-FCCB2EF5914B} -
ActiveX: {4FB2AA7C-C8E4-BBC8-BB1C-FAAB2EF5914B} -
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/11/24 19:08:34 | 000,000,000 | ---D | C] -- C:\Users\mstcraig\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2012/11/24 18:56:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/24 18:54:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\mstcraig\Desktop\OTL.exe
[2012/11/24 18:10:35 | 031,160,808 | ---- | C] (Oracle Corporation) -- C:\Users\mstcraig\Desktop\jre-7u9-windows-i586.exe
[2012/11/24 16:58:07 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/24 16:03:41 | 010,521,192 | ---- | C] (McAfee Inc.) -- C:\Users\mstcraig\Desktop\stinger.exe
[2012/11/21 17:11:34 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/11/10 13:52:13 | 000,697,272 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/06 15:32:14 | 000,000,000 | ---D | C] -- C:\Users\mstcraig\AppData\Roaming\Foxit Software
[2012/10/30 15:04:05 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software

========== Files - Modified Within 30 Days ==========

[2012/11/24 19:08:34 | 000,001,226 | ---- | M] () -- C:\Users\mstcraig\Desktop\Revo Uninstaller.lnk
[2012/11/24 19:06:23 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:06:23 | 000,014,128 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/24 19:03:40 | 000,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/24 19:03:40 | 000,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/24 18:59:14 | 000,000,320 | ---- | M] () -- C:\Windows\tasks\NRBAEO.job
[2012/11/24 18:59:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/24 18:59:02 | 795,787,264 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/24 18:56:51 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/11/24 18:54:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\mstcraig\Desktop\OTL.exe
[2012/11/24 18:11:25 | 031,160,808 | ---- | M] (Oracle Corporation) -- C:\Users\mstcraig\Desktop\jre-7u9-windows-i586.exe
[2012/11/24 17:07:28 | 000,000,042 | RH-- | M] () -- C:\Users\mstcraig\Desktop\stinger.opt
[2012/11/24 17:04:13 | 000,001,593 | ---- | M] () -- C:\scu.dat
[2012/11/24 16:05:46 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012/11/24 16:03:59 | 010,521,192 | ---- | M] (McAfee Inc.) -- C:\Users\mstcraig\Desktop\stinger.exe
[2012/11/22 19:20:04 | 000,135,168 | RHS- | M] () -- C:\Windows\System32\usbperfw.dll
[2012/11/22 18:29:55 | 000,001,994 | ---- | M] () -- C:\Users\mstcraig\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/11/16 16:07:08 | 022,696,339 | ---- | M] () -- C:\Users\mstcraig\Desktop\TAS LoudspeakerGuide 2012.pdf
[2012/11/16 15:57:36 | 000,129,965 | ---- | M] () -- C:\Users\mstcraig\Desktop\0436506850101015-01-MVS.pdf
[2012/11/16 15:57:06 | 000,168,758 | ---- | M] () -- C:\Users\mstcraig\Desktop\0436506850101015-01.pdf
[2012/11/15 21:42:07 | 000,138,890 | ---- | M] () -- C:\Users\mstcraig\Desktop\flyer.odt
[2012/11/10 13:52:13 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/11/10 13:52:13 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/10/30 15:04:12 | 000,001,100 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

========== Files Created - No Company Name ==========

[2012/11/24 17:04:12 | 000,001,593 | ---- | C] () -- C:\scu.dat
[2012/11/22 19:20:04 | 000,135,168 | RHS- | C] () -- C:\Windows\System32\usbperfw.dll
[2012/11/22 19:20:04 | 000,000,320 | ---- | C] () -- C:\Windows\tasks\NRBAEO.job
[2012/11/16 16:06:27 | 022,696,339 | ---- | C] () -- C:\Users\mstcraig\Desktop\TAS LoudspeakerGuide 2012.pdf
[2012/11/16 15:57:35 | 000,129,965 | ---- | C] () -- C:\Users\mstcraig\Desktop\0436506850101015-01-MVS.pdf
[2012/11/16 15:57:02 | 000,168,758 | ---- | C] () -- C:\Users\mstcraig\Desktop\0436506850101015-01.pdf
[2012/10/30 15:04:12 | 000,001,100 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk
[2012/10/10 19:36:32 | 000,016,358 | ---- | C] () -- C:\Users\mstcraig\dsp_stereo_tool.ini
[2012/08/18 18:33:45 | 000,384,844 | ---- | C] () -- C:\Users\mstcraig\AppData\Local\funmoods-speeddial.crx
[2012/06/29 14:26:20 | 000,178,688 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2012/06/04 19:21:03 | 000,000,130 | ---- | C] () -- C:\Windows\EQUALIZER.INI
[2012/02/18 12:18:09 | 000,003,584 | ---- | C] () -- C:\Users\mstcraig\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/26 13:23:40 | 000,000,115 | ---- | C] () -- C:\Windows\wininit.ini
[2011/09/15 01:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin
[2011/04/22 14:31:52 | 076,004,920 | -H-- | C] () -- C:\ProgramData\utebus23ila.dat
[2011/03/08 20:22:25 | 000,007,596 | ---- | C] () -- C:\Users\mstcraig\AppData\Local\Resmon.ResmonCfg
[2010/12/01 17:20:02 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/12/01 16:27:34 | 000,000,132 | ---- | C] () -- C:\Users\mstcraig\AppData\Local\mv_Photo.xml
[2010/12/01 16:27:34 | 000,000,123 | ---- | C] () -- C:\Users\mstcraig\AppData\Local\mv_music.xml

========== ZeroAccess Check ==========

[2009/07/13 23:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/13 20:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Custom Scans ==========

< "%WinDir%\$NtUninstallKB*$." /30 >

< C:\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2012/11/22 19:20:04 | 000,135,168 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\usbperfw.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\drivers\*.sys /90 >
[2012/09/29 18:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\system32\drivers\mbam.sys

< %SYSTEMDRIVE%\*.exe >
[2008/04/11 07:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

< MD5 for: AFD.SYS >
[2010/11/20 03:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011/04/24 21:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011/04/24 21:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011/04/24 22:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys

< MD5 for: ATAPI.SYS >
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2010/11/20 07:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

< MD5 for: NETBT.SYS >
[2010/11/20 03:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\System32\drivers\netbt.sys
[2010/11/20 03:39:44 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=280122DDCF04B378EDD1AD54D71C1E54 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.1.7601.17514_none_626c324d55864070\netbt.sys

< MD5 for: TDX.SYS >
[2010/11/20 03:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\System32\drivers\tdx.sys
[2010/11/20 03:39:17 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=B459575348C20E8121D6039DA063C704 -- C:\Windows\winsxs\x86_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_ec4532373a57c1c2\tdx.sys

< MD5 for: VOLSNAP.SYS >
[2010/11/20 07:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\drivers\volsnap.sys
[2010/11/20 07:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_6dee0205881d1a1d\volsnap.sys
[2010/11/20 07:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< MD5 for: WININIT.EXE >
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/13 20:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

< MD5 for: WINLOGON.EXE >
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 07:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/09/29 18:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012/11/21 17:11:44 | 000,890,008 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012/11/21 17:11:45 | 000,916,960 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012/07/09 23:09:02 | 001,250,328 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide [2010/11/20 07:17:13 | 000,176,128 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2010/11/20 07:22:51 | 000,673,040 | ---- | M] (Microsoft Corporation)

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB56032$] -> Error: Cannot create file handle -> Unknown point type

< End of report >

The second OTL log labled "extras":

OTL Extras logfile created on: 11/24/2012 7:12:52 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\mstcraig\Desktop
Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1011.90 Mb Total Physical Memory | 390.12 Mb Available Physical Memory | 38.55% Memory free
1.99 Gb Paging File | 1.26 Gb Available in Paging File | 63.51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216.66 Gb Total Space | 188.95 Gb Free Space | 87.21% Space Free | Partition Type: NTFS
Drive D: | 15.93 Gb Total Space | 2.56 Gb Free Space | 16.06% Space Free | Partition Type: NTFS
Drive F: | 1.91 Gb Total Space | 1.17 Gb Free Space | 61.08% Space Free | Partition Type: FAT32
Drive G: | 7.45 Gb Total Space | 3.99 Gb Free Space | 53.59% Space Free | Partition Type: FAT32

Computer Name: MSTCRAIG-HP | User Name: mstcraig | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-3610542846-2152132565-3389012359-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" (XnView, http://www.xnview.com)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4D90D323-509A-419D-8A89-8E4539F2D6DD}" = lport=5353 | protocol=17 | dir=in | name=java™ platform se binary |
"{81E9BF1A-63A4-4FAC-A643-B700EEA5207A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9DA876DC-E6D9-4F69-AC78-0963EF7D7570}" = lport=8182 | protocol=6 | dir=in | name=java™ platform se binary |
"{9FFFEB2D-E2E2-441F-B434-94D81E7CB012}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02895D4E-86BB-456D-93B6-BD7151E61FB8}" = protocol=17 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |
"{1F412A2D-E0A0-4732-8C03-0CA1CC41403C}" = protocol=6 | dir=in | app=c:\windows\system32\zonelabs\vsmon.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{1B7DCF2E-774A-11E0-9986-0013D3D69929}" = Vegas Pro 10.0
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{229B6751-774A-11E0-BCAE-0013D3D69929}" = MSVCRT Redists
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32E05824-A0AC-4DFE-B965-5F52C28FBE9F}_is1" = EPS Viewer
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4B156358-CE9C-4E9F-8CAD-79AE86A68C60}" = HP Power Manager
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{51071D66-D034-4239-94E0-723FCA10B6FE}" = OpenOffice.org 3.4
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1" = Auslogics Registry Cleaner
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{98c5f546-4424-4e41-90e3-6ff8562c0cea}" = Nero 9 Essentials
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B5FC1E1B-E70D-45F1-8E40-A3C30698B323}" = HP Wireless Assistant
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{E05DB9F9-C8E7-45F2-BE9E-76D4C447CE9B}" = HP Software Framework
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity_is1" = Audacity 2.0
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner
"ESET Online Scanner" = ESET Online Scanner v3
"FLAC" = FLAC 1.2.1b (remove only)
"Foxit Reader_is1" = Foxit Reader
"Google Chrome" = Google Chrome
"HDMI" = Intel® Graphics Media Accelerator Driver
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.9.5 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"Mozilla Firefox 17.0 (x86 en-US)" = Mozilla Firefox 17.0 (x86 en-US)
"My HP Game Console" = HP Game Console
"Revo Uninstaller" = Revo Uninstaller 1.94
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.3
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WT087361" = FATE
"WT087374" = Jewel Quest - Heritage
"WT087385" = JoJo's Fashion Show
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087408" = Skip-Bo - Castaway Caper
"WT087409" = Tradewinds Legends
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087467" = Dream Chronicles
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087495" = Mahjongg Artifacts
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"XnView_is1" = XnView 1.98.2
"ZoneAlarm" = ZoneAlarm

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10/7/2012 11:47:05 AM | Computer Name = mstcraig-HP | Source = Application Hang | ID = 1002
Description = The program firefox.exe version 15.0.1.4631 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f44 Start
Time: 01cda4a25f1aaced Termination Time: 34 Application Path: C:\Program Files\Mozilla
Firefox\firefox.exe Report Id: 3ccca2a3-1096-11e2-89c4-68b599d7ff9d

Error - 10/30/2012 3:35:35 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:35:36 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:01 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:02 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:03 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:04 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:06 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 10/30/2012 3:36:07 PM | Computer Name = mstcraig-HP | Source = MsiInstaller | ID = 11500
Description =

Error - 11/4/2012 4:35:55 PM | Computer Name = mstcraig-HP | Source = Application Hang | ID = 1002
Description = The program mpc-hc.exe version 1.6.3.5140 stopped interacting with
Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: f20 Start
Time: 01cdbabbdf3b524b Termination Time: 76 Application Path: C:\Program Files\K-Lite
Codec Pack\Media Player Classic\mpc-hc.exe Report Id: 38455ead-26bf-11e2-893d-68b599d7ff9d


[ HP Wireless Assistant Events ]
Error - 12/1/2010 5:44:10 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:45:10 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:46:10 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:47:10 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:48:10 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:49:11 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:50:11 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:51:11 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:52:11 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

Error - 12/1/2010 5:53:11 PM | Computer Name = mstcraig-HP | Source = HP WA Service | ID = 0
Description = System.Runtime.InteropServices.COMException The RPC server is unavailable.
(Exception from HRESULT: 0x800706BA) at System.Runtime.InteropServices.Marshal.ThrowExceptionForHRInternal(Int32
errorCode, IntPtr errorInfo) at System.Management.ManagementScope.InitializeGuts(Object
o) at System.Management.ManagementScope.Initialize() at System.Management.ManagementObject.Initialize(Boolean
getObject) at System.Management.ManagementBaseObject.get_Properties() at System.Management.ManagementBaseObject.GetPropertyValue(String
propertyName) at System.Management.ManagementBaseObject.get_Item(String propertyName)

at HPPA_Service.CurrentConfiguration.<ReloadRadioList>b__c()

[ System Events ]
Error - 11/23/2012 1:08:51 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 11/24/2012 2:06:32 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/24/2012 2:08:32 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 11/24/2012 6:13:57 PM | Computer Name = mstcraig-HP | Source = DCOM | ID = 10010
Description =

Error - 11/24/2012 6:15:23 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/24/2012 6:17:24 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 11/24/2012 7:45:09 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/24/2012 7:47:09 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3

Error - 11/24/2012 7:59:20 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 11/24/2012 8:01:20 PM | Computer Name = mstcraig-HP | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate) service failed to start due to
the following error: %%3


< End of report >

BC AdBot (Login to Remove)

 


#2 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 26 November 2012 - 06:40 PM

Hello and welcome to the forums!

My secret agent name on the forums is SweetTech (you can call me ST for short), it's a pleasure to meet you. :)

I'll be addressing you by your username, if you'd like me to address you by something else, please let me know!

I would be glad to take a look at your log and help you with solving any malware problems.

If you have since resolved the issues you were originally experiencing, or have received help elsewhere, please inform me so that this topic can be closed.

If you have not, please adhere to the guidelines below and then follow instructions as outlined further below:


  • Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post. Please remember, I am a volunteer, and I do have a life outside of these forums.
  • Please make sure to carefully read any instruction that I give you. Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
  • In Windows Vista and Windows 7, all tools need to be started by right clicking and selecting Run as Administrator!
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • Do not do things I do not ask for, such as running a spyware scan on your computer. The one thing that you should always do, is to make sure sure that your anti-virus definitions are up-to-date!
  • Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
  • I am going to stick with you until ALL malware is gone from your system. I would appreciate it if you would do the same. From this point, we're in this together ;)

    • Because of this, you must reply within 3 days failure to reply will result in the topic being closed! I like chocolate chip cookies.
  • Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to resort to reformatting and reinstalling your operating system or even taking your computer into a repair shop.

    • Don't worry, this only happens in severe cases, but it sadly does happen. Be prepared to back up your data and have means of backing up your data available.

____________________________________________________

Can you please post the log files from all of the tools you've run so far. I have an idea of where the issue is, but want to see what the other logs are showing me.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#3 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 27 November 2012 - 09:47 PM

Hi ST- I came to this forum and read your encounter with Art_B from May about the same issue, so I know I'm in good hands!


As you have the OTL Logs,I'll give you the CF log next:

ComboFix 12-11-25.01 - mstcraig 11/25/2012 15:44:40.1.2 - x86
Microsoft Windows 7 Starter 6.1.7601.1.1252.1.1033.18.1012.547 [GMT -5:00]
Running from: c:\users\mstcraig\Desktop\ComboFix.exe
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Bcool
c:\programdata\Bcool\background.html
c:\programdata\Bcool\content.js
c:\programdata\Bcool\nibhdcoaeeaabgecallhoogkoaiocpmo.crx
c:\programdata\Bcool\settings.ini
c:\users\Public\AlexaNSISPlugin.3220.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-25 to 2012-11-25 )))))))))))))))))))))))))))))))
.
.
2012-11-25 20:59 . 2012-11-25 21:02 -------- d-----w- c:\users\mstcraig\AppData\Local\temp
2012-11-25 20:59 . 2012-11-25 20:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 03:44 . 2012-10-23 22:40 62688 ----a-w- c:\windows\system32\drivers\PCTBD.sys
2012-11-25 03:44 . 2012-10-23 22:40 769144 ----a-w- c:\windows\BDTSupport.dll
2012-11-25 03:34 . 2012-11-01 20:35 202280 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-11-25 03:34 . 2012-11-25 03:41 -------- d-----w- c:\program files\PC Tools
2012-11-25 03:33 . 2012-11-25 03:41 -------- d-----w- c:\programdata\PC Tools
2012-11-25 03:33 . 2012-11-25 03:33 -------- d-----w- c:\users\mstcraig\AppData\Roaming\TestApp
2012-11-25 02:48 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-25 02:48 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-25 02:48 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-25 02:48 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-25 02:48 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-25 02:47 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-25 02:47 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-25 02:47 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-25 02:47 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-25 02:47 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-25 02:46 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-11-25 02:46 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-11-25 02:46 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-11-25 02:46 . 2012-09-14 18:28 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-25 02:44 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-25 02:43 . 2012-06-02 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-11-25 02:43 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\system32\crypt32.dll
2012-11-25 02:43 . 2012-06-02 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-11-25 02:43 . 2012-08-24 16:57 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-11-25 02:43 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-25 02:43 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-25 02:43 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-11-25 02:43 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-11-25 02:43 . 2012-08-31 17:18 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-11-25 02:43 . 2012-09-25 22:47 78336 ----a-w- c:\windows\system32\synceng.dll
2012-11-25 02:43 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-25 02:43 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2012-11-24 23:56 . 2012-11-24 23:56 -------- d-----w- C:\_OTL
2012-11-24 21:58 . 2012-11-24 21:58 -------- d-----w- c:\program files\ESET
2012-11-23 00:20 . 2012-11-23 00:20 135168 --sha-r- c:\windows\system32\usbperfw.dll
2012-11-10 18:52 . 2012-11-10 18:52 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-06 20:32 . 2012-11-06 20:32 -------- d-----w- c:\users\mstcraig\AppData\Roaming\Foxit Software
2012-10-30 20:04 . 2012-10-30 20:04 -------- d-----w- c:\program files\Foxit Software
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-24 21:05 . 2011-12-08 21:48 14664 ----a-w- c:\windows\stinger.sys
2012-11-10 18:52 . 2012-10-14 18:49 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-23 21:30 . 2012-11-25 03:44 3488 ----a-w- c:\windows\UDB.zip
2012-10-23 21:30 . 2012-11-25 03:44 131 ----a-w- c:\windows\IDB.zip
2012-09-29 23:54 . 2012-10-21 17:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 22:17 . 2012-08-30 22:17 159608 ----a-w- c:\windows\system32\mfevtps.exe.0b37.deleteme
2012-11-21 22:11 . 2012-11-21 22:11 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Media Suite.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Media Suite.lnk
backup=c:\windows\pss\HP Media Suite.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WhiteSmoke 2011.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\WhiteSmoke 2011.lnk
backup=c:\windows\pss\WhiteSmoke 2011.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2010-10-25 09:20 173592 ----a-w- c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-07-22 22:33 150528 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPWirelessAssistant]
2010-06-18 23:26 8192 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-10-13 18:25 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2010-10-25 09:20 141848 ----a-w- c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2010-10-25 09:20 150552 ----a-w- c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 08:36 2299176 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
2010-06-09 09:06 495708 ----a-w- c:\program files\IDT\WDM\sttray.exe
.
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 pctplsm;pctplsm;c:\windows\System32\drivers\pctplsm.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
R4 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R4 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [x]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS FontCache fdrespub AppIDSvc QWAVE wcncsvc
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
GPSvcGroup REG_MULTI_SZ GPSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-25 c:\windows\Tasks\NRBAEO.job
- c:\windows\system32\usbperfw.dll [2012-11-23 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
TCP: DhcpNameServer = 192.168.254.254 192.168.254.254
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-DVMOOBE - c:\swsetup\HPQWMM\QuickWeb\QW.SYS\config\HP_QW_OOBE.exe
MSConfigStartUp-HP Quick Launch - c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\QTTask.exe
MSConfigStartUp-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
MSConfigStartUp-ZumoDrive - c:\program files\Hewlett-Packard\HP CloudDrive\ZumoLauncher.lnk
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-11-25 16:09:15 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-25 21:09
.
Pre-Run: 200,761,573,376 bytes free
Post-Run: 200,442,150,912 bytes free
.
- - End Of File - - 74E999AC14D016C1939E53C8397B6C3B


Next up is the TDSS Log:

16:12:21.0235 2656 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:12:21.0750 2656 ============================================================
16:12:21.0750 2656 Current date / time: 2012/11/25 16:12:21.0750
16:12:21.0750 2656 SystemInfo:
16:12:21.0750 2656
16:12:21.0750 2656 OS Version: 6.1.7601 ServicePack: 1.0
16:12:21.0750 2656 Product type: Workstation
16:12:21.0750 2656 ComputerName: MSTCRAIG-HP
16:12:21.0750 2656 UserName: mstcraig
16:12:21.0750 2656 Windows directory: C:\Windows
16:12:21.0750 2656 System windows directory: C:\Windows
16:12:21.0750 2656 Processor architecture: Intel x86
16:12:21.0750 2656 Number of processors: 2
16:12:21.0750 2656 Page size: 0x1000
16:12:21.0750 2656 Boot type: Normal boot
16:12:21.0750 2656 ============================================================
16:12:22.0733 2656 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:12:22.0733 2656 Drive \Device\Harddisk1\DR1 - Size: 0x1DD180000 (7.45 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:12:22.0748 2656 Drive \Device\Harddisk2\DR2 - Size: 0x7A800000 (1.91 Gb), SectorSize: 0x200, Cylinders: 0xF9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:12:22.0748 2656 ============================================================
16:12:22.0748 2656 \Device\Harddisk0\DR0:
16:12:22.0748 2656 MBR partitions:
16:12:22.0748 2656 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:12:22.0748 2656 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B153800
16:12:22.0748 2656 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1B1B7800, BlocksNum 0x1FDA000
16:12:22.0748 2656 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
16:12:22.0748 2656 \Device\Harddisk1\DR1:
16:12:22.0748 2656 MBR partitions:
16:12:22.0748 2656 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xEE8BE0
16:12:22.0748 2656 \Device\Harddisk2\DR2:
16:12:22.0748 2656 MBR partitions:
16:12:22.0748 2656 ============================================================
16:12:22.0780 2656 C: <-> \Device\Harddisk0\DR0\Partition2
16:12:22.0826 2656 D: <-> \Device\Harddisk0\DR0\Partition3
16:12:22.0826 2656 ============================================================
16:12:22.0826 2656 Initialize success
16:12:22.0826 2656 ============================================================
16:12:24.0948 0428 ============================================================
16:12:24.0948 0428 Scan started
16:12:24.0948 0428 Mode: Manual;
16:12:24.0948 0428 ============================================================
16:12:25.0525 0428 ================ Scan system memory ========================
16:12:25.0525 0428 System memory - ok
16:12:25.0525 0428 ================ Scan services =============================
16:12:25.0822 0428 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:12:25.0837 0428 1394ohci - ok
16:12:25.0868 0428 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:12:25.0884 0428 ACPI - ok
16:12:25.0931 0428 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:12:25.0931 0428 AcpiPmi - ok
16:12:25.0993 0428 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:12:26.0009 0428 adp94xx - ok
16:12:26.0056 0428 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:12:26.0071 0428 adpahci - ok
16:12:26.0102 0428 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:12:26.0102 0428 adpu320 - ok
16:12:26.0149 0428 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:12:26.0149 0428 AeLookupSvc - ok
16:12:26.0274 0428 [ 827DBC22C96EECF6D36A13162FABAFD3 ] AESTFilters C:\Program Files\IDT\WDM\aestsrv.exe
16:12:26.0274 0428 AESTFilters - ok
16:12:26.0352 0428 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:12:26.0368 0428 AFD - ok
16:12:26.0414 0428 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:12:26.0414 0428 agp440 - ok
16:12:26.0461 0428 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:12:26.0461 0428 aic78xx - ok
16:12:26.0508 0428 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:12:26.0524 0428 ALG - ok
16:12:26.0570 0428 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:12:26.0586 0428 aliide - ok
16:12:26.0617 0428 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:12:26.0617 0428 amdagp - ok
16:12:26.0633 0428 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:12:26.0648 0428 amdide - ok
16:12:26.0680 0428 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:12:26.0695 0428 AmdK8 - ok
16:12:26.0711 0428 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:12:26.0711 0428 AmdPPM - ok
16:12:26.0773 0428 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:12:26.0773 0428 amdsata - ok
16:12:26.0820 0428 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:12:26.0820 0428 amdsbs - ok
16:12:26.0836 0428 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:12:26.0851 0428 amdxata - ok
16:12:26.0914 0428 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:12:26.0914 0428 AppID - ok
16:12:26.0976 0428 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:12:26.0976 0428 AppIDSvc - ok
16:12:27.0038 0428 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:12:27.0038 0428 Appinfo - ok
16:12:27.0116 0428 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:12:27.0116 0428 arc - ok
16:12:27.0163 0428 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:12:27.0163 0428 arcsas - ok
16:12:27.0210 0428 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:12:27.0210 0428 AsyncMac - ok
16:12:27.0257 0428 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:12:27.0257 0428 atapi - ok
16:12:27.0335 0428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:12:27.0350 0428 AudioEndpointBuilder - ok
16:12:27.0366 0428 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:12:27.0366 0428 Audiosrv - ok
16:12:27.0460 0428 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:12:27.0460 0428 AxInstSV - ok
16:12:27.0538 0428 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:12:27.0553 0428 b06bdrv - ok
16:12:27.0616 0428 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:12:27.0616 0428 b57nd60x - ok
16:12:27.0740 0428 [ 9C3B534854F0152ED4711D936A2192EB ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
16:12:27.0850 0428 BCM43XX - ok
16:12:27.0912 0428 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:12:27.0912 0428 BDESVC - ok
16:12:27.0943 0428 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:12:27.0959 0428 Beep - ok
16:12:28.0021 0428 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:12:28.0037 0428 BFE - ok
16:12:28.0099 0428 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll
16:12:28.0146 0428 BITS - ok
16:12:28.0193 0428 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:12:28.0193 0428 blbdrive - ok
16:12:28.0255 0428 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:12:28.0255 0428 bowser - ok
16:12:28.0286 0428 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:12:28.0286 0428 BrFiltLo - ok
16:12:28.0318 0428 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:12:28.0318 0428 BrFiltUp - ok
16:12:28.0349 0428 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
16:12:28.0349 0428 BridgeMP - ok
16:12:28.0396 0428 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:12:28.0396 0428 Browser - ok
16:12:28.0552 0428 [ 52C724DAC8ADDC50F593E331A9863979 ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
16:12:28.0598 0428 Browser Defender Update Service - ok
16:12:28.0645 0428 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:12:28.0661 0428 Brserid - ok
16:12:28.0692 0428 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:12:28.0692 0428 BrSerWdm - ok
16:12:28.0723 0428 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:12:28.0723 0428 BrUsbMdm - ok
16:12:28.0754 0428 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:12:28.0754 0428 BrUsbSer - ok
16:12:28.0786 0428 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:12:28.0786 0428 BTHMODEM - ok
16:12:28.0832 0428 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:12:28.0832 0428 bthserv - ok
16:12:28.0957 0428 catchme - ok
16:12:28.0988 0428 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:12:29.0004 0428 cdfs - ok
16:12:29.0051 0428 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:12:29.0051 0428 cdrom - ok
16:12:29.0113 0428 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:12:29.0129 0428 CertPropSvc - ok
16:12:29.0160 0428 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:12:29.0160 0428 circlass - ok
16:12:29.0207 0428 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:12:29.0207 0428 CLFS - ok
16:12:29.0285 0428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:12:29.0285 0428 clr_optimization_v2.0.50727_32 - ok
16:12:29.0332 0428 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:12:29.0332 0428 CmBatt - ok
16:12:29.0378 0428 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:12:29.0378 0428 cmdide - ok
16:12:29.0410 0428 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
16:12:29.0425 0428 CNG - ok
16:12:29.0456 0428 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:12:29.0472 0428 Compbatt - ok
16:12:29.0519 0428 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:12:29.0519 0428 CompositeBus - ok
16:12:29.0550 0428 COMSysApp - ok
16:12:29.0581 0428 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:12:29.0581 0428 crcdisk - ok
16:12:29.0628 0428 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:12:29.0628 0428 CryptSvc - ok
16:12:29.0675 0428 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:12:29.0690 0428 DcomLaunch - ok
16:12:29.0737 0428 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:12:29.0753 0428 defragsvc - ok
16:12:29.0800 0428 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:12:29.0800 0428 DfsC - ok
16:12:29.0878 0428 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:12:29.0893 0428 Dhcp - ok
16:12:29.0940 0428 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:12:29.0940 0428 discache - ok
16:12:29.0987 0428 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:12:29.0987 0428 Disk - ok
16:12:30.0034 0428 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:12:30.0034 0428 Dnscache - ok
16:12:30.0080 0428 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:12:30.0096 0428 dot3svc - ok
16:12:30.0143 0428 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:12:30.0143 0428 DPS - ok
16:12:30.0174 0428 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:12:30.0174 0428 drmkaud - ok
16:12:30.0236 0428 [ FF7A7A1E0F9A0AB892A454FFB9D14BBE ] DVMIO C:\Windows\system32\DRIVERS\dvmio.sys
16:12:30.0236 0428 DVMIO - ok
16:12:30.0283 0428 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:12:30.0314 0428 DXGKrnl - ok
16:12:30.0346 0428 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:12:30.0346 0428 EapHost - ok
16:12:30.0470 0428 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:12:30.0580 0428 ebdrv - ok
16:12:30.0626 0428 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:12:30.0626 0428 EFS - ok
16:12:30.0720 0428 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:12:30.0736 0428 elxstor - ok
16:12:30.0767 0428 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:12:30.0767 0428 ErrDev - ok
16:12:30.0845 0428 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:12:30.0845 0428 EventSystem - ok
16:12:30.0892 0428 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:12:30.0892 0428 exfat - ok
16:12:30.0923 0428 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:12:30.0923 0428 fastfat - ok
16:12:30.0985 0428 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:12:31.0001 0428 Fax - ok
16:12:31.0048 0428 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:12:31.0048 0428 fdc - ok
16:12:31.0079 0428 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:12:31.0094 0428 fdPHost - ok
16:12:31.0110 0428 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:12:31.0110 0428 FDResPub - ok
16:12:31.0141 0428 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:12:31.0157 0428 FileInfo - ok
16:12:31.0172 0428 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:12:31.0188 0428 Filetrace - ok
16:12:31.0204 0428 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:12:31.0204 0428 flpydisk - ok
16:12:31.0235 0428 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:12:31.0235 0428 FltMgr - ok
16:12:31.0297 0428 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
16:12:31.0344 0428 FontCache - ok
16:12:31.0406 0428 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:12:31.0406 0428 FontCache3.0.0.0 - ok
16:12:31.0438 0428 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:12:31.0438 0428 FsDepends - ok
16:12:31.0469 0428 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:12:31.0484 0428 Fs_Rec - ok
16:12:31.0547 0428 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:12:31.0547 0428 fvevol - ok
16:12:31.0594 0428 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:12:31.0594 0428 gagp30kx - ok
16:12:31.0640 0428 [ CE16683CFD11FE70BDE435DDA5EA1FCA ] GameConsoleService C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe
16:12:31.0656 0428 GameConsoleService - ok
16:12:31.0703 0428 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:12:31.0718 0428 gpsvc - ok
16:12:31.0812 0428 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:12:31.0828 0428 hcw85cir - ok
16:12:31.0874 0428 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:12:31.0890 0428 HdAudAddService - ok
16:12:31.0937 0428 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:12:31.0937 0428 HDAudBus - ok
16:12:31.0968 0428 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:12:31.0984 0428 HidBatt - ok
16:12:31.0999 0428 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:12:31.0999 0428 HidBth - ok
16:12:32.0030 0428 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:12:32.0030 0428 HidIr - ok
16:12:32.0062 0428 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll
16:12:32.0077 0428 hidserv - ok
16:12:32.0124 0428 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:12:32.0124 0428 HidUsb - ok
16:12:32.0186 0428 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:12:32.0186 0428 hkmsvc - ok
16:12:32.0249 0428 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:12:32.0249 0428 HomeGroupListener - ok
16:12:32.0311 0428 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:12:32.0311 0428 HomeGroupProvider - ok
16:12:32.0436 0428 [ 3A09322A8AA8B0C79036686A0EBE7B4C ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
16:12:32.0436 0428 HP Wireless Assistant Service - ok
16:12:32.0514 0428 [ 881F74074963CDAD8C475D09DC3A0BB6 ] HPDrvMntSvc.exe C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:12:32.0514 0428 HPDrvMntSvc.exe - ok
16:12:32.0732 0428 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
16:12:32.0748 0428 hpqcxs08 - ok
16:12:32.0779 0428 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
16:12:32.0795 0428 hpqddsvc - ok
16:12:32.0888 0428 [ FE51B163A618B1CBF015485D21C1BC68 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
16:12:32.0920 0428 hpqwmiex - ok
16:12:32.0966 0428 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:12:32.0966 0428 HpSAMD - ok
16:12:33.0029 0428 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:12:33.0060 0428 HTTP - ok
16:12:33.0091 0428 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:12:33.0091 0428 hwpolicy - ok
16:12:33.0138 0428 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:12:33.0138 0428 i8042prt - ok
16:12:33.0216 0428 [ 660BF3255A1EB18ED803FD2FBA6AE400 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
16:12:33.0216 0428 IAANTMON - ok
16:12:33.0278 0428 [ 0BAA4115DFFFD6A6D809A89D65E1281A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:12:33.0294 0428 iaStor - ok
16:12:33.0341 0428 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:12:33.0356 0428 iaStorV - ok
16:12:33.0450 0428 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:12:33.0481 0428 idsvc - ok
16:12:33.0668 0428 [ BA41E1BBA410212CE6D30E0DAC47972B ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:12:33.0824 0428 igfx - ok
16:12:33.0871 0428 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:12:33.0871 0428 iirsp - ok
16:12:33.0949 0428 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:12:33.0980 0428 IKEEXT - ok
16:12:34.0058 0428 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:12:34.0058 0428 intelide - ok
16:12:34.0105 0428 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:12:34.0105 0428 intelppm - ok
16:12:34.0136 0428 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:12:34.0152 0428 IPBusEnum - ok
16:12:34.0168 0428 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:12:34.0183 0428 IpFilterDriver - ok
16:12:34.0230 0428 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:12:34.0246 0428 iphlpsvc - ok
16:12:34.0277 0428 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:12:34.0277 0428 IPMIDRV - ok
16:12:34.0324 0428 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:12:34.0324 0428 IPNAT - ok
16:12:34.0355 0428 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:12:34.0355 0428 IRENUM - ok
16:12:34.0386 0428 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:12:34.0386 0428 isapnp - ok
16:12:34.0417 0428 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:12:34.0417 0428 iScsiPrt - ok
16:12:34.0448 0428 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:12:34.0464 0428 kbdclass - ok
16:12:34.0495 0428 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:12:34.0495 0428 kbdhid - ok
16:12:34.0526 0428 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:12:34.0526 0428 KeyIso - ok
16:12:34.0558 0428 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:12:34.0573 0428 KSecDD - ok
16:12:34.0589 0428 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:12:34.0604 0428 KSecPkg - ok
16:12:34.0651 0428 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:12:34.0667 0428 KtmRm - ok
16:12:34.0729 0428 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll
16:12:34.0745 0428 LanmanServer - ok
16:12:34.0807 0428 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:12:34.0823 0428 LanmanWorkstation - ok
16:12:34.0870 0428 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:12:34.0870 0428 lltdio - ok
16:12:34.0916 0428 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:12:34.0932 0428 lltdsvc - ok
16:12:34.0948 0428 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:12:34.0963 0428 lmhosts - ok
16:12:34.0994 0428 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:12:34.0994 0428 LSI_FC - ok
16:12:35.0026 0428 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:12:35.0041 0428 LSI_SAS - ok
16:12:35.0057 0428 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:12:35.0057 0428 LSI_SAS2 - ok
16:12:35.0088 0428 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:12:35.0088 0428 LSI_SCSI - ok
16:12:35.0135 0428 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:12:35.0135 0428 luafv - ok
16:12:35.0166 0428 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:12:35.0166 0428 megasas - ok
16:12:35.0197 0428 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:12:35.0197 0428 MegaSR - ok
16:12:35.0228 0428 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:12:35.0244 0428 MMCSS - ok
16:12:35.0275 0428 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:12:35.0275 0428 Modem - ok
16:12:35.0306 0428 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:12:35.0322 0428 monitor - ok
16:12:35.0369 0428 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:12:35.0369 0428 mouclass - ok
16:12:35.0384 0428 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:12:35.0384 0428 mouhid - ok
16:12:35.0431 0428 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:12:35.0431 0428 mountmgr - ok
16:12:35.0478 0428 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:12:35.0478 0428 mpio - ok
16:12:35.0525 0428 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:12:35.0525 0428 mpsdrv - ok
16:12:35.0587 0428 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:12:35.0618 0428 MpsSvc - ok
16:12:35.0650 0428 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:12:35.0665 0428 MRxDAV - ok
16:12:35.0696 0428 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:12:35.0712 0428 mrxsmb - ok
16:12:35.0759 0428 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:12:35.0759 0428 mrxsmb10 - ok
16:12:35.0774 0428 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:12:35.0790 0428 mrxsmb20 - ok
16:12:35.0821 0428 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:12:35.0821 0428 msahci - ok
16:12:35.0852 0428 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:12:35.0852 0428 msdsm - ok
16:12:35.0899 0428 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:12:35.0899 0428 MSDTC - ok
16:12:35.0946 0428 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:12:35.0946 0428 Msfs - ok
16:12:35.0962 0428 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:12:35.0977 0428 mshidkmdf - ok
16:12:35.0993 0428 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:12:36.0008 0428 msisadrv - ok
16:12:36.0040 0428 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:12:36.0055 0428 MSiSCSI - ok
16:12:36.0071 0428 msiserver - ok
16:12:36.0102 0428 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:12:36.0102 0428 MSKSSRV - ok
16:12:36.0118 0428 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:12:36.0133 0428 MSPCLOCK - ok
16:12:36.0149 0428 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:12:36.0149 0428 MSPQM - ok
16:12:36.0180 0428 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:12:36.0196 0428 MsRPC - ok
16:12:36.0242 0428 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:12:36.0242 0428 mssmbios - ok
16:12:36.0258 0428 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:12:36.0274 0428 MSTEE - ok
16:12:36.0289 0428 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:12:36.0289 0428 MTConfig - ok
16:12:36.0320 0428 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:12:36.0320 0428 Mup - ok
16:12:36.0383 0428 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:12:36.0398 0428 napagent - ok
16:12:36.0445 0428 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:12:36.0461 0428 NativeWifiP - ok
16:12:36.0523 0428 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:12:36.0539 0428 NDIS - ok
16:12:36.0586 0428 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:12:36.0586 0428 NdisCap - ok
16:12:36.0617 0428 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:12:36.0617 0428 NdisTapi - ok
16:12:36.0695 0428 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:12:36.0695 0428 Ndisuio - ok
16:12:36.0757 0428 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:12:36.0773 0428 NdisWan - ok
16:12:36.0804 0428 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:12:36.0804 0428 NDProxy - ok
16:12:36.0976 0428 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
16:12:37.0007 0428 Nero BackItUp Scheduler 4.0 - ok
16:12:37.0069 0428 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
16:12:37.0085 0428 Net Driver HPZ12 - ok
16:12:37.0132 0428 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:12:37.0132 0428 NetBIOS - ok
16:12:37.0194 0428 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:12:37.0194 0428 NetBT - ok
16:12:37.0210 0428 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:12:37.0225 0428 Netlogon - ok
16:12:37.0272 0428 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:12:37.0288 0428 Netman - ok
16:12:37.0319 0428 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:12:37.0334 0428 netprofm - ok
16:12:37.0381 0428 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:12:37.0381 0428 NetTcpPortSharing - ok
16:12:37.0537 0428 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys
16:12:37.0693 0428 netw5v32 - ok
16:12:37.0740 0428 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:12:37.0740 0428 nfrd960 - ok
16:12:37.0787 0428 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:12:37.0787 0428 NlaSvc - ok
16:12:37.0818 0428 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:12:37.0818 0428 Npfs - ok
16:12:37.0865 0428 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:12:37.0865 0428 nsi - ok
16:12:37.0896 0428 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:12:37.0896 0428 nsiproxy - ok
16:12:37.0958 0428 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:12:38.0005 0428 Ntfs - ok
16:12:38.0036 0428 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:12:38.0052 0428 Null - ok
16:12:38.0068 0428 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:12:38.0083 0428 nvraid - ok
16:12:38.0130 0428 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:12:38.0130 0428 nvstor - ok
16:12:38.0161 0428 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:12:38.0161 0428 nv_agp - ok
16:12:38.0208 0428 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:12:38.0208 0428 ohci1394 - ok
16:12:38.0255 0428 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:12:38.0255 0428 p2pimsvc - ok
16:12:38.0286 0428 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:12:38.0317 0428 p2psvc - ok
16:12:38.0348 0428 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:12:38.0348 0428 Parport - ok
16:12:38.0380 0428 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:12:38.0395 0428 partmgr - ok
16:12:38.0411 0428 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:12:38.0411 0428 Parvdm - ok
16:12:38.0442 0428 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:12:38.0442 0428 PcaSvc - ok
16:12:38.0489 0428 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:12:38.0489 0428 pci - ok
16:12:38.0536 0428 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:12:38.0536 0428 pciide - ok
16:12:38.0567 0428 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:12:38.0567 0428 pcmcia - ok
16:12:38.0614 0428 [ 9DCE45B0DC51EBB7CD7063F8C3B086D0 ] PCTBD C:\Windows\system32\Drivers\PCTBD.sys
16:12:38.0614 0428 PCTBD - ok
16:12:38.0660 0428 [ 07D9D16537B6969F2BBE00485F10D5BA ] PCTCore C:\Windows\system32\drivers\PCTCore.sys
16:12:38.0676 0428 PCTCore - ok
16:12:38.0723 0428 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\Windows\system32\drivers\pctDS.sys
16:12:38.0738 0428 pctDS - ok
16:12:38.0801 0428 [ DB6B6E47165B9647B215CEEB4DB33B87 ] pctEFA C:\Windows\system32\drivers\pctEFA.sys
16:12:38.0832 0428 pctEFA - ok
16:12:38.0879 0428 [ AE500FF14A222636CD10D346C37A52C4 ] pctgntdi C:\Windows\System32\drivers\pctgntdi.sys
16:12:38.0879 0428 pctgntdi - ok
16:12:38.0926 0428 [ 53CE0E9078360553FAB0BFFF1C1ECF4F ] pctplsm C:\Windows\System32\drivers\pctplsm.sys
16:12:38.0926 0428 pctplsm - ok
16:12:38.0988 0428 [ 9A073A09F22C63247964B946F04CB8A4 ] PCTSD C:\Windows\system32\Drivers\PCTSD.sys
16:12:38.0988 0428 PCTSD - ok
16:12:39.0019 0428 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:12:39.0019 0428 pcw - ok
16:12:39.0066 0428 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:12:39.0097 0428 PEAUTH - ok
16:12:39.0222 0428 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:12:39.0300 0428 pla - ok
16:12:39.0362 0428 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:12:39.0378 0428 PlugPlay - ok
16:12:39.0440 0428 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
16:12:39.0440 0428 Pml Driver HPZ12 - ok
16:12:39.0487 0428 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:12:39.0503 0428 PNRPAutoReg - ok
16:12:39.0534 0428 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:12:39.0534 0428 PNRPsvc - ok
16:12:39.0596 0428 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:12:39.0612 0428 PolicyAgent - ok
16:12:39.0690 0428 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:12:39.0706 0428 Power - ok
16:12:39.0752 0428 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:12:39.0752 0428 PptpMiniport - ok
16:12:39.0799 0428 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:12:39.0799 0428 Processor - ok
16:12:39.0846 0428 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:12:39.0862 0428 ProfSvc - ok
16:12:39.0877 0428 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:12:39.0877 0428 ProtectedStorage - ok
16:12:39.0924 0428 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:12:39.0924 0428 Psched - ok
16:12:39.0986 0428 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:12:40.0049 0428 ql2300 - ok
16:12:40.0080 0428 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:12:40.0080 0428 ql40xx - ok
16:12:40.0111 0428 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:12:40.0127 0428 QWAVE - ok
16:12:40.0158 0428 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:12:40.0174 0428 QWAVEdrv - ok
16:12:40.0189 0428 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:12:40.0205 0428 RasAcd - ok
16:12:40.0252 0428 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:12:40.0252 0428 RasAgileVpn - ok
16:12:40.0267 0428 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:12:40.0283 0428 RasAuto - ok
16:12:40.0314 0428 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:12:40.0314 0428 Rasl2tp - ok
16:12:40.0376 0428 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:12:40.0392 0428 RasMan - ok
16:12:40.0439 0428 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:12:40.0439 0428 RasPppoe - ok
16:12:40.0486 0428 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:12:40.0486 0428 RasSstp - ok
16:12:40.0517 0428 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:12:40.0517 0428 rdbss - ok
16:12:40.0548 0428 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:12:40.0548 0428 rdpbus - ok
16:12:40.0595 0428 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:12:40.0595 0428 RDPCDD - ok
16:12:40.0657 0428 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:12:40.0657 0428 RDPENCDD - ok
16:12:40.0720 0428 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:12:40.0720 0428 RDPREFMP - ok
16:12:40.0782 0428 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:12:40.0782 0428 RdpVideoMiniport - ok
16:12:40.0813 0428 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:12:40.0829 0428 RDPWD - ok
16:12:40.0907 0428 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:12:40.0907 0428 rdyboost - ok
16:12:40.0938 0428 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:12:40.0954 0428 RemoteAccess - ok
16:12:40.0985 0428 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:12:41.0000 0428 RemoteRegistry - ok
16:12:41.0032 0428 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:12:41.0032 0428 RpcEptMapper - ok
16:12:41.0078 0428 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:12:41.0078 0428 RpcLocator - ok
16:12:41.0125 0428 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\System32\rpcss.dll
16:12:41.0125 0428 RpcSs - ok
16:12:41.0219 0428 [ 2AD7B2B3D7A10AE3D534877D543EED74 ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
16:12:41.0219 0428 RSPCIESTOR - ok
16:12:41.0266 0428 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:12:41.0266 0428 rspndr - ok
16:12:41.0328 0428 [ 0516998076AD894AE7E362C3110AA071 ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
16:12:41.0328 0428 RTL8167 - ok
16:12:41.0359 0428 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:12:41.0375 0428 SamSs - ok
16:12:41.0422 0428 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:12:41.0422 0428 sbp2port - ok
16:12:41.0484 0428 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:12:41.0500 0428 SCardSvr - ok
16:12:41.0515 0428 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:12:41.0531 0428 scfilter - ok
16:12:41.0593 0428 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:12:41.0624 0428 Schedule - ok
16:12:41.0671 0428 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:12:41.0671 0428 SCPolicySvc - ok
16:12:41.0702 0428 [ AE88672774DF12BEDF76768E52D23424 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
16:12:41.0718 0428 sdAuxService - ok
16:12:41.0765 0428 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
16:12:41.0765 0428 sdbus - ok
16:12:41.0812 0428 [ 5FC31ADB3B47E00349B92E57117D2C07 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
16:12:41.0874 0428 sdCoreService - ok
16:12:41.0936 0428 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:12:41.0936 0428 SDRSVC - ok
16:12:42.0061 0428 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:12:42.0061 0428 secdrv - ok
16:12:42.0108 0428 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:12:42.0108 0428 seclogon - ok
16:12:42.0124 0428 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll
16:12:42.0139 0428 SENS - ok
16:12:42.0155 0428 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:12:42.0155 0428 Serenum - ok
16:12:42.0186 0428 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:12:42.0186 0428 Serial - ok
16:12:42.0217 0428 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:12:42.0217 0428 sermouse - ok
16:12:42.0295 0428 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:12:42.0311 0428 SessionEnv - ok
16:12:42.0342 0428 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:12:42.0342 0428 sffdisk - ok
16:12:42.0358 0428 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:12:42.0358 0428 sffp_mmc - ok
16:12:42.0373 0428 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:12:42.0373 0428 sffp_sd - ok
16:12:42.0420 0428 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:12:42.0420 0428 sfloppy - ok
16:12:42.0514 0428 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:12:42.0529 0428 SharedAccess - ok
16:12:42.0592 0428 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:12:42.0607 0428 ShellHWDetection - ok
16:12:42.0638 0428 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:12:42.0638 0428 sisagp - ok
16:12:42.0685 0428 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:12:42.0685 0428 SiSRaid2 - ok
16:12:42.0716 0428 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:12:42.0716 0428 SiSRaid4 - ok
16:12:42.0748 0428 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:12:42.0748 0428 Smb - ok
16:12:42.0794 0428 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:12:42.0810 0428 SNMPTRAP - ok
16:12:42.0841 0428 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:12:42.0841 0428 spldr - ok
16:12:42.0888 0428 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:12:42.0888 0428 Spooler - ok
16:12:43.0028 0428 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:12:43.0091 0428 sppsvc - ok
16:12:43.0122 0428 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:12:43.0138 0428 sppuinotify - ok
16:12:43.0184 0428 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:12:43.0184 0428 srv - ok
16:12:43.0216 0428 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:12:43.0216 0428 srv2 - ok
16:12:43.0262 0428 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
16:12:43.0262 0428 SrvHsfHDA - ok
16:12:43.0309 0428 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
16:12:43.0340 0428 SrvHsfV92 - ok
16:12:43.0387 0428 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
16:12:43.0403 0428 SrvHsfWinac - ok
16:12:43.0450 0428 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:12:43.0450 0428 srvnet - ok
16:12:43.0496 0428 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:12:43.0512 0428 SSDPSRV - ok
16:12:43.0528 0428 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:12:43.0543 0428 SstpSvc - ok
16:12:43.0590 0428 [ F076FFE8AF8398FDF2028F6EAC5F1778 ] STacSV C:\Program Files\IDT\WDM\STacSV.exe
16:12:43.0606 0428 STacSV - ok
16:12:43.0637 0428 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:12:43.0652 0428 stexstor - ok
16:12:43.0684 0428 [ F71736DC79731C98698B93326E01A6BD ] STHDA C:\Windows\system32\DRIVERS\stwrt.sys
16:12:43.0699 0428 STHDA - ok
16:12:43.0762 0428 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:12:43.0793 0428 StiSvc - ok
16:12:43.0840 0428 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:12:43.0840 0428 swenum - ok
16:12:43.0886 0428 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:12:43.0902 0428 swprv - ok
16:12:43.0964 0428 [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:12:43.0980 0428 SynTP - ok
16:12:44.0058 0428 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:12:44.0105 0428 SysMain - ok
16:12:44.0136 0428 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:12:44.0152 0428 TabletInputService - ok
16:12:44.0198 0428 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:12:44.0214 0428 TapiSrv - ok
16:12:44.0245 0428 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:12:44.0245 0428 TBS - ok
16:12:44.0323 0428 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:12:44.0370 0428 Tcpip - ok
16:12:44.0432 0428 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:12:44.0448 0428 TCPIP6 - ok
16:12:44.0479 0428 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:12:44.0479 0428 tcpipreg - ok
16:12:44.0557 0428 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:12:44.0557 0428 TDPIPE - ok
16:12:44.0620 0428 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:12:44.0620 0428 TDTCP - ok
16:12:44.0666 0428 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:12:44.0666 0428 tdx - ok
16:12:44.0713 0428 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:12:44.0713 0428 TermDD - ok
16:12:44.0776 0428 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:12:44.0807 0428 TermService - ok
16:12:44.0854 0428 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:12:44.0869 0428 Themes - ok
16:12:44.0885 0428 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:12:44.0885 0428 THREADORDER - ok
16:12:44.0932 0428 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:12:44.0932 0428 TrkWks - ok
16:12:44.0994 0428 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:12:45.0010 0428 TrustedInstaller - ok
16:12:45.0041 0428 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:12:45.0041 0428 tssecsrv - ok
16:12:45.0103 0428 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:12:45.0103 0428 TsUsbFlt - ok
16:12:45.0166 0428 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:12:45.0166 0428 tunnel - ok
16:12:45.0197 0428 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:12:45.0212 0428 uagp35 - ok
16:12:45.0259 0428 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:12:45.0259 0428 udfs - ok
16:12:45.0322 0428 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:12:45.0322 0428 UI0Detect - ok
16:12:45.0384 0428 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:12:45.0384 0428 uliagpkx - ok
16:12:45.0415 0428 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:12:45.0431 0428 umbus - ok
16:12:45.0462 0428 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:12:45.0462 0428 UmPass - ok
16:12:45.0524 0428 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:12:45.0524 0428 upnphost - ok
16:12:45.0571 0428 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
16:12:45.0571 0428 usbaudio - ok
16:12:45.0618 0428 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:12:45.0618 0428 usbccgp - ok
16:12:45.0665 0428 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:12:45.0665 0428 usbcir - ok
16:12:45.0727 0428 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:12:45.0727 0428 usbehci - ok
16:12:45.0790 0428 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:12:45.0790 0428 usbhub - ok
16:12:45.0836 0428 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:12:45.0852 0428 usbohci - ok
16:12:45.0883 0428 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:12:45.0883 0428 usbprint - ok
16:12:45.0930 0428 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:12:45.0946 0428 USBSTOR - ok
16:12:45.0977 0428 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:12:45.0977 0428 usbuhci - ok
16:12:46.0039 0428 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:12:46.0039 0428 usbvideo - ok
16:12:46.0070 0428 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:12:46.0086 0428 UxSms - ok
16:12:46.0117 0428 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:12:46.0117 0428 VaultSvc - ok
16:12:46.0164 0428 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:12:46.0164 0428 vdrvroot - ok
16:12:46.0226 0428 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:12:46.0258 0428 vds - ok
16:12:46.0289 0428 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:12:46.0289 0428 vga - ok
16:12:46.0320 0428 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:12:46.0320 0428 VgaSave - ok
16:12:46.0367 0428 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:12:46.0367 0428 vhdmp - ok
16:12:46.0414 0428 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:12:46.0414 0428 viaagp - ok
16:12:46.0445 0428 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:12:46.0445 0428 ViaC7 - ok
16:12:46.0476 0428 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:12:46.0476 0428 viaide - ok
16:12:46.0507 0428 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:12:46.0507 0428 volmgr - ok
16:12:46.0554 0428 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:12:46.0554 0428 volmgrx - ok
16:12:46.0585 0428 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:12:46.0601 0428 volsnap - ok
16:12:46.0663 0428 [ 24334B105BDE93D82495358B219F7B76 ] Vsdatant C:\Windows\system32\DRIVERS\vsdatant.sys
16:12:46.0663 0428 Vsdatant - ok
16:12:46.0694 0428 vsmon - ok
16:12:46.0741 0428 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:12:46.0741 0428 vsmraid - ok
16:12:46.0819 0428 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:12:46.0913 0428 VSS - ok
16:12:46.0960 0428 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:12:46.0960 0428 vwifibus - ok
16:12:47.0006 0428 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:12:47.0006 0428 vwififlt - ok
16:12:47.0053 0428 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:12:47.0053 0428 vwifimp - ok
16:12:47.0116 0428 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:12:47.0131 0428 W32Time - ok
16:12:47.0162 0428 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:12:47.0162 0428 WacomPen - ok
16:12:47.0225 0428 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:12:47.0225 0428 WANARP - ok
16:12:47.0240 0428 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:12:47.0240 0428 Wanarpv6 - ok
16:12:47.0365 0428 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:12:47.0428 0428 wbengine - ok
16:12:47.0474 0428 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:12:47.0490 0428 WbioSrvc - ok
16:12:47.0537 0428 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:12:47.0552 0428 wcncsvc - ok
16:12:47.0584 0428 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:12:47.0599 0428 WcsPlugInService - ok
16:12:47.0615 0428 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:12:47.0615 0428 Wd - ok
16:12:47.0677 0428 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:12:47.0708 0428 Wdf01000 - ok
16:12:47.0740 0428 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:12:47.0755 0428 WdiServiceHost - ok
16:12:47.0755 0428 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:12:47.0771 0428 WdiSystemHost - ok
16:12:47.0833 0428 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:12:47.0849 0428 WebClient - ok
16:12:47.0896 0428 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:12:47.0911 0428 Wecsvc - ok
16:12:47.0942 0428 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:12:47.0942 0428 wercplsupport - ok
16:12:47.0974 0428 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:12:47.0989 0428 WerSvc - ok
16:12:48.0052 0428 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:12:48.0052 0428 WfpLwf - ok
16:12:48.0083 0428 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:12:48.0083 0428 WIMMount - ok
16:12:48.0161 0428 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:12:48.0192 0428 WinDefend - ok
16:12:48.0223 0428 WinHttpAutoProxySvc - ok
16:12:48.0286 0428 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:12:48.0286 0428 Winmgmt - ok
16:12:48.0364 0428 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:12:48.0410 0428 WinRM - ok
16:12:48.0504 0428 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:12:48.0535 0428 Wlansvc - ok
16:12:48.0582 0428 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:12:48.0582 0428 WmiAcpi - ok
16:12:48.0629 0428 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:12:48.0629 0428 wmiApSrv - ok
16:12:48.0738 0428 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:12:48.0785 0428 WMPNetworkSvc - ok
16:12:48.0863 0428 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:12:48.0863 0428 WPCSvc - ok
16:12:48.0941 0428 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:12:48.0941 0428 WPDBusEnum - ok
16:12:49.0003 0428 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:12:49.0003 0428 ws2ifsl - ok
16:12:49.0034 0428 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll
16:12:49.0034 0428 wscsvc - ok
16:12:49.0050 0428 WSearch - ok
16:12:49.0159 0428 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:12:49.0237 0428 wuauserv - ok
16:12:49.0284 0428 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:12:49.0284 0428 WudfPf - ok
16:12:49.0331 0428 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:12:49.0331 0428 WUDFRd - ok
16:12:49.0362 0428 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:12:49.0378 0428 wudfsvc - ok
16:12:49.0424 0428 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:12:49.0440 0428 WwanSvc - ok
16:12:49.0487 0428 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:12:49.0502 0428 yukonw7 - ok
16:12:49.0518 0428 ================ Scan global ===============================
16:12:49.0580 0428 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:12:49.0612 0428 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
16:12:49.0643 0428 [ 48CB4FDBCAAEAC7BCE2F5941545FF071 ] C:\Windows\system32\winsrv.dll
16:12:49.0674 0428 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:12:49.0705 0428 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:12:49.0721 0428 [Global] - ok
16:12:49.0721 0428 ================ Scan MBR ==================================
16:12:49.0721 0428 [ 52391A5C84C1E1F74C8C0AF6EF91A651 ] \Device\Harddisk0\DR0
16:12:50.0002 0428 \Device\Harddisk0\DR0 - ok
16:12:50.0017 0428 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
16:12:50.0033 0428 \Device\Harddisk1\DR1 - ok
16:12:50.0033 0428 [ F57E16A8A4B1F5F566BC75DF5EE339A0 ] \Device\Harddisk2\DR2
16:12:56.0678 0428 \Device\Harddisk2\DR2 - ok
16:12:56.0678 0428 ================ Scan VBR ==================================
16:12:56.0694 0428 [ 739A4D7DE56859E205C8909E5FFB1E74 ] \Device\Harddisk0\DR0\Partition1
16:12:56.0694 0428 \Device\Harddisk0\DR0\Partition1 - ok
16:12:56.0772 0428 [ 7CC3131AD51A134003A5CE4993FAFB4F ] \Device\Harddisk0\DR0\Partition2
16:12:56.0772 0428 \Device\Harddisk0\DR0\Partition2 - ok
16:12:56.0803 0428 [ 4883B7CBDCA7C9504D1D986CFE8B191B ] \Device\Harddisk0\DR0\Partition3
16:12:56.0819 0428 \Device\Harddisk0\DR0\Partition3 - ok
16:12:56.0834 0428 [ D878FC48779F86CA549B28CC2758220C ] \Device\Harddisk0\DR0\Partition4
16:12:56.0834 0428 \Device\Harddisk0\DR0\Partition4 - ok
16:12:56.0850 0428 [ 99AE935DE3337C12C1338A353840ED95 ] \Device\Harddisk1\DR1\Partition1
16:12:56.0850 0428 \Device\Harddisk1\DR1\Partition1 - ok
16:12:56.0850 0428 ============================================================
16:12:56.0850 0428 Scan finished
16:12:56.0850 0428 ============================================================
16:12:56.0959 3132 Detected object count: 0
16:12:56.0959 3132 Actual detected object count: 0
16:13:01.0000 0956 Deinitialize success

I will forward the others tomorrow afternoon, as I need to leave for the evening now.
Thanks for your help! Craig

#4 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 28 November 2012 - 01:55 PM

Hi Craig!

As soon as I see the rest of the logs I'll be able to come up with a proper fix for you to perform.

Do you happen to have access to a USB drive that we could utilize if needed?

I look forward to your reply with the rest of those log files as well as an answer to the question above. :)

-ST

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#5 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 28 November 2012 - 10:56 PM

Hi ST,

I do have a brand new 16 GB thumb drive just waiting to be used. Let me know what you need from me with it.

On a side note, I just upgraded my Zonealarm to the all-new 10.2.081.000. What A Mess! Took a program that worked well (and easily) and made it a nightmare! Can you suggest an alternative that's free, easy to use and effective?

I'm running some programs again to get you fresh logs. It seems that the beta version of MalwareBytes Anti-Rootkit I'm using will not alow me to see or save a log. So, this one will be MalwareBytes Anti-Malware (full scan):


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.28.10

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
mstcraig :: MSTCRAIG-HP [administrator]

11/28/2012 8:46:26 PM
mbam-log-2012-11-28 (20-46-26).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 277647
Time elapsed: 2 hour(s), 5 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


More to come tomorrow. Craig

#6 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 November 2012 - 05:07 PM

Good afternoon ST,

I have another log for you. Before I do any more, is or are there logs from the specific programs I have run that you need to see first? I figured on asking this now as it will save us both time and trouble going forward. Let me know.

This log is from Spybot and was run today. I will send it in two parts as the message board is telling me this post is too long:

PART 1

--- Search result list ---
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2011-01-10 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2012-11-20 Includes\Adware.sbi (*)
2012-11-28 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-11-28 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-28 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2012-11-19 Includes\Tracks.uti
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-28 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---
Unknown Windows version 6.1 (Build: 7601) Service Pack 1 (6.1.7601)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

--- Startup entries list ---
Located: HK_LM:Run, ISW
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), HP Digital Imaging Monitor (DISABLED)
command: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
file: C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe
size: 270336
MD5: B54921381A950C8215FB363B485C432B

Located: Startup (disabled), HP Media Suite (DISABLED)
command: C:\PROGRA~1\HEWLET~1\HPMEDI~1\Home\ArcStart.exe
file: C:\PROGRA~1\HEWLET~1\HPMEDI~1\Home\ArcStart.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: Startup (disabled), WhiteSmoke 2011 (DISABLED)
command: C:\Users\mstcraig\AppData\Local\Temp\FH\1.exe /S 4
file: C:\Users\mstcraig\AppData\Local\Temp\FH\1.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, igfxcui
command: igfxdev.dll
file: igfxdev.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

--- Browser helper object list ---
{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} (Browser Guard BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Browser Guard BHO
CLSID name: PC Tools Browser Guard BHO
Path: C:\Program Files\PC Tools\PC Tools Security\BDT\
Long name: PCTBrowserDefender.dll
Short name: PCTBRO~1.DLL
Date (created): 11/24/2012 10:44:16 PM
Date (last access): 11/24/2012 10:44:16 PM
Date (last write): 10/23/2012 5:40:26 PM
Filesize: 1137784
Attributes: archive
MD5: F436B7F2D66A5D7E8AC8846A4146E4DE
CRC32: ADBF4ABE
Version: 4.0.0.1884

{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} (Search Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: Search Helper
CLSID name: Search Helper
Path: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\
Long name: SearchHelper.dll
Short name: SEARCH~1.DLL
Date (created): 1/14/2009 7:49:24 PM
Date (last access): 7/27/2010 2:39:58 AM
Date (last write): 1/14/2009 7:49:24 PM
Filesize: 92504
Attributes: archive
MD5: C5700CD3293E88BE85C73ECCCE772E9E
CRC32: 4005D5F1
Version: 1.2.118.0

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java™ Plug-In SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In SSV Helper
Path: C:\Program Files\Java\jre7\bin\
Long name: ssv.dll
Short name:
Date (created): 11/26/2012 5:51:30 PM
Date (last access): 11/26/2012 5:51:30 PM
Date (last write): 11/26/2012 5:51:30 PM
Filesize: 449512
Attributes: archive
MD5: A7A6954E500715117B64B414AB81CB44
CRC32: EE09721D
Version: 10.9.2.5

{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} (ZoneAlarm Security Engine Registrar)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: ZoneAlarm Security Engine Registrar
CLSID name: ZoneAlarm Security Engine Registrar
Path: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\
Long name: TrustCheckerIEPlugin.dll
Short name: TRUSTC~1.DLL
Date (created): 8/30/2012 6:04:38 AM
Date (last access): 11/27/2012 9:24:20 PM
Date (last write): 8/30/2012 6:04:38 AM
Filesize: 603816
Attributes: archive
MD5: B9EA07ED79A7C731D22B67E939686A1E
CRC32: 6A0AD6BA
Version: 1.5.396.0

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java™ Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java™ Plug-In 2 SSV Helper
Path: C:\Program Files\Java\jre7\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 11/26/2012 5:51:30 PM
Date (last access): 11/26/2012 5:51:30 PM
Date (last write): 11/26/2012 5:51:30 PM
Filesize: 155384
Attributes: archive
MD5: EB47E405A9222CA595E5E763B4156529
CRC32: 712D0563
Version: 10.9.2.5

{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} (Windows Live Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Toolbar Helper

--- ActiveX list ---
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~1\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 11/24/2012 4:58:08 PM
Date (last access): 11/24/2012 4:58:08 PM
Date (last write): 9/30/2011 9:28:08 AM
Filesize: 3405744
Attributes: archive
MD5: 751EE920D6811584E5B1F0B153A5A4E2
CRC32: E2EE1C02
Version: 1.0.0.6583

--- Process list ---
PID: 1704 ( 600) C:\Windows\system32\taskhost.exe
size: 49152
MD5: 7FA8BA5A780E4757964AC9D4238302B9
PID: 1804 ( 992) C:\Windows\system32\Dwm.exe
size: 92672
MD5: 505BF4D1CADEB8D4F8BCD08D944DE25D
PID: 1848 (1784) C:\Windows\Explorer.EXE
size: 2616320
MD5: 8B88EBBB05A0E56B7DCC708498C02B3E
PID: 3752 (1848) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 0 ( 0) [System Process]
PID: 4 ( 0) System
PID: 364 ( 4) smss.exe
size: 69632
PID: 480 ( 460) csrss.exe
size: 6144
PID: 528 ( 460) wininit.exe
size: 96256
PID: 548 ( 536) csrss.exe
size: 6144
PID: 600 ( 528) services.exe
size: 259072
PID: 624 ( 536) winlogon.exe
size: 286720
PID: 656 ( 528) lsass.exe
size: 22528
PID: 664 ( 528) lsm.exe
size: 267776
PID: 760 ( 600) svchost.exe
size: 20992
PID: 840 ( 600) svchost.exe
size: 20992
PID: 904 ( 600) svchost.exe
size: 20992
PID: 992 ( 600) svchost.exe
size: 20992
PID: 1032 ( 600) svchost.exe
size: 20992
PID: 1148 ( 600) svchost.exe
size: 20992
PID: 1180 ( 600) svchost.exe
size: 20992
PID: 1304 ( 600) svchost.exe
size: 20992
PID: 1400 ( 600) ISWSVC.exe
PID: 1408 ( 992) wlanext.exe
size: 77312
PID: 1416 ( 480) conhost.exe
size: 271360
PID: 1596 ( 600) spoolsv.exe
size: 317440
PID: 1640 (1032) taskeng.exe
size: 192000
PID: 1696 ( 600) svchost.exe
size: 20992
PID: 1816 (1640) rundll32.exe
size: 44544
PID: 484 ( 600) svchost.exe
size: 20992
PID: 2352 ( 600) svchost.exe
size: 20992
PID: 2472 ( 992) WUDFHost.exe
size: 196608
PID: 2724 ( 600) SearchIndexer.exe
size: 427520
PID: 2812 ( 600) wmpnetwk.exe
PID: 2952 ( 600) svchost.exe
size: 20992
PID: 3488 (2848) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
size: 3179520
MD5: E66CFDCDDA00C6048A65EE95352A01BB
PID: 452 (1848) C:\Program Files\Mozilla Firefox\firefox.exe
size: 916960
MD5: EFB14D8390F55F680B76B9D84AE30CA2
PID: 2900 ( 452) C:\Program Files\Mozilla Firefox\plugin-container.exe
size: 16864
MD5: 78DADD6EE9FB1225991902F45BD1A984
PID: 2848 (2900) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
size: 1807800
MD5: E66CFDCDDA00C6048A65EE95352A01BB
PID: 3408 (1848) C:\Program Files\OpenOffice.org 3\program\swriter.exe
size: 103936
MD5: 43C8B44E46E6A986A41EDF7446FD6C4B
PID: 4084 (3408) C:\Program Files\OpenOffice.org 3\program\soffice.exe
size: 10376704
MD5: 55AC20F82DA311D68A07CE2810F0827E
PID: 3660 (4084) C:\Program Files\OpenOffice.org 3\program\soffice.bin
size: 10368512
MD5: F773A0D9168597DC18F0F10470EBE632
PID: 2416 ( 600) svchost.exe
size: 20992

--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 11/29/2012 2:05:56 PM

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://g.msn.com/HPNOT/1
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip [*]

Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider

Protocol 10: MSAFD NetBIOS [\Device\NetBT_Tcpip_{72DBC75E-B7B6-42A2-8110-83262557103F}] SEQPACKET 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 11: MSAFD NetBIOS [\Device\NetBT_Tcpip_{72DBC75E-B7B6-42A2-8110-83262557103F}] DATAGRAM 9
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 12: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D86F7B7C-C35A-4C97-8256-698CE2D85693}] SEQPACKET 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 13: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D86F7B7C-C35A-4C97-8256-698CE2D85693}] DATAGRAM 4
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 14: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B3434BE-A898-487D-BE99-F86FD7093B77}] SEQPACKET 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 15: MSAFD NetBIOS [\Device\NetBT_Tcpip_{8B3434BE-A898-487D-BE99-F86FD7093B77}] DATAGRAM 0
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6544C2FF-1FC4-497C-A6BF-1C8313287F94}] SEQPACKET 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{6544C2FF-1FC4-497C-A6BF-1C8313287F94}] DATAGRAM 8
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{981BEEBE-39AC-4864-92DE-91367DD144DA}] SEQPACKET 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{981BEEBE-39AC-4864-92DE-91367DD144DA}] DATAGRAM 7
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F5C21F8D-A194-4B98-A211-71220E99B143}] SEQPACKET 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{F5C21F8D-A194-4B98-A211-71220E99B143}] DATAGRAM 6
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 22: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3DBB8FA0-5183-4B44-A541-F2131FAD9F7E}] SEQPACKET 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 23: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{3DBB8FA0-5183-4B44-A541-F2131FAD9F7E}] DATAGRAM 1
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 24: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72DBC75E-B7B6-42A2-8110-83262557103F}] SEQPACKET 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 25: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{72DBC75E-B7B6-42A2-8110-83262557103F}] DATAGRAM 10
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 26: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D86F7B7C-C35A-4C97-8256-698CE2D85693}] SEQPACKET 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 27: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{D86F7B7C-C35A-4C97-8256-698CE2D85693}] DATAGRAM 5
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 28: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A3978F0D-FB66-4D8A-BF62-C10A7A54031A}] SEQPACKET 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 29: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{A3978F0D-FB66-4D8A-BF62-C10A7A54031A}] DATAGRAM 3
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 30: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8B3434BE-A898-487D-BE99-F86FD7093B77}] SEQPACKET 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Protocol 31: MSAFD NetBIOS [\Device\NetBT_Tcpip6_{8B3434BE-A898-487D-BE99-F86FD7093B77}] DATAGRAM 2
GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP NetBios protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD NetBIOS *

Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace

Namespace Provider 1: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:

Namespace Provider 2: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 3: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:

Namespace Provider 4: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP

Namespace Provider 5: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS

--- System Services ---
Service (registry key): .NET CLR Data
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET CLR Networking
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for Oracle
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NET Data Provider for SqlServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): .NETFramework
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): 1394ohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller
Image path: \SystemRoot\system32\drivers\1394ohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ACPI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Driver
Image path: system32\drivers\ACPI.sys
Image size: 274304
Image MD5: CEA80C80BED809AA0DA6FEBC04733349
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AcpiPmi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ACPI Power Meter Driver
Image path: \SystemRoot\system32\drivers\acpipmi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adp94xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adp94xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpahci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adpu320
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\adpu320.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): adsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): AeLookupSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\aelupsvc.dll,-1
Description: @%SystemRoot%\system32\aelupsvc.dll,-2
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): AESTFilters
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Andrea ST Filters Service
Object name: LocalSystem
Image path: C:\Program Files\IDT\WDM\aestsrv.exe
Image size: 81920
Image MD5: 827DBC22C96EECF6D36A13162FABAFD3
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): AFD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\afd.sys,-1000
Description: @%systemroot%\system32\drivers\afd.sys,-1000
Image path: \SystemRoot\system32\drivers\afd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): agp440
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AGP Bus Filter
Image path: \SystemRoot\system32\drivers\agp440.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): aic78xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\djsvs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ALG
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Alg.exe,-112
Description: @%SystemRoot%\system32\Alg.exe,-113
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\alg.exe
Image size: 59392
Image MD5: 18A54E132947CD98FEA9ACCC57F98F13
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): aliide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\aliide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): amdagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD AGP Bus Filter Driver
Image path: \SystemRoot\system32\drivers\amdagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): AmdK8
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD K8 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdk8.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AmdPPM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: AMD Processor Driver
Image path: \SystemRoot\system32\DRIVERS\amdppm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\amdsata.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdsbs
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\amdsbs.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): amdxata
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\amdxata.sys
Image size: 22400
Image MD5: 46387FB17B086D16DEA267D5BE23A2F2
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): AppID
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-102
Description: @%systemroot%\system32\appidsvc.dll,-103
Image path: \SystemRoot\system32\drivers\appid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: FltMgr,DisCache

Service (registry key): AppIDSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appidsvc.dll,-100
Description: @%systemroot%\system32\appidsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,AppID,CryptSvc

Service (registry key): Appinfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\appinfo.dll,-100
Description: @%systemroot%\system32\appinfo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,ProfSvc

Service (registry key): AppMgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): arc
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): arcsas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\arcsas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): AsyncMac
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32000
Description: @%systemroot%\system32\rascfg.dll,-32000
Image path: system32\DRIVERS\asyncmac.sys
Image size: 17920
Image MD5: ADD2ADE1C2B285AB8378D2DAAF991481
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): atapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IDE Channel
Image path: system32\drivers\atapi.sys
Image size: 21584
Image MD5: 338C86357871C167A96AB976519BF59E
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): AudioEndpointBuilder
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-204
Description: @%SystemRoot%\System32\audiosrv.dll,-205
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): Audiosrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\audiosrv.dll,-200
Description: @%SystemRoot%\System32\audiosrv.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: AudioEndpointBuilder,RpcSs,MMCSS

Service (registry key): AxInstSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\AxInstSV.dll,-103
Description: @%SystemRoot%\system32\AxInstSV.dll,-104
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k AxInstSVGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): b06bdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II VBD
Image path: \SystemRoot\system32\DRIVERS\bxvbdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): b57nd60x
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0
Image path: system32\DRIVERS\b57nd60x.sys
Image size: 229888
Image MD5: BD8869EB9CDE6BBE4508D869929869EE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BattC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BCM43XX
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom 802.11 Network Adapter Driver
Image path: system32\DRIVERS\bcmwl6.sys
Image size: 2712640
Image MD5: 9C3B534854F0152ED4711D936A2192EB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BDESVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bdesvc.dll,-100
Description: @%SystemRoot%\system32\bdesvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Beep
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Beep
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): BFE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bfe.dll,-1001
Description: @%SystemRoot%\system32\bfe.dll,-1002
Object name: NT AUTHORITY\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): BHDrvx86
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): BITS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qmgr.dll,-1000
Description: @%SystemRoot%\system32\qmgr.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,EventSystem

Service (registry key): blbdrive
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\blbdrive.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): bowser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-102
Description: @%systemroot%\system32\browser.dll,-103
Image path: system32\DRIVERS\bowser.sys
Image size: 69632
Image MD5: 8F2DA3028D5FCBD1A060A3DE64CD6506
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): BrFiltLo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Lower Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltLo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrFiltUp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother USB Mass-Storage Upper Filter Driver
Image path: \SystemRoot\system32\DRIVERS\BrFiltUp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BridgeMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\bridgeres.dll,-1
Image path: system32\DRIVERS\bridge.sys
Image size: 78336
Image MD5: 77361D72A04F18809D0EFB6CCEB74D4B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Browser
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\browser.dll,-100
Description: @%systemroot%\system32\browser.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation,LanmanServer

Service (registry key): Browser Defender Update Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Browser Defender Update Service
Object name: LocalSystem
Image path: "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe"
Image size: 580728
Image MD5: 52C724DAC8ADDC50F593E331A9863979
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 0
Depends On services: RPCSS

Service (registry key): Brserid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC Serial Port Interface Driver (WDM)
Image path: \SystemRoot\System32\Drivers\Brserid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrSerWdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother WDM Serial driver
Image path: \SystemRoot\System32\Drivers\BrSerWdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbMdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Fax Only Modem
Image path: \SystemRoot\System32\Drivers\BrUsbMdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BrUsbSer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Brother MFC USB Serial WDM Driver
Image path: \SystemRoot\System32\Drivers\BrUsbSer.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHMODEM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Bluetooth Serial Communications Driver
Image path: \SystemRoot\system32\DRIVERS\bthmodem.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): BTHPORT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): bthserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\bthserv.dll,-101
Description: @%SystemRoot%\System32\bthserv.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k bthsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): cdfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD/DVD File System Reader
Description: ISO9660/Joliet File System Reader for CD/DVDs. (Core) (All pieces)
Image path: system32\DRIVERS\cdfs.sys
Image size: 70656
Image MD5: 77EA11B065E0A8AB902D78145CA51E10
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1
Depends On group: "SCSI CDROM Class"

Service (registry key): cdrom
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: CD-ROM Driver
Image path: system32\DRIVERS\cdrom.sys
Image size: 108544
Image MD5: BE167ED0FDB9C1FA1133953C18D5A6C9
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): CertPropSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-11
Description: @%SystemRoot%\System32\certprop.dll,-12
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): circlass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Consumer IR Devices
Image path: \SystemRoot\system32\DRIVERS\circlass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): CLFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\clfs.sys,-100
Description: @%SystemRoot%\system32\clfs.sys,-101
Image path: System32\CLFS.sys
Image size: 249408
Image MD5: 635181E0E9BBF16871BF5380D71DB02D
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): clr_optimization_v2.0.50727_32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft .NET Framework NGEN v2.0.50727_X86
Description: Microsoft .NET Framework NGEN
Object name: LocalSystem
Image path: %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
Image size: 66384
Image MD5: D88040F816FDA31C3B466F0FA0918F29
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 0

Service (registry key): CmBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft ACPI Control Method Battery Driver
Image path: \SystemRoot\system32\DRIVERS\CmBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): cmdide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\cmdide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): CNG
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\cng.sys
Image size: 369856
Image MD5: 42F158036BD4C2FF3122BF142E60E6FD
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Compbatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Composite Battery Driver
Image path: system32\DRIVERS\compbatt.sys
Image size: 19024
Image MD5: A6023D3823C37043986713F118A89BEE
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): CompositeBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Composite Bus Enumerator Driver
Image path: \SystemRoot\system32\drivers\CompositeBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): COMSysApp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-947
Description: @comres.dll,-948
Object name: LocalSystem
Image path: %SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Image size: 7168
Image MD5: A63DC5C2EA944E6657203E0C8EDEAF61
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,EventSystem,SENS

Service (registry key): crcdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Crcdisk Filter Driver
Image path: \SystemRoot\system32\DRIVERS\crcdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 4
Type: 1
Error Control: 1

Service (registry key): crypt32
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): CryptSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\cryptsvc.dll,-1001
Description: @%SystemRoot%\system32\cryptsvc.dll,-1002
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): DCLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): DcomLaunch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5012
Description: @oleres.dll,-5013
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): defragsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Defragmenter
Description: @%SystemRoot%\system32\defragsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k defragsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): DfsC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\dfsc.sys,-101
Description: @%systemroot%\system32\drivers\dfsc.sys,-102
Image path: System32\Drivers\dfsc.sys
Image size: 78336
Image MD5: F024449C97EC1E464AAFFDA18593DB88
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): Dhcp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dhcpcore.dll,-100
Description: @%SystemRoot%\system32\dhcpcore.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,Tdx,Afd

Service (registry key): discache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\discache.sys,-102
Description: @%systemroot%\system32\drivers\discache.sys,-101
Image path: System32\drivers\discache.sys
Image size: 32256
Image MD5: 1A050B0274BFB3890703D490F330C0DA
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): Disk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Disk Driver
Image path: system32\DRIVERS\disk.sys
Image size: 57424
Image MD5: 565003F326F99802E68CA78F2A68E9FF
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Dnscache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\dnsapi.dll,-101
Description: @%SystemRoot%\System32\dnsapi.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Tdx,nsi

Service (registry key): dot3svc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dot3svc.dll,-1102
Description: @%systemroot%\system32\dot3svc.dll,-1103
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,Ndisuio,Eaphost

Service (registry key): DPS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\dps.dll,-500
Description: @%systemroot%\system32\dps.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): drmkaud
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Trusted Audio Drivers
Image path: system32\drivers\drmkaud.sys
Image size: 5120
Image MD5: B918E7C5F9BF77202F89E1A9539F2EB4
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): DVMIO
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: DeviceVM IO Service
Image path: system32\DRIVERS\dvmio.sys
Image size: 18136
Image MD5: FF7A7A1E0F9A0AB892A454FFB9D14BBE
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): DXGKrnl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: LDDM Graphics Subsystem
Description: Controls the underlying video driver stacks to provide fully-featured display capabilities.
Image path: \SystemRoot\System32\drivers\dxgkrnl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): EapHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\eapsvc.dll,-1
Description: @%systemroot%\system32\eapsvc.dll,-2
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,KeyIso

Service (registry key): ebdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Broadcom NetXtreme II 10 GigE VBD
Image path: \SystemRoot\system32\DRIVERS\evbdx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): EFS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\efssvc.dll,-100
Description: @%SystemRoot%\system32\efssvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): elxstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\elxstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ErrDev
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Hardware Error Device Driver
Image path: \SystemRoot\system32\drivers\errdev.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ESENT
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): eventlog
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wevtsvc.dll,-200
Description: @%SystemRoot%\system32\wevtsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): EventSystem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2450
Description: @comres.dll,-2451
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): exfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: exFAT File System Driver
Description: exFAT File System Driver
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): fastfat
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: FAT12/16/32 File System Driver
Description: Note - dependance on CDROM.SYS only if required to read/write DVD-RAM media (which appears as CD class device). (Core) (All pieces)
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): Fax
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fxsresm.dll,-118
Description: @%systemroot%\system32\fxsresm.dll,-122
Object name: NT AUTHORITY\NetworkService
Image path: %systemroot%\system32\fxssvc.exe
Image size: 523264
Image MD5: 967EA5B213E9984CBE270205DF37755B
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: TapiSrv,RpcSs,PlugPlay,Spooler

Service (registry key): fdc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Controller Driver
Image path: \SystemRoot\system32\DRIVERS\fdc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): fdPHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdPHost.dll,-100
Description: @%systemroot%\system32\fdPHost.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FDResPub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\fdrespub.dll,-100
Description: @%systemroot%\system32\fdrespub.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,http

Service (registry key): FileInfo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fileinfo.sys,-100
Description: @%SystemRoot%\system32\drivers\fileinfo.sys,-101
Image path: system32\drivers\fileinfo.sys
Image size: 58448
Image MD5: 6CF00369C97F3CF563BE99BE983D13D8
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: fltmgr

Service (registry key): Filetrace
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\filetrace.sys,-10001
Description: @%SystemRoot%\system32\drivers\filetrace.sys,-10000
Image path: system32\drivers\filetrace.sys
Image size: 28160
Image MD5: 42C51DC94C91DA21CB9196EB64C45DB9
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): flpydisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Floppy Disk Driver
Image path: \SystemRoot\system32\DRIVERS\flpydisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): FltMgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fltmgr.sys,-10001
Description: @%SystemRoot%\system32\drivers\fltmgr.sys,-10000
Image path: system32\drivers\fltmgr.sys
Image size: 198208
Image MD5: 7520EC808E0C35E0EE6F841294316653
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 3

Service (registry key): FontCache
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\FntCache.dll,-100
Description: @%systemroot%\system32\FntCache.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): FontCache3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\PresentationHost.exe,-3309
Description: @%SystemRoot%\system32\PresentationHost.exe,-3310
Object name: NT Authority\LocalService
Image path: %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
Image size: 42856
Image MD5: E56F39F6B7FDA0AC77A79B0FD3DE1A2F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): FsDepends
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fsdepends.sys,-10001
Description: @%SystemRoot%\system32\drivers\fsdepends.sys,-10000
Image path: System32\drivers\FsDepends.sys
Image size: 46160
Image MD5: 1A16B57943853E598CFF37FE2B8CBF1D
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 3
Depends On services: fltmgr

Service (registry key): Fs_Rec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 8
Error Control: 0

Service (registry key): fvevol
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Description: @%SystemRoot%\system32\drivers\fvevol.sys,-100
Image path: System32\DRIVERS\fvevol.sys
Image size: 194800
Image MD5: 8A73E79089B282100B9393B644CB853B
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): gagp30kx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Generic AGPv3.0 Filter for K8 Processor Platforms
Image path: \SystemRoot\system32\DRIVERS\gagp30kx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): GameConsoleService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: GameConsoleService
Description: GameConsole management services
Object name: LocalSystem
Image path: "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe"
Image size: 246520
Image MD5: CE16683CFD11FE70BDE435DDA5EA1FCA
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS,EVENTLOG

Service (registry key): gpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @gpapi.dll,-112
Description: @gpapi.dll,-113
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k GPSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS,Mup

Service (registry key): gupdate
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdate)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): gupdatem
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Google Update Service (gupdatem)
Description: Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): hcw85cir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Hauppauge Consumer Infrared Receiver
Image path: \SystemRoot\system32\drivers\hcw85cir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HdAudAddService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft 1.1 UAA Function Driver for High Definition Audio Service
Image path: \SystemRoot\system32\drivers\HdAudio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HDAudBus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UAA Bus Driver for High Definition Audio
Image path: \SystemRoot\system32\drivers\HDAudBus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBatt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HID UPS Battery Driver
Image path: \SystemRoot\system32\DRIVERS\HidBatt.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HidBth
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Bluetooth HID Miniport
Image path: \SystemRoot\system32\DRIVERS\hidbth.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): HidIr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Infrared HID Driver
Image path: \SystemRoot\system32\DRIVERS\hidir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hidserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\hidserv.dll,-101
Description: @%SystemRoot%\System32\hidserv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): HidUsb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft HID Class Driver
Image path: system32\DRIVERS\hidusb.sys
Image size: 24064
Image MD5: 10C19F8290891AF023EAEC0832E1EB4D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): hkmsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\kmsvc.dll,-6
Description: @%SystemRoot%\system32\kmsvc.dll,-7
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): HomeGroupListener
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\ListSvc.dll,-100
Description: @%SystemRoot%\System32\ListSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanServer

Service (registry key): HomeGroupProvider
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\provsvc.dll,-100
Description: @%SystemRoot%\System32\provsvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: netprofm,fdrespub,fdphost

Service (registry key): HP Health Check Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Health Check Service
Description: HP Health Check Service
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): HP Wireless Assistant Service
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Wireless Assistant Service
Description: This service monitors the wireless devices in this computer and allows the HP Wireless Assistant application to turn devices on and off.
Object name: LocalSystem
Image path: "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
Image size: 103992
Image MD5: 3A09322A8AA8B0C79036686A0EBE7B4C
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: winmgmt

Service (registry key): HPDrvMntSvc.exe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Quick Synchronization Service
Object name: LocalSystem
Image path: "C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
Image size: 92216
Image MD5: 881F74074963CDAD8C475D09DC3A0BB6
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): hpqcxs08
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: hpqcxs08
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqddsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP CUE DeviceDiscovery Service
Description: This service detects and monitors CUE devices on the system.
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k hpdevmgmt
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): hpqwmiex
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: HP Software Framework Service
Object name: LocalSystem
Image path: "C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"
Image size: 665656
Image MD5: FE51B163A618B1CBF015485D21C1BC68
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): HpSAMD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\HpSAMD.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): HTTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\http.sys,-1
Description: @%SystemRoot%\system32\drivers\http.sys,-2
Image path: system32\drivers\HTTP.sys
Image size: 513536
Image MD5: 871917B07A141BFF43D76D8844D48106
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): hwpolicy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\hwpolicy.sys,-101
Description: @%systemroot%\system32\drivers\hwpolicy.sys,-102
Image path: System32\drivers\hwpolicy.sys
Image size: 14208
Image MD5: 0C4E035C7F105F1299258C90886C64C5
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): i8042prt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: i8042 Keyboard and PS/2 Mouse Port Driver
Image path: system32\DRIVERS\i8042prt.sys
Image size: 80896
Image MD5: F151F0BDC47F4A28B1B20A0818EA36D6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IAANTMON
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® Matrix Storage Event Monitor
Object name: LocalSystem
Image path: C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
Image size: 354840
Image MD5: 660BF3255A1EB18ED803FD2FBA6AE400
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: winmgmt

Service (registry key): ialm
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): iaStor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel AHCI Controller
Image path: system32\DRIVERS\iaStor.sys
Image size: 331288
Image MD5: 0BAA4115DFFFD6A6D809A89D65E1281A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): iaStorV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel RAID Controller Windows 7
Image path: \SystemRoot\system32\drivers\iaStorV.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): idsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8192
Object name: LocalSystem
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
Image size: 878416
Image MD5: C521D7EB6497BB1AF6AFA89E322FB43C
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): IDSVix86
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): igfx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\igdkmd32.sys
Image size: 4807168
Image MD5: BA41E1BBA410212CE6D30E0DAC47972B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): iirsp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\iirsp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IKEEXT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ikeext.dll,-501
Description: @%SystemRoot%\system32\ikeext.dll,-502
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: BFE

Service (registry key): IKFileSec
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): IKSysFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): inetaccs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): intelide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\intelide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): intelppm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel Processor Driver
Image path: system32\DRIVERS\intelppm.sys
Image size: 53760
Image MD5: 3B514D27BFC4ACCB4037BC6685F766E0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\IPBusEnum.dll,-102
Description: @%systemroot%\system32\IPBusEnum.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,fdPHost

Service (registry key): IpFilterDriver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32013
Description: @%systemroot%\system32\rascfg.dll,-32013
Image path: system32\DRIVERS\ipfltdrv.sys
Image size: 58880
Image MD5: 709D1761D3B19A932FF0238EA6D50200
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): iphlpsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iphlpsvc.dll,-500
Description: @%SystemRoot%\system32\iphlpsvc.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k NetSvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSS,Tdx,winmgmt,tcpip,nsi

Service (registry key): IPMIDRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\IPMIDrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): IPNAT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: IP Network Address Translator
Image path: System32\drivers\ipnat.sys
Image size: 101888
Image MD5: A5FA468D67ABCDAA36264E463A7BB0CD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): IRENUM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\irenum.sys,-100
Description: @%SystemRoot%\system32\drivers\irenum.sys,-101
Image path: system32\drivers\irenum.sys
Image size: 13824
Image MD5: 42996CFF20A3084A56017B7902307E9F
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): isapnp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\isapnp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): iScsiPrt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: iScsiPort Driver
Image path: \SystemRoot\system32\drivers\msiscsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ISWKL
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ZoneAlarm LTD Toolbar ISWKL
Image path: \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): IswSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ZoneAlarm LTD Toolbar IswSvc
Object name: LocalSystem
Image path: "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
Image size: 497320
Image MD5: 8A698B79EDF2BA40E42ADD764F43FAA7
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: ISWKL

Service (registry key): kbdclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard Class Driver
Image path: system32\DRIVERS\kbdclass.sys
Image size: 42576
Image MD5: ADEF52CA1AEAE82B50DF86B56413107E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): kbdhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Keyboard HID Driver
Image path: system32\DRIVERS\kbdhid.sys
Image size: 28160
Image MD5: 9E3CED91863E6EE98C24794D05E27A71
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): KeyIso
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @keyiso.dll,-100
Description: @keyiso.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): KSecDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecdd.sys
Image size: 67440
Image MD5: B7895B4182C0D16F6EFADEB8081E8D36
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KSecPkg
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\Drivers\ksecpkg.sys
Image size: 136560
Image MD5: 5FE1ABF1AF591A3458C9CF24ED9A4D35
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): KtmRm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2946
Description: @comres.dll,-2947
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): LanmanServer
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-100
Description: @%systemroot%\system32\srvsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: SamSS,Srv

Service (registry key): LanmanWorkstation
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-100
Description: @%systemroot%\system32\wkssvc.dll,-101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Bowser,MRxSmb10,MRxSmb20,NSI

Service (registry key): ldap
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): lltdio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Mapper I/O Driver
Image path: system32\DRIVERS\lltdio.sys
Image size: 48128
Image MD5: F7611EC07349979DA9B0AE1F18CCC7A6
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): lltdsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lltdres.dll,-1
Description: @%SystemRoot%\system32\lltdres.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,lltdio

Service (registry key): lmhosts
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\lmhsvc.dll,-101
Description: @%SystemRoot%\system32\lmhsvc.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NetBT,Afd

Service (registry key): Lsa
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): LSI_FC
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_fc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SAS
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SAS2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_sas2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): LSI_SCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\lsi_scsi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): luafv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\luafv.sys,-100
Description: @%systemroot%\system32\drivers\luafv.sys,-101
Image path: \SystemRoot\system32\drivers\luafv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 2
Error Control: 1
Depends On services: FltMgr

Service (registry key): megasas
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\megasas.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MegaSR
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\MegaSR.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Messenger
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): MMCSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-100
Description: @%systemroot%\system32\mmcss.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Modem
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\modem.sys
Image size: 31744
Image MD5: F001861E5700EE84E2D4E52C712F4964
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): monitor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Monitor Class Function Driver Service
Image path: system32\DRIVERS\monitor.sys
Image size: 23552
Image MD5: 79D10964DE86B292320E9DFE02282A23
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouclass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse Class Driver
Image path: system32\DRIVERS\mouclass.sys
Image size: 41552
Image MD5: FB18CC1D4C2E716B6B903B0AC0CC0609
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mouhid
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Mouse HID Driver
Image path: system32\DRIVERS\mouhid.sys
Image size: 26112
Image MD5: 2C388D2CD01C9042596CF3C8F3C7B24D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): mountmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mountmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\mountmgr.sys,-101
Image path: System32\drivers\mountmgr.sys
Image size: 78208
Image MD5: FC8771F45ECCCFD89684E38842539B9B
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): mpio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Bus Driver
Image path: \SystemRoot\system32\drivers\mpio.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): mpsdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23092
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23093
Image path: System32\drivers\mpsdrv.sys
Image size: 60416
Image MD5: AD2723A7B53DD1AACAE6AD8C0BFBF4D0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MpsSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\FirewallAPI.dll,-23090
Description: @%SystemRoot%\system32\FirewallAPI.dll,-23091
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: mpsdrv,bfe

Service (registry key): MRxDAV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-104
Description: @%systemroot%\system32\webclnt.dll,-105
Image path: \SystemRoot\system32\drivers\mrxdav.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1002
Description: @%systemroot%\system32\wkssvc.dll,-1003
Image path: system32\DRIVERS\mrxsmb.sys
Image size: 123904
Image MD5: 5D16C921E3671636C0EBA3BBAAC5FD25
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: rdbss

Service (registry key): mrxsmb10
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1004
Description: @%systemroot%\system32\wkssvc.dll,-1005
Image path: system32\DRIVERS\mrxsmb10.sys
Image size: 223744
Image MD5: 6D17A4791ACA19328C685D256349FEFC
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): mrxsmb20
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1006
Description: @%systemroot%\system32\wkssvc.dll,-1007
Image path: system32\DRIVERS\mrxsmb20.sys
Image size: 96768
Image MD5: B81F204D146000BE76651A50670A5E9E
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: mrxsmb

Service (registry key): msahci
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msahci.sys
Image size: 28032
Image MD5: 012C5F4E9349E711E11E0F19A8589F0A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): msdsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Multi-Path Device Specific Module
Image path: \SystemRoot\system32\drivers\msdsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSDTC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @comres.dll,-2797
Description: @comres.dll,-2798
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\msdtc.exe
Image size: 134144
Image MD5: E1BCE74A3BD9902B72599C0192A07E27
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS,SamSS

Service (registry key): MSDTC Bridge 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Msfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): mshidkmdf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-100
Description: @%SystemRoot%\system32\drivers\mshidkmdf.sys,-101
Image path: \SystemRoot\System32\drivers\mshidkmdf.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): msisadrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\drivers\msisadrv.sys
Image size: 13888
Image MD5: 0A4E5757AE09FA9622E3158CC1AEF114
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): MSiSCSI
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\iscsidsc.dll,-5000
Description: @%SystemRoot%\system32\iscsidsc.dll,-5001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): msiserver
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\msimsg.dll,-27
Description: @%SystemRoot%\system32\msimsg.dll,-32
Object name: LocalSystem
Image path: %systemroot%\system32\msiexec.exe /V
Image size: 73216
Image MD5: EEE470F2A771FC0B543BDEEF74FCECA0
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: rpcss

Service (registry key): MSKSSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Service Proxy
Image path: system32\drivers\MSKSSRV.sys
Image size: 8320
Image MD5: 8C0860D6366AAFFB6C5BB9DF9448E631
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPCLOCK
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Clock Proxy
Image path: system32\drivers\MSPCLOCK.sys
Image size: 5888
Image MD5: 3EA8B949F963562CEDBB549EAC0C11CE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSPQM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Quality Manager Proxy
Image path: system32\drivers\MSPQM.sys
Image size: 5504
Image MD5: F456E973590D663B1073E9C463B40932
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MsRPC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MSSCNTRS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): mssmbios
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft System Management BIOS Driver
Image path: \SystemRoot\system32\drivers\mssmbios.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): MSTEE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Streaming Tee/Sink-to-Sink Converter
Image path: system32\drivers\MSTEE.sys
Image size: 6144
Image MD5: B42C6B921F61A6E55159B8BE6CD54A36
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): MTConfig
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Input Configuration Driver
Image path: \SystemRoot\system32\DRIVERS\MTConfig.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Mup
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\mup.sys,-101
Description: @%systemroot%\system32\drivers\mup.sys,-102
Image path: System32\Drivers\mup.sys
Image size: 49728
Image MD5: 159FAD02F64E6381758C990F753BCC80
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1

Service (registry key): napagent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qagentrt.dll,-6
Description: @%SystemRoot%\system32\qagentrt.dll,-7
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): NativeWifiP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NativeWiFi Filter
Image path: system32\DRIVERS\nwifi.sys
Image size: 267264
Image MD5: 26384429FCD85D83746F63E798AB1480
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDIS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\ndis.sys,-200
Description: @%SystemRoot%\system32\drivers\ndis.sys,-201
Image path: system32\drivers\ndis.sys
Image size: 712048
Image MD5: 8C9C922D71F1CD4DEF73F186416B7896
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): NdisCap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Capture LightWeight Filter
Description: NDIS Capture LightWeight Filter
Image path: system32\DRIVERS\ndiscap.sys
Image size: 27136
Image MD5: 0E1787AA6C9191D3D319E8BAFE86F80C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisTapi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32001
Description: @%systemroot%\system32\rascfg.dll,-32001
Image path: system32\DRIVERS\ndistapi.sys
Image size: 20992
Image MD5: E4A8AEC125A2E43A9E32AFEEA7C9C888
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Ndisuio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS Usermode I/O Protocol
Image path: system32\DRIVERS\ndisuio.sys
Image size: 46080
Image MD5: D8A65DAFB3EB41CBB622745676FCD072
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NdisWan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32002
Description: @%systemroot%\system32\rascfg.dll,-32002
Image path: system32\DRIVERS\ndiswan.sys
Image size: 118784
Image MD5: 38FBE267E7E6983311179230FACB1017
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NDProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Nero BackItUp Scheduler 4.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Nero BackItUp Scheduler 4.0
Description: Nero BackItUp Scheduler 4.0 is responsible to control all jobs created using Nero BackItUp. These jobs can create backups of selected files/folders/partitions or complete hard disk to hard disk, network drive, disc or FTP.
Object name: LocalSystem
Image path: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
Image size: 935208
Image MD5: 7D2633295EB6FF2B938185874884059D
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): Net Driver HPZ12
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Net Driver HPZ12
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): NetBIOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NetBIOS Interface
Description: NetBIOS Interface
Image path: system32\DRIVERS\netbios.sys
Image size: 36352
Image MD5: 80B275B1CE3B0E79909DB7B39AF74D51
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): NetBT
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\netbt.sys,-2
Description: @%SystemRoot%\system32\drivers\netbt.sys,-1
Image path: System32\DRIVERS\netbt.sys
Image size: 187904
Image MD5: 280122DDCF04B378EDD1AD54D71C1E54
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx,tcpip

Service (registry key): Netlogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\netlogon.dll,-102
Description: @%SystemRoot%\System32\netlogon.dll,-103
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: LanmanWorkstation

Service (registry key): Netman
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netman.dll,-109
Description: @%SystemRoot%\system32\netman.dll,-110
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nsi

Service (registry key): netprofm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\netprofm.dll,-202
Description: @%SystemRoot%\system32\netprofm.dll,-203
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,nlasvc

Service (registry key): NetTcpPortSharing
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201
Description: @%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8200
Object name: NT AUTHORITY\LocalService
Image path: "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
Image size: 128848
Image MD5: F476EC40033CDB91EFBE73EB99B8362D
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): netw5v32
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit
Image path: system32\DRIVERS\netw5v32.sys
Image size: 4231168
Image MD5: 58218EC6B61B1169CF54AAB0D00F5FE2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): nfrd960
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\nfrd960.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): NlaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\nlasvc.dll,-1
Description: @%SystemRoot%\System32\nlasvc.dll,-2
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: NSI,RpcSs,TcpIp

Service (registry key): Npfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1

Service (registry key): nsi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\nsisvc.dll,-200
Description: @%SystemRoot%\system32\nsisvc.dll,-201
Object name: NT Authority\LocalService
Image path: %systemroot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nsiproxy

Service (registry key): nsiproxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\nsiproxy.sys,-2
Description: @%SystemRoot%\system32\drivers\nsiproxy.sys,-1
Image path: system32\drivers\nsiproxy.sys
Image size: 16896
Image MD5: E9A0A4D07E53D8FEA2BB8387A3293C58
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): NTDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Ntfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): Null
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): nvraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): nvstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\nvstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): nv_agp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NVIDIA nForce AGP Bus Filter
Image path: \SystemRoot\system32\drivers\nv_agp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ohci1394
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: 1394 OHCI Compliant Host Controller (Legacy)
Image path: \SystemRoot\system32\drivers\ohci1394.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): p2pimsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8004
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8005
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): p2psvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\p2psvc.dll,-8006
Description: @%SystemRoot%\system32\p2psvc.dll,-8007
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc,PNRPSvc

Service (registry key): Parport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Parallel port driver
Image path: \SystemRoot\system32\DRIVERS\parport.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): partmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\partmgr.sys,-100
Description: @%SystemRoot%\system32\drivers\partmgr.sys,-101
Image path: System32\drivers\partmgr.sys
Image size: 56176
Image MD5: 3F34A1B4C5F6475F320C275E63AFCE9B
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Parvdm
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\parvdm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 0
Depends On services: Parport
Depends On group: "Parallel arbitrator"

Service (registry key): PcaSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pcasvc.dll,-1
Description: @%SystemRoot%\system32\pcasvc.dll,-2
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): pci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCI Bus Driver
Image path: system32\drivers\pci.sys
Image size: 153984
Image MD5: 673E55C3498EB970088E812EA820AA8F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): pciide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\pciide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): pcmcia
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\pcmcia.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): PCTBD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Browser Defender Driver
Image path: System32\Drivers\PCTBD.sys
Image size: 62688
Image MD5: 9DCE45B0DC51EBB7CD7063F8C3B086D0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: PCTCore

Service (registry key): PCTCore
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PCTools KDS
Image path: system32\drivers\PCTCore.sys
Image size: 368616
Image MD5: 07D9D16537B6969F2BBE00485F10D5BA
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1
Depends On services: FltMgr

END OF PART 1

#7 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 29 November 2012 - 05:10 PM

Hi ST,

This is PART 2 of the Spybot log from earlier today:


Service (registry key): pctDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Data Store
Image path: system32\drivers\pctDS.sys
Image size: 342168
Image MD5: 3C9FD593E95B98C642B4486CD122C2FB
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): pctEFA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Extended File Attributes
Image path: system32\drivers\pctEFA.sys
Image size: 909728
Image MD5: DB6B6E47165B9647B215CEEB4DB33B87
Control Set: CurrentControlSet
Start: 0
Type: 2
Error Control: 1
Depends On services: FltMgr,pctDS

Service (registry key): pctgntdi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: pctgntdi
Image path: \??\C:\Windows\System32\drivers\pctgntdi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tdx

Service (registry key): pctplsm
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: pctplsm
Image path: \??\C:\Windows\System32\drivers\pctplsm.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: pctgntdi

Service (registry key): PCTSD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Spyware Doctor Driver
Image path: System32\Drivers\PCTSD.sys
Image size: 202280
Image MD5: 9A073A09F22C63247964B946F04CB8A4
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: PCTCore

Service (registry key): pcw
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Performance Counters for Windows Driver
Image path: System32\drivers\pcw.sys
Image size: 43088
Image MD5: 250F6B43D2B613172035C6747AEEB19F
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): PEAUTH
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PEAUTH
Image path: system32\drivers\peauth.sys
Image size: 586752
Image MD5: 9E0104BA49F4E6973749A02BF41344ED
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): PerfDisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfNet
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfOS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): PerfProc
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): pla
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\pla.dll,-500
Description: @%systemroot%\system32\pla.dll,-501
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): PlugPlay
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpnpmgr.dll,-100
Description: @%SystemRoot%\system32\umpnpmgr.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): Pml Driver HPZ12
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Pml Driver HPZ12
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k HPZ12
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): PNRPAutoReg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpauto.dll,-8002
Description: @%SystemRoot%\system32\pnrpauto.dll,-8003
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: pnrpsvc

Service (registry key): PNRPsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\pnrpsvc.dll,-8000
Description: @%SystemRoot%\system32\pnrpsvc.dll,-8001
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServicePeerNet
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: p2pimsvc

Service (registry key): PolicyAgent
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\polstore.dll,-5010
Description: @%SystemRoot%\system32\polstore.dll,-5011
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tcpip,bfe

Service (registry key): PortProxy
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Power
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\umpo.dll,-100
Description: @%SystemRoot%\system32\umpo.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k DcomLaunch
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): PptpMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32006
Description: @%systemroot%\system32\rascfg.dll,-32006
Image path: system32\DRIVERS\raspptp.sys
Image size: 73728
Image MD5: 631E3E205AD6D86F2AED6A4A8E69F2DB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Processor
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Processor Driver
Image path: \SystemRoot\system32\DRIVERS\processr.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ProfSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\profsvc.dll,-300
Description: @%systemroot%\system32\profsvc.dll,-301
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ProtectedStorage
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\psbase.dll,-300
Description: @%systemroot%\system32\psbase.dll,-301
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Psched
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\pacer.sys,-101
Description: @%SystemRoot%\System32\drivers\pacer.sys,-101
Image path: system32\DRIVERS\pacer.sys
Image size: 104448
Image MD5: 6270CCAE2A86DE6D146529FE55B3246A
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): ql2300
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql2300.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ql40xx
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\ql40xx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): QWAVE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\qwave.dll,-1
Description: @%SystemRoot%\system32\qwave.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %windir%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss,psched,QWAVEdrv,LLTDIO

Service (registry key): QWAVEdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\qwavedrv.sys,-1
Description: @%SystemRoot%\system32\drivers\qwavedrv.sys,-2
Image path: \SystemRoot\system32\drivers\qwavedrv.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAcd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Access Auto Connection Driver
Description: Remote Access Auto Connection Driver
Image path: System32\DRIVERS\rasacd.sys
Image size: 11776
Image MD5: 30A81B53C766D0133BB86D234E5556AB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAgileVpn
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Image path: system32\DRIVERS\AgileVpn.sys
Image size: 49152
Image MD5: 57EC4AEF73660166074D8F7F31C0D4FD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasAuto
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasauto.dll,-200
Description: @%Systemroot%\system32\rasauto.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RasMan,TapiSrv,RasAcd

Service (registry key): Rasl2tp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32005
Description: @%systemroot%\system32\rascfg.dll,-32005
Image path: system32\DRIVERS\rasl2tp.sys
Image size: 78848
Image MD5: D9F91EAFEC2815365CBE6D167E4E332A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasMan
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\rasmans.dll,-200
Description: @%Systemroot%\system32\rasmans.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Tapisrv,SstpSvc

Service (registry key): RasPppoe
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32007
Description: @%systemroot%\system32\rascfg.dll,-32007
Image path: system32\DRIVERS\raspppoe.sys
Image size: 77824
Image MD5: 0FE8B15916307A6AC12BFB6A63E45507
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RasSstp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\sstpsvc.dll,-202
Description: @%systemroot%\system32\sstpsvc.dll,-202
Image path: system32\DRIVERS\rassstp.sys
Image size: 75264
Image MD5: 44101F495A83EA6401D886E7FD70096B
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): rdbss
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wkssvc.dll,-1000
Description: @%systemroot%\system32\wkssvc.dll,-1001
Image path: system32\DRIVERS\rdbss.sys
Image size: 242688
Image MD5: D528BC58A489409BA40334EBF96A311B
Control Set: CurrentControlSet
Start: 1
Type: 2
Error Control: 1
Depends On services: Mup

Service (registry key): rdpbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Device Redirector Bus Driver
Image path: \SystemRoot\system32\DRIVERS\rdpbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-100
Description: @%systemroot%\system32\DRIVERS\RDPCDD.sys,-101
Image path: System32\DRIVERS\RDPCDD.sys
Image size: 6656
Image MD5: 23DAE03F29D253AE74C44F99E515F9A1
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPENCDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RDPENCDD.sys,-101
Description: @%systemroot%\system32\drivers\RDPENCDD.sys,-100
Image path: system32\drivers\rdpencdd.sys
Image size: 6656
Image MD5: 5A53CA1598DD4156D44196D200C94B8A
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPNP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drprov.dll,-100
Description: @%systemroot%\system32\drprov.dll,-101
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RDPREFMP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\drivers\RdpRefMp.sys,-101
Description: @%systemroot%\system32\drivers\RdpRefMp.sys,-100
Image path: system32\drivers\rdprefmp.sys
Image size: 7168
Image MD5: 44B0A53CD4F27D50ED461DAE0C0B4E1F
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): RDPUDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): RdpVideoMiniport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Remote Desktop Video Miniport Driver
Image path: System32\drivers\rdpvideominiport.sys
Image size: 14848
Image MD5: 65375DF758CA1872AB7EBBBA457FD5E6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): RDPWD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: RDP Winstation Driver
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): rdyboost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: ReadyBoost
Description: ReadyBoost
Image path: System32\drivers\rdyboost.sys
Image size: 173440
Image MD5: 518395321DC96FE2C9F0E96AC743B656
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): RemoteAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\mprdim.dll,-200
Description: @%Systemroot%\system32\mprdim.dll,-201
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSS,Bfe,RasMan,Http
Depends On group: NetBIOSGroup

Service (registry key): RemoteRegistry
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @regsvc.dll,-1
Description: @regsvc.dll,-2
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k regsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): RpcEptMapper
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%windir%\system32\RpcEpMap.dll,-1001
Description: @%windir%\system32\RpcEpMap.dll,-1002
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k RPCSS
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): RpcLocator
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\Locator.exe,-2
Description: @%systemroot%\system32\Locator.exe,-3
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\locator.exe
Image size: 9216
Image MD5: 94D36C0E44677DD26981D2BFEEF2A29D
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): RpcSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @oleres.dll,-5010
Description: @oleres.dll,-5011
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k rpcss
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcEptMapper,DcomLaunch

Service (registry key): RSPCIESTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek PCIE CardReader Driver
Image path: system32\DRIVERS\RtsPStor.sys
Image size: 230944
Image MD5: 2AD7B2B3D7A10AE3D534877D543EED74
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): rspndr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Link-Layer Topology Discovery Responder
Image path: system32\DRIVERS\rspndr.sys
Image size: 60928
Image MD5: 032B0D36AD92B582D869879F5AF5B928
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): RTL8167
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Realtek 8167 NT Driver
Image path: system32\DRIVERS\Rt86win7.sys
Image size: 267880
Image MD5: 0516998076AD894AE7E362C3110AA071
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SamSs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\samsrv.dll,-1
Description: @%SystemRoot%\system32\samsrv.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS

Service (registry key): sbp2port
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SBP-2 Transport/Protocol Bus Driver
Image path: \SystemRoot\system32\drivers\sbp2port.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SBSDWSCService
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0
Depends On services: wscsvc

Service (registry key): SCardSvr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SCardSvr.dll,-1
Description: @%SystemRoot%\System32\SCardSvr.dll,-5
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay

Service (registry key): scfilter
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\drivers\scfilter.sys,-11
Description: @%SystemRoot%\System32\drivers\scfilter.sys,-12
Image path: System32\DRIVERS\scfilter.sys
Image size: 26624
Image MD5: 0693B5EC673E34DC147E195779A4DCF6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Schedule
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\schedsvc.dll,-100
Description: @%SystemRoot%\system32\schedsvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RPCSS,EventLog

Service (registry key): SCPolicySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\certprop.dll,-13
Description: @%SystemRoot%\System32\certprop.dll,-14
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): sdAuxService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Auxiliary Service
Description: Provides auxiliary PC Tools Security services. If this service is disabled spyware protection will be reduced.
Object name: LocalSystem
Image path: C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
Image size: 403416
Image MD5: AE88672774DF12BEDF76768E52D23424
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): sdbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\sdbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sdCoreService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: PC Tools Security Service
Description: Provides spyware and malware protection for the system. If this service is disabled spyware protection will be disabled.
Object name: LocalSystem
Image path: C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
Image size: 1162360
Image MD5: 5FC31ADB3B47E00349B92E57117D2C07
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): SDRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sdrsvc.dll,-107
Description: @%SystemRoot%\system32\sdrsvc.dll,-102
Object name: localSystem
Image path: %SystemRoot%\system32\svchost.exe -k SDRSVC
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): SeaPort
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SeaPort
Description: Enables the detection, download and installation of up-to-date configuration files for Microsoft Search Enhancement applications. Also provides server communication for the customer experience improvement program. If this service is disabled, search enhancement features such as search history may not work correctly.
Object name: LocalSystem
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): secdrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Driver
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1

Service (registry key): seclogon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\seclogon.dll,-7001
Description: @%SystemRoot%\system32\seclogon.dll,-7000
Object name: LocalSystem
Image path: %windir%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): SENS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\Sens.dll,-200
Description: @%SystemRoot%\system32\Sens.dll,-201
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): Serenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serenum Filter Driver
Image path: \SystemRoot\system32\DRIVERS\serenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Serial
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Port Driver
Image path: \SystemRoot\system32\DRIVERS\serial.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): sermouse
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Serial Mouse Driver
Image path: \SystemRoot\system32\DRIVERS\sermouse.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ServiceModelEndpoint 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelOperation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): ServiceModelService 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SessionEnv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\SessEnv.dll,-1026
Description: @%SystemRoot%\System32\SessEnv.dll,-1027
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,LanmanWorkstation

Service (registry key): sffdisk
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Class Driver
Image path: \SystemRoot\system32\drivers\sffdisk.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_mmc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for MMC
Image path: \SystemRoot\system32\drivers\sffp_mmc.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sffp_sd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SFF Storage Protocol Driver for SDBus
Image path: \SystemRoot\system32\drivers\sffp_sd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): sfloppy
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: High-Capacity Floppy Disk Drive
Image path: \SystemRoot\system32\DRIVERS\sfloppy.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SharedAccess
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ipnathlp.dll,-106
Description: @%SystemRoot%\system32\ipnathlp.dll,-107
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: Netman,WinMgmt,RasMan,BFE

Service (registry key): ShellHWDetection
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\shsvcs.dll,-12288
Description: @%SystemRoot%\System32\shsvcs.dll,-12289
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RpcSs

Service (registry key): sisagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: SIS AGP Bus Filter
Image path: \SystemRoot\system32\drivers\sisagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid2
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\SiSRaid2.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SiSRaid4
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\sisraid4.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Smb
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50005
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50006
Image path: system32\DRIVERS\smb.sys
Image size: 71168
Image MD5: 3E21C083B8A01CB70BA1F09303010FCE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): SMSvcHost 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SNMPTRAP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\snmptrap.exe,-3
Description: @%SystemRoot%\system32\snmptrap.exe,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\snmptrap.exe
Image size: 12800
Image MD5: 6A984831644ECA1A33FFEAE4126F4F37
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): spldr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Security Processor Loader Driver
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Spooler
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Print Spooler
Description: @%systemroot%\system32\spoolsv.exe,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\spoolsv.exe
Image size: 317440
Image MD5: 9AEA093B8F9C37CF45538382CABA2475
Control Set: CurrentControlSet
Start: 2
Type: 272
Error Control: 1
Depends On services: RPCSS,http

Service (registry key): sppsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppsvc.exe,-101
Description: @%SystemRoot%\system32\sppsvc.exe,-100
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\sppsvc.exe
Image size: 3179520
Image MD5: CF87A1DE791347E75B98885214CED2B8
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs

Service (registry key): sppuinotify
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sppuinotify.dll,-103
Description: @%SystemRoot%\system32\sppuinotify.dll,-102
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: EventSystem

Service (registry key): srv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-102
Description: @%systemroot%\system32\srvsvc.dll,-103
Image path: System32\DRIVERS\srv.sys
Image size: 311808
Image MD5: E4C2764065D66EA1D2D3EBC28FE99C46
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srv2

Service (registry key): srv2
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\srvsvc.dll,-104
Description: @%systemroot%\system32\srvsvc.dll,-105
Image path: System32\DRIVERS\srv2.sys
Image size: 310272
Image MD5: 03F0545BD8D4C77FA0AE1CEEDFCC71AB
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1
Depends On services: srvnet

Service (registry key): SrvHsfHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTAZL3.SYS
Image size: 207360
Image MD5: E00FDFAFF025E94F9821153750C35A6D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): SrvHsfV92
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTDPV3.SYS
Image size: 980992
Image MD5: CEB4E3B6890E1E42DCA6694D9E59E1A0
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): SrvHsfWinac
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\VSTCNXT3.SYS
Image size: 661504
Image MD5: BC0C7EA89194C299F051C24119000E17
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): srvnet
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: System32\DRIVERS\srvnet.sys
Image size: 114688
Image MD5: BE6BD660CAA6F291AE06A718A4FA8ABC
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): SSDPSRV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\ssdpsrv.dll,-100
Description: @%systemroot%\system32\ssdpsrv.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: HTTP

Service (registry key): SstpSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sstpsvc.dll,-200
Description: @%SystemRoot%\system32\sstpsvc.dll,-201
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): STacSV
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\stlang.dll,-10101
Description: @%SystemRoot%\system32\stlang.dll,-10201
Object name: LocalSystem
Image path: C:\Program Files\IDT\WDM\STacSV.exe
Image size: 237650
Image MD5: F076FFE8AF8398FDF2028F6EAC5F1778
Control Set: CurrentControlSet
Start: 4
Type: 16
Error Control: 1

Service (registry key): stexstor
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\stexstor.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): STHDA
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\stlang.dll,-10301
Image path: system32\DRIVERS\stwrt.sys
Image size: 431616
Image MD5: F71736DC79731C98698B93326E01A6BD
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): StiSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wiaservc.dll,-9
Description: @%SystemRoot%\system32\wiaservc.dll,-10
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k imgsvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RpcSs,ShellHWDetection

Service (registry key): swenum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Software Bus Driver
Image path: \SystemRoot\system32\drivers\swenum.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): swprv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\swprv.dll,-103
Description: @%SystemRoot%\System32\swprv.dll,-102
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k swprv
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): SymDS
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SymEFA
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): SynTP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Synaptics TouchPad Driver
Image path: system32\DRIVERS\SynTP.sys
Image size: 299312
Image MD5: 6DD49E1A5FA0F01824652F1A0A8866FB
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): SysMain
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\sysmain.dll,-1000
Description: @%SystemRoot%\system32\sysmain.dll,-1001
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: rpcss,fileinfo

Service (registry key): TabletInputService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\TabSvc.dll,-100
Description: @%SystemRoot%\system32\TabSvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TapiSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tapisrv.dll,-10100
Description: @%SystemRoot%\system32\tapisrv.dll,-10101
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs

Service (registry key): TBS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tbssvc.dll,-100
Description: @%SystemRoot%\system32\tbssvc.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): Tcpip
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50003
Image path: System32\drivers\tcpip.sys
Image size: 1293680
Image MD5: E23A56F843E2AEBBB209D0ACCA73C640
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): TCPIP6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft IPv6 Protocol Driver
Description: Microsoft IPv6 Protocol Driver
Image path: system32\DRIVERS\tcpip.sys
Image size: 1293680
Image MD5: E23A56F843E2AEBBB209D0ACCA73C640
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TCPIP6TUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tcpipreg
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TCP/IP Registry Compatibility
Description: Provides compatibility for legacy applications which interact with TCP/IP through the registry. If this service is stopped, certain applications may have impaired functionality.
Image path: System32\drivers\tcpipreg.sys
Image size: 35328
Image MD5: 3EEBD3BD93DA46A26E89893C7AB2FF3B
Control Set: CurrentControlSet
Start: 2
Type: 1
Error Control: 1
Depends On services: tcpip

Service (registry key): TCPIPTUNNEL
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): TDPIPE
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDPIPE
Image path: system32\drivers\tdpipe.sys
Image size: 18432
Image MD5: 1CB91B2BD8F6DD367DFC2EF26FD751B2
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): TDTCP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TDTCP
Image path: system32\drivers\tdtcp.sys
Image size: 24576
Image MD5: 2C2C5AFE7EE4F620D69C23C0617651A8
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tdx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Description: @%SystemRoot%\system32\tcpipcfg.dll,-50004
Image path: system32\DRIVERS\tdx.sys
Image size: 74752
Image MD5: B459575348C20E8121D6039DA063C704
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: Tcpip

Service (registry key): TermDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Terminal Device Driver
Image path: \SystemRoot\system32\drivers\termdd.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): TermService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\termsrv.dll,-268
Description: @%SystemRoot%\System32\termsrv.dll,-267
Object name: NT Authority\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,TermDD

Service (registry key): Themes
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\themeservice.dll,-8192
Description: @%SystemRoot%\System32\themeservice.dll,-8193
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): THREADORDER
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\mmcss.dll,-102
Description: @%systemroot%\system32\mmcss.dll,-103
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): TrkWks
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\trkwks.dll,-1
Description: @%SystemRoot%\system32\trkwks.dll,-2
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): TrustedInstaller
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\servicing\TrustedInstaller.exe,-100
Description: @%SystemRoot%\servicing\TrustedInstaller.exe,-101
Object name: localSystem
Image path: %SystemRoot%\servicing\TrustedInstaller.exe
Image size: 204800
Image MD5: 2C49B175AEE1D4364B91B531417FE583
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): TSDDD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): tssecsrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101
Description: @%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-102
Image path: System32\DRIVERS\tssecsrv.sys
Image size: 31232
Image MD5: 254BB140EEE3C59D6114C1A86B636877
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): TsUsbFlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\tsusbflt.sys,-1
Description: @%SystemRoot%\system32\drivers\tsusbflt.sys,-2
Image path: System32\drivers\tsusbflt.sys
Image size: 49664
Image MD5: 9CE253214ACAA5A7D323327D2055EFAA
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): tunnel
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Tunnel Miniport Adapter Driver
Image path: system32\DRIVERS\tunnel.sys
Image size: 108544
Image MD5: B2FA25D9B17A68BB93D58B0556E8C90D
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): uagp35
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft AGPv3.5 Filter
Image path: \SystemRoot\system32\DRIVERS\uagp35.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): udfs
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: udfs
Description: Reads/Writes UDF 1.02,1.5,2.0x,2.5 disc formats, usually found on C/DVD discs. (Core) (All pieces)
Image path: system32\DRIVERS\udfs.sys
Image size: 246784
Image MD5: EE43346C7E4B5E63E54F927BABBB32FF
Control Set: CurrentControlSet
Start: 4
Type: 2
Error Control: 1

Service (registry key): UGatherer
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UGTHRSVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): UI0Detect
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\ui0detect.exe,-101
Description: @%SystemRoot%\system32\ui0detect.exe,-102
Object name: LocalSystem
Image path: %SystemRoot%\system32\UI0Detect.exe
Image size: 35840
Image MD5: 8344FD4FCE927880AA1AA7681D4927E5
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1

Service (registry key): uliagpkx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Uli AGP Bus Filter
Image path: \SystemRoot\system32\drivers\uliagpkx.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): umbus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UMBus Enumerator Driver
Image path: \SystemRoot\system32\drivers\umbus.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UmPass
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft UMPass Driver
Image path: \SystemRoot\system32\DRIVERS\umpass.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): upnphost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: UPnP Device Host
Description: @%systemroot%\system32\upnphost.dll,-214
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: SSDPSRV,HTTP

Service (registry key): usbaudio
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Audio Driver (WDM)
Image path: system32\drivers\usbaudio.sys
Image size: 80768
Image MD5: 1D9F2BD026E8E2D45033A4DF3F16B78C
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbccgp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Generic Parent Driver
Image path: system32\DRIVERS\usbccgp.sys
Image size: 75776
Image MD5: BD9C55D7023C5DE374507ACC7A14E2AC
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbcir
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: eHome Infrared Receiver (USBCIR)
Image path: \SystemRoot\system32\drivers\usbcir.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbehci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB 2.0 Enhanced Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbehci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbhub
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Standard Hub Driver
Image path: system32\DRIVERS\usbhub.sys
Image size: 258560
Image MD5: 8DC94AEC6A7E644A06135AE7506DC2E9
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbohci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Open Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbohci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbprint
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB PRINTER Class
Image path: system32\DRIVERS\usbprint.sys
Image size: 19968
Image MD5: 797D862FE0875E75C7CC4C1AD7B30252
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): USBSTOR
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Mass Storage Driver
Image path: system32\DRIVERS\USBSTOR.SYS
Image size: 76288
Image MD5: F991AB9CC6B908DB552166768176896A
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbuhci
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft USB Universal Host Controller Miniport Driver
Image path: \SystemRoot\system32\drivers\usbuhci.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): usbvideo
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: USB Video Device (WDM)
Image path: \SystemRoot\System32\Drivers\usbvideo.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): UxSms
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\dwm.exe,-2000
Description: @%SystemRoot%\system32\dwm.exe,-2001
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1

Service (registry key): VaultSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vaultsvc.dll,-1003
Description: @%SystemRoot%\system32\vaultsvc.dll,-1004
Object name: LocalSystem
Image path: %SystemRoot%\system32\lsass.exe
Image size: 22528
Image MD5: 81951F51E318AECC2D68559E47485CC4
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): vdrvroot
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual Drive Enumerator Driver
Image path: system32\drivers\vdrvroot.sys
Image size: 32832
Image MD5: A059C4C3EDB09E07D21A8E5C0AABD3CB
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): vds
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\vds.exe,-100
Description: @%SystemRoot%\system32\vds.exe,-112
Object name: LocalSystem
Image path: %SystemRoot%\System32\vds.exe
Image size: 453632
Image MD5: C3CD30495687C2A2F66A65CA6FD89BE9
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RpcSs,PlugPlay

Service (registry key): vga
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\vgapnp.sys
Image size: 26112
Image MD5: 17C408214EA61696CEC9C66E388B14F3
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 0

Service (registry key): VgaSave
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\System32\drivers\vga.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 0

Service (registry key): vhdmp
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\vhdmp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): viaagp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA AGP Bus Filter
Image path: \SystemRoot\system32\drivers\viaagp.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): ViaC7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: VIA C7 Processor Driver
Image path: \SystemRoot\system32\DRIVERS\viac7.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): viaide
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\drivers\viaide.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 3

Service (registry key): volmgr
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Volume Manager Driver
Image path: system32\drivers\volmgr.sys
Image size: 53120
Image MD5: 4C63E00F2F4B5F86AB48A58CD990F212
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volmgrx
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\volmgrx.sys,-100
Description: @%SystemRoot%\system32\drivers\volmgrx.sys,-101
Image path: System32\drivers\volmgrx.sys
Image size: 297040
Image MD5: B5BB72067DDDDBBFB04B2F89FF8C3C87
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): volsnap
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Storage volumes
Image path: system32\drivers\volsnap.sys
Image size: 245632
Image MD5: F497F67932C6FA693D7DE2780631CFE7
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 3

Service (registry key): Vsdatant
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Zone Alarm Firewall Driver
Description: Zone Alarm Firewall Driver
Image path: system32\DRIVERS\vsdatant.sys
Image size: 455256
Image MD5: 6292C794BA68E0F46A6D45468461AFE1
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1
Depends On services: TCPIP

Service (registry key): vsmon
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: TrueVector Internet Monitor
Description: Monitors internet traffic and generates alerts for disallowed access.
Object name: LocalSystem
Image path: C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service
Image size: 2447440
Image MD5: FEB6282AFF403EBBCA47A503937CB6A1
Control Set: CurrentControlSet
Start: 3
Type: 272
Error Control: 1
Depends On services: RpcSs,CryptSvc,vsdatant

Service (registry key): vsmraid
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: \SystemRoot\system32\DRIVERS\vsmraid.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VSS
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\vssvc.exe,-102
Description: @%systemroot%\system32\vssvc.exe,-101
Object name: LocalSystem
Image path: %systemroot%\system32\vssvc.exe
Image size: 1025536
Image MD5: 209A3B1901B83AEB8527ED211CCE9E4C
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): vwifibus
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Bus Driver
Description: Virtual WiFi Bus Driver
Image path: system32\DRIVERS\vwifibus.sys
Image size: 19968
Image MD5: 90567B1E658001E79D7C8BBD3DDE5AA6
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): vwififlt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Virtual WiFi Filter Driver
Description: Virtual WiFi Filter Driver
Image path: system32\DRIVERS\vwififlt.sys
Image size: 48128
Image MD5: 7090D3436EEB4E7DA3373090A23448F7
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): vwifimp
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Virtual WiFi Miniport Service
Image path: system32\DRIVERS\vwifimp.sys
Image size: 14336
Image MD5: A3F04CBEA6C2A10E6CB01F8B47611882
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): VxD
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): W32Time
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Windows Time
Description: @%SystemRoot%\system32\w32time.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1

Service (registry key): W3SVC
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WacomPen
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Wacom Serial Pen HID Driver
Image path: \SystemRoot\system32\DRIVERS\wacompen.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WANARP
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32011
Description: @%systemroot%\system32\rascfg.dll,-32011
Image path: system32\DRIVERS\wanarp.sys
Image size: 63488
Image MD5: 3C3C78515F5AB448B022BDF5B8FFDD2E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): Wanarpv6
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\rascfg.dll,-32012
Description: @%systemroot%\system32\rascfg.dll,-32012
Image path: system32\DRIVERS\wanarp.sys
Image size: 63488
Image MD5: 3C3C78515F5AB448B022BDF5B8FFDD2E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wbengine
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbengine.exe,-104
Description: @%systemroot%\system32\wbengine.exe,-105
Object name: localSystem
Image path: "%systemroot%\system32\wbengine.exe"
Image size: 1203200
Image MD5: 691E3285E53DCA558E1A84667F13E15A
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WbioSrvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wbiosrvc.dll,-100
Description: @%systemroot%\system32\wbiosrvc.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k WbioSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs,VaultSvc,WUDFSvc

Service (registry key): wcncsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wcncsvc.dll,-3
Description: @%SystemRoot%\system32\wcncsvc.dll,-4
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceAndNoImpersonation
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WcsPlugInService
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\WcsPlugInService.dll,-200
Description: @%SystemRoot%\system32\WcsPlugInService.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k wcssvc
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Wd
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Watchdog Timer Driver
Image path: system32\DRIVERS\wd.sys
Image size: 19024
Image MD5: 1112A9BADACB47B7C0BB0392E3158DFF
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): Wdf01000
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wdf01000.sys,-1000
Image path: system32\drivers\Wdf01000.sys
Image size: 526952
Image MD5: A840213F1ACDCC175B4D1D5AAEAC0D7A
Control Set: CurrentControlSet
Start: 0
Type: 1
Error Control: 1

Service (registry key): WdiServiceHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-502
Description: @%systemroot%\system32\wdi.dll,-503
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WdiSystemHost
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wdi.dll,-500
Description: @%systemroot%\system32\wdi.dll,-501
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WebClient
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\webclnt.dll,-100
Description: @%systemroot%\system32\webclnt.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: MRxDAV

Service (registry key): Wecsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wecsvc.dll,-200
Description: @%SystemRoot%\system32\wecsvc.dll,-201
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\system32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: HTTP,Eventlog

Service (registry key): wercplsupport
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wercplsupport.dll,-101
Description: @%SystemRoot%\System32\wercplsupport.dll,-100
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1

Service (registry key): WerSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wersvc.dll,-100
Description: @%SystemRoot%\System32\wersvc.dll,-101
Object name: localSystem
Image path: %SystemRoot%\System32\svchost.exe -k WerSvcGroup
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 0

Service (registry key): WfpLwf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WFP Lightweight Filter
Description: WFP Lightweight Filter
Image path: system32\DRIVERS\wfplwf.sys
Image size: 9728
Image MD5: 8B9A943F3B53861F2BFAF6C186168F79
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): WIMMount
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: WIMMount
Description: WIM Image mount service driver
Image path: system32\drivers\wimmount.sys
Image size: 19008
Image MD5: 5CF95B35E59E2A38023836FFF31BE64C
Control Set: CurrentControlSet
Start: 3
Type: 2
Error Control: 1

Service (registry key): WinDefend
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103
Description: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-1176
Object name: LocalSystem
Image path: %SystemRoot%\System32\svchost.exe -k secsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): Windows Workflow Foundation 3.0.0.0
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): WinHttpAutoProxySvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\winhttp.dll,-100
Description: @%SystemRoot%\system32\winhttp.dll,-101
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: Dhcp

Service (registry key): Winmgmt
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmisvc.dll,-205
Description: @%Systemroot%\system32\wbem\wmisvc.dll,-204
Object name: localSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 0
Depends On services: RPCSS

Service (registry key): WinRM
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wsmsvc.dll,-101
Description: @%Systemroot%\system32\wsmsvc.dll,-102
Object name: NT AUTHORITY\NetworkService
Image path: %SystemRoot%\System32\svchost.exe -k NetworkService
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RPCSS,HTTP

Service (registry key): Winsock
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 3
Type: 4
Error Control: 1

Service (registry key): WinSock2
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): Wlansvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wlansvc.dll,-257
Description: @%SystemRoot%\System32\wlansvc.dll,-258
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: nativewifip,RpcSs,Ndisuio,Eaphost

Service (registry key): WmiAcpi
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: Microsoft Windows Management Interface for ACPI
Image path: \SystemRoot\system32\drivers\wmiacpi.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WmiApRpl
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wmiApSrv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110
Description: @%Systemroot%\system32\wbem\wmiapsrv.exe,-111
Object name: localSystem
Image path: %systemroot%\system32\wbem\WmiApSrv.exe
Image size: 136192
Image MD5: 6EB6B66517B048D87DC1856DDF1F4C3F
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1

Service (registry key): WMPNetworkSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101
Description: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-102
Object name: NT AUTHORITY\NetworkService
Image path: "%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe"
Image size: 1121792
Image MD5: 3B40D3A61AA8C21B88AE57C58AB3122E
Control Set: CurrentControlSet
Start: 3
Type: 16
Error Control: 1
Depends On services: http

Service (registry key): WPCSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpcsvc.dll,-100
Description: @%SystemRoot%\system32\wpcsvc.dll,-101
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): WPDBusEnum
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wpdbusenum.dll,-100
Description: @%SystemRoot%\system32\wpdbusenum.dll,-101
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: RpcSs

Service (registry key): ws2ifsl
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Description: @%systemroot%\System32\drivers\ws2ifsl.sys,-1000
Image path: \SystemRoot\system32\drivers\ws2ifsl.sys
Image size: 0
Image MD5: D41D8CD98F00B204E9800998ECF8427E
Control Set: CurrentControlSet
Start: 1
Type: 1
Error Control: 1

Service (registry key): wscsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wscsvc.dll,-200
Description: @%SystemRoot%\System32\wscsvc.dll,-201
Object name: NT AUTHORITY\LocalService
Image path: %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 4
Type: 32
Error Control: 1
Depends On services: RpcSs,winmgmt

Service (registry key): WSearch
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\SearchIndexer.exe,-103
Description: @%systemroot%\system32\SearchIndexer.exe,-104
Object name: LocalSystem
Image path: %systemroot%\system32\SearchIndexer.exe /Embedding
Image size: 427520
Image MD5: 236F286E103FD44BD85FDD93097FD5DD
Control Set: CurrentControlSet
Start: 2
Type: 16
Error Control: 1
Depends On services: RPCSS

Service (registry key): WSearchIdxPi
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): wuauserv
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%systemroot%\system32\wuaueng.dll,-105
Description: @%systemroot%\system32\wuaueng.dll,-106
Object name: LocalSystem
Image path: %systemroot%\system32\svchost.exe -k netsvcs
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: rpcss

Service (registry key): WudfPf
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\drivers\Wudfpf.sys,-1000
Image path: system32\drivers\WudfPf.sys
Image size: 66560
Image MD5: 06E6F32C8D0A3F66D956F57B43A2E070
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): WUDFRd
Registry path: \SYSTEM\CurrentControlSet\Services\
Image path: system32\DRIVERS\WUDFRd.sys
Image size: 155136
Image MD5: 867C301E8B790040AE9CF6486E8041DF
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): wudfsvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\system32\wudfsvc.dll,-1000
Description: @%SystemRoot%\system32\wudfsvc.dll,-1001
Object name: LocalSystem
Image path: %SystemRoot%\system32\svchost.exe -k LocalSystemNetworkRestricted
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 2
Type: 32
Error Control: 1
Depends On services: PlugPlay,WudfPf

Service (registry key): WwanSvc
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: @%SystemRoot%\System32\wwansvc.dll,-257
Description: @%SystemRoot%\System32\wwansvc.dll,-258
Object name: NT Authority\LocalService
Image path: %SystemRoot%\system32\svchost.exe -k LocalServiceNoNetwork
Image size: 20992
Image MD5: 54A47F6B5E09A77E61649109C6A08866
Control Set: CurrentControlSet
Start: 3
Type: 32
Error Control: 1
Depends On services: PlugPlay,RpcSs,NdisUio,NlaSvc

Service (registry key): xmlprov
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): yukonw7
Registry path: \SYSTEM\CurrentControlSet\Services\
Display name: NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller
Image path: system32\DRIVERS\yk62x86.sys
Image size: 311296
Image MD5: B07C5B7EFDF936FF93D4F540938725BE
Control Set: CurrentControlSet
Start: 3
Type: 1
Error Control: 1

Service (registry key): {72DBC75E-B7B6-42A2-8110-83262557103F}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {8B3434BE-A898-487D-BE99-F86FD7093B77}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Service (registry key): {D86F7B7C-C35A-4C97-8256-698CE2D85693}
Registry path: \SYSTEM\CurrentControlSet\Services\
Control Set: CurrentControlSet
Start: 0
Type: 0
Error Control: 0

Take it easy, and thanks again for your help.
Craig

#8 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 29 November 2012 - 05:11 PM

Craig,

I just got home, so am currently taking a look at the logs you posted for me to review.

I should have some instructions for you soon.

Edited by SweetTech, 29 November 2012 - 05:12 PM.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#9 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 29 November 2012 - 05:37 PM

Hi Craig!

I do have a brand new 16 GB thumb drive just waiting to be used. Let me know what you need from me with it.

Perfect!!

On a side note, I just upgraded my Zonealarm to the all-new 10.2.081.000. What A Mess! Took a program that worked well (and easily) and made it a nightmare! Can you suggest an alternative that's free, easy to use and effective?

It's such a shame when companies do that. That's a really good question.

You may want to give Comodo a try and see how that works out for you.

http://www.personalfirewall.comodo.com/

Thanks for posting those log files.

I was just interested in seeing what the other logs you had were going to show me.

It's possible that this infection has backdoor capabilities, so I'm going to provide you with the following warning to be on the safe side:

Posted Image One or more of the identified infections is a backdoor trojan and password stealer.

This type of infection allows hackers to access and remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.
If you do any banking or other financial transactions on the PC or if it contains any other sensitive information, then from a clean computer, change all passwords where applicable.
It would also be wise to contact those same financial institutions to appraise them of your situation.


I highly suggest you take a look at the two links provided below:
1. How Do I Handle Possible Identify Theft, Internet Fraud, and CC Fraud?
2. When should I re-format? How should I reinstall?

------

I have a feeling this infection is going to be stubborn if we attempt to remove it while booted up into Windows, so I'm just going to skip right ahead to a tool that we'll run in an outside environment. This should hopefully assist us with removing the offending files.

Please perform the following below:

Running FRST

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.


On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#10 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 November 2012 - 03:02 PM

Hi ST,

I have the results for the FRST log you asked for below:


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-11-2012 (ATTENTION: FRST version is 6 days old)
Ran by SYSTEM at 29-11-2012 21:40:55
Running from H:\
Windows 7 Starter (X86) OS Language: English(US)
The current controlset is ControlSet001

==================== Registry (Whitelisted) ===================

HKLM\...\Run: [ISW] [x]
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254 192.168.254.254

==================== Services (Whitelisted) ===================

4 Browser Defender Update Service; "C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe" [580728 2012-10-23] (Threat Expert Ltd.)
4 GameConsoleService; "C:\Program Files\HP Games\HP Game Console\GameConsoleService.exe" [246520 2010-04-03] (WildTangent, Inc.)
4 HP Wireless Assistant Service; "C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe" [103992 2010-06-18] (Hewlett-Packard Company)
2 IswSvc; "C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe" [497320 2012-08-30] (Check Point Software Technologies)
4 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [403416 2012-10-31] (PC Tools)
4 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1162360 2012-11-01] (PC Tools)
4 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [237650 2010-06-09] (IDT, Inc.)
3 vsmon; C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -service [2447440 2012-10-09] (Check Point Software Technologies LTD)

==================== Drivers (Whitelisted) ====================

1 DVMIO; C:\Windows\System32\DRIVERS\dvmio.sys [18136 2009-11-11] (DeviceVM, Inc.)
2 ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [27056 2012-08-30] (Check Point Software Technologies)
3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [62688 2012-10-23] (PC Tools)
0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [368616 2012-10-22] (PC Tools)
0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
0 pctEFA; C:\Windows\System32\drivers\pctEFA.sys [909728 2012-02-28] (PC Tools)
1 pctgntdi; \??\C:\Windows\System32\drivers\pctgntdi.sys [260760 2012-10-31] (PC Tools)
3 pctplsm; \??\C:\Windows\System32\drivers\pctplsm.sys [68272 2012-11-01] (PC Tools)
1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [202280 2012-11-01] (PC Tools)
3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [230944 2010-05-07] (Realtek Semiconductor Corp.)
1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [455256 2011-05-07] (Check Point Software Technologies LTD)
2 gupdate; [x]
3 gupdatem; [x]
4 HP Health Check Service; [x]
4 SeaPort; [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2012-11-29 21:40 - 2012-11-29 21:40 - 00000000 ____D C:\FRST
2012-11-29 17:17 - 2012-11-29 17:17 - 00907994 ____A (Farbar) C:\Users\mstcraig\Desktop\FRST.exe
2012-11-27 18:24 - 2012-11-27 18:26 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-27 18:24 - 2012-11-27 18:24 - 00000000 ____D C:\Users\mstcraig\Documents\ForceField Shared Files
2012-11-27 18:23 - 2012-11-27 18:23 - 00000732 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-11-27 18:11 - 2012-11-28 10:12 - 00018178 ____A C:\Windows\PFRO.log
2012-11-27 17:50 - 2012-11-27 17:50 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\CheckPoint
2012-11-27 17:47 - 2012-11-27 18:23 - 00000000 ____D C:\Program Files\CheckPoint
2012-11-27 17:47 - 2012-11-27 17:47 - 00000000 ____D C:\Users\All Users\ZA_PreservedFiles
2012-11-27 10:58 - 2012-11-29 18:34 - 00001354 ____A C:\Windows\setupact.log
2012-11-27 10:58 - 2012-11-27 10:58 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 14:52 - 2012-11-26 14:52 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-26 14:52 - 2012-11-26 14:51 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-26 14:51 - 2012-11-26 14:51 - 00000000 ____D C:\Program Files\Java
2012-11-25 13:09 - 2012-11-25 13:09 - 00012522 ____A C:\ComboFix.txt
2012-11-25 12:46 - 2012-11-29 18:37 - 00055013 ____A C:\Windows\WindowsUpdate.log
2012-11-25 12:33 - 2012-11-25 13:10 - 00000000 ____D C:\ComboFix
2012-11-25 12:33 - 2012-11-25 13:09 - 00000000 ____D C:\Qoobox
2012-11-25 12:33 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-11-25 12:33 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-11-25 12:33 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-11-25 12:33 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-11-25 12:33 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-11-25 12:33 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-11-25 12:33 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-11-25 12:33 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-11-25 12:32 - 2012-11-25 13:04 - 00000000 ____D C:\Windows\erdnt
2012-11-25 12:29 - 2012-11-25 12:29 - 05006177 ____R (Swearware) C:\Users\mstcraig\Desktop\ComboFix.exe
2012-11-24 19:44 - 2012-10-23 14:40 - 02280568 ____A (Threat Expert Ltd.) C:\Windows\PCTBDCore.dll
2012-11-24 19:44 - 2012-10-23 14:40 - 01690744 ____A (Threat Expert Ltd.) C:\Windows\PCTBDRes.dll
2012-11-24 19:44 - 2012-10-23 14:40 - 00769144 ____A C:\Windows\BDTSupport.dll
2012-11-24 19:44 - 2012-10-23 14:40 - 00150648 ____A (PC Tools) C:\Windows\SGDetectionTool.dll
2012-11-24 19:44 - 2012-10-23 14:40 - 00062688 ____A (PC Tools) C:\Windows\System32\Drivers\PCTBD.sys
2012-11-24 19:44 - 2012-10-23 13:30 - 00003488 ____A C:\Windows\UDB.zip
2012-11-24 19:44 - 2012-10-23 13:30 - 00000882 ____A C:\Windows\RegSDImport.xml
2012-11-24 19:44 - 2012-10-23 13:30 - 00000879 ____A C:\Windows\RegISSImport.xml
2012-11-24 19:44 - 2012-10-23 13:30 - 00000131 ____A C:\Windows\IDB.zip
2012-11-24 19:42 - 2012-10-31 11:21 - 00260760 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-11-24 19:42 - 2012-10-31 11:21 - 00178584 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-11-24 19:41 - 2012-11-24 19:41 - 00002191 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
2012-11-24 19:41 - 2012-11-01 12:35 - 00071752 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-11-24 19:41 - 2012-11-01 12:35 - 00068272 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsm.sys
2012-11-24 19:41 - 2012-11-01 12:35 - 00019464 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-11-24 19:34 - 2012-11-27 17:50 - 01224144 ____A C:\Windows\System32\Drivers\Cat.DB
2012-11-24 19:34 - 2012-11-24 19:44 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-11-24 19:34 - 2012-11-24 19:41 - 00000000 ____D C:\Program Files\PC Tools
2012-11-24 19:34 - 2012-11-01 12:35 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-11-24 19:34 - 2012-10-22 13:38 - 00368616 ____A (PC Tools) C:\Windows\System32\Drivers\PCTCore.sys
2012-11-24 19:34 - 2012-10-22 13:38 - 00163288 ____A (PC Tools) C:\Windows\System32\Drivers\PCTAppEvent.sys
2012-11-24 19:34 - 2012-02-28 08:43 - 00909728 ____A (PC Tools) C:\Windows\System32\Drivers\pctEFA.sys
2012-11-24 19:34 - 2012-02-28 08:43 - 00342168 ____A (PC Tools) C:\Windows\System32\Drivers\pctDS.sys
2012-11-24 19:33 - 2012-11-24 19:41 - 00000000 ____D C:\Users\All Users\PC Tools
2012-11-24 19:33 - 2012-11-24 19:33 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\TestApp
2012-11-24 18:53 - 2012-08-23 06:48 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\rdpudd.dll
2012-11-24 18:53 - 2012-08-23 06:44 - 00014848 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpvideominiport.sys
2012-11-24 18:53 - 2012-08-23 06:40 - 00049664 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\TsUsbFlt.sys
2012-11-24 18:53 - 2012-08-23 06:10 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2012-11-24 18:53 - 2012-08-23 06:10 - 00012288 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2012-11-24 18:53 - 2012-08-23 05:52 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\RdpGroupPolicyExtension.dll
2012-11-24 18:53 - 2012-08-23 05:47 - 00046592 ____A (Microsoft Corporation) C:\Windows\System32\MsRdpWebAccess.dll
2012-11-24 18:53 - 2012-08-23 05:46 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\wksprtPS.dll
2012-11-24 18:53 - 2012-08-23 05:32 - 00032768 ____A (Microsoft Corporation) C:\Windows\System32\TsUsbGDCoInstaller.dll
2012-11-24 18:53 - 2012-08-23 05:18 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2012-11-24 18:53 - 2012-08-23 03:40 - 00056320 ____A (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2012-11-24 18:53 - 2012-08-23 03:32 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\wksprt.exe
2012-11-24 18:53 - 2012-08-23 03:15 - 00269312 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2012-11-24 18:53 - 2012-08-23 03:12 - 00192000 ____A (Microsoft Corporation) C:\Windows\System32\rdpendp_winip.dll
2012-11-24 18:53 - 2012-08-23 02:39 - 01048064 ____A (Microsoft Corporation) C:\Windows\System32\mstsc.exe
2012-11-24 18:53 - 2012-08-23 02:08 - 02739712 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-11-24 18:53 - 2012-08-23 00:19 - 04916224 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2012-11-24 18:48 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2012-11-24 18:48 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2012-11-24 18:48 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2012-11-24 18:48 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2012-11-24 18:48 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2012-11-24 18:48 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2012-11-24 18:47 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2012-11-24 18:47 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2012-11-24 18:47 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2012-11-24 18:47 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2012-11-24 18:47 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2012-11-24 18:47 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2012-11-24 18:46 - 2012-09-14 10:28 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-11-24 18:46 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2012-11-24 18:46 - 2012-07-04 13:14 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll
2012-11-24 18:46 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll
2012-11-24 18:46 - 2012-05-13 20:33 - 00769024 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2012-11-24 18:45 - 2012-10-18 09:59 - 02345984 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-11-24 18:45 - 2012-08-24 09:05 - 00136560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-11-24 18:45 - 2012-08-24 09:02 - 00369856 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-11-24 18:45 - 2012-08-24 08:57 - 06028800 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 01231872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00627712 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00247808 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00220160 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-11-24 18:45 - 2012-08-24 08:57 - 00067584 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-11-24 18:45 - 2012-08-24 08:56 - 11020800 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-11-24 18:45 - 2012-08-24 08:56 - 02073600 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-11-24 18:45 - 2012-08-24 08:56 - 01039360 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-11-24 18:45 - 2012-08-24 08:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-11-24 18:45 - 2012-08-24 08:56 - 00048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-11-24 18:45 - 2012-08-24 07:20 - 01638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-11-24 18:45 - 2012-08-21 12:12 - 00245760 ____A (Microsoft Corporation) C:\Windows\System32\OxpsConverter.exe
2012-11-24 18:45 - 2012-08-02 08:57 - 00490496 ____A (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2012-11-24 18:44 - 2012-10-03 08:58 - 01293680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-11-24 18:44 - 2012-10-03 08:42 - 00242176 ____A (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2012-11-24 18:44 - 2012-10-03 08:42 - 00175104 ____A (Microsoft Corporation) C:\Windows\System32\netcorehc.dll
2012-11-24 18:44 - 2012-10-03 08:42 - 00156672 ____A (Microsoft Corporation) C:\Windows\System32\ncsi.dll
2012-11-24 18:44 - 2012-10-03 08:42 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\nlaapi.dll
2012-11-24 18:44 - 2012-10-03 08:42 - 00018944 ____A (Microsoft Corporation) C:\Windows\System32\netevent.dll
2012-11-24 18:44 - 2012-10-03 08:40 - 00499712 ____A (Microsoft Corporation) C:\Windows\System32\iphlpsvc.dll
2012-11-24 18:44 - 2012-10-03 07:21 - 00035328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2012-11-24 18:44 - 2012-08-22 09:16 - 00712048 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ndis.sys
2012-11-24 18:44 - 2012-08-22 09:16 - 00240496 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2012-11-24 18:44 - 2012-08-22 09:16 - 00187760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS
2012-11-24 18:44 - 2012-08-20 09:40 - 00868352 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-11-24 18:44 - 2012-08-20 09:40 - 00293376 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-11-24 18:44 - 2012-08-20 09:40 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-11-24 18:44 - 2012-08-20 09:37 - 00271360 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-11-24 18:44 - 2012-08-20 09:32 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 09:32 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 07:33 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 07:33 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 07:33 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-24 18:44 - 2012-08-20 07:33 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-11-24 18:44 - 2012-08-10 15:56 - 00542208 ____A (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2012-11-24 18:44 - 2012-07-04 11:45 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\RNDISMP.sys
2012-11-24 18:44 - 2012-05-04 23:46 - 00400896 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll
2012-11-24 18:43 - 2012-10-09 09:40 - 00193536 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcore6.dll
2012-11-24 18:43 - 2012-10-09 09:40 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\dhcpcsvc6.dll
2012-11-24 18:43 - 2012-09-25 14:47 - 00078336 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2012-11-24 18:43 - 2012-08-31 09:18 - 01211760 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2012-11-24 18:43 - 2012-08-30 09:12 - 03968880 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-11-24 18:43 - 2012-08-30 09:12 - 03914096 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-11-24 18:43 - 2012-08-24 08:57 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-11-24 18:43 - 2012-06-01 20:36 - 01159680 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-11-24 18:43 - 2012-06-01 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-11-24 18:43 - 2012-06-01 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-11-24 18:43 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2012-11-24 18:43 - 2012-02-10 21:37 - 00317440 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe
2012-11-24 17:31 - 2012-11-24 17:31 - 00000984 ____A C:\Windows\System32\config\qurcl
2012-11-24 17:18 - 2012-11-24 17:18 - 00001483 ____A C:\Users\mstcraig\Desktop\Malware Bytes Anti-Rootkit.lnk
2012-11-24 17:15 - 2012-11-24 17:15 - 00000000 ____D C:\Users\mstcraig\Documents\mbar-1.01.0.1009
2012-11-24 16:35 - 2012-11-24 16:35 - 00048954 ____A C:\Users\mstcraig\Desktop\Extras.Txt
2012-11-24 16:34 - 2012-11-24 16:34 - 00091800 ____A C:\Users\mstcraig\Desktop\OTL.Txt
2012-11-24 15:56 - 2012-11-24 15:56 - 00000000 ____D C:\_OTL
2012-11-24 15:54 - 2012-11-24 15:54 - 00602112 ____A (OldTimer Tools) C:\Users\mstcraig\Desktop\OTL.exe
2012-11-24 14:04 - 2012-11-24 14:04 - 00001593 ____A C:\scu.dat
2012-11-24 13:58 - 2012-11-24 13:58 - 00000000 ____D C:\Program Files\ESET
2012-11-24 13:03 - 2012-11-24 13:03 - 10521192 ____A (McAfee Inc.) C:\Users\mstcraig\Desktop\stinger.exe
2012-11-22 16:20 - 2012-11-29 18:34 - 00000320 ____A C:\Windows\Tasks\NRBAEO.job
2012-11-22 16:20 - 2012-11-22 16:20 - 00135168 _RASH C:\Windows\System32\usbperfw.dll
2012-11-21 14:11 - 2012-11-28 20:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-10 10:52 - 2012-11-10 10:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-11-06 12:32 - 2012-11-06 12:32 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\Foxit Software
2012-10-30 12:04 - 2012-10-30 12:04 - 00001100 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2012-10-30 12:04 - 2012-10-30 12:04 - 00000000 ____D C:\Program Files\Foxit Software

==================== One Month Modified Files and Folders ========

2012-11-29 18:37 - 2012-11-25 12:46 - 00055013 ____A C:\Windows\WindowsUpdate.log
2012-11-29 18:37 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-11-29 18:37 - 2009-07-13 20:34 - 00014128 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-11-29 18:34 - 2012-11-27 10:58 - 00001354 ____A C:\Windows\setupact.log
2012-11-29 18:34 - 2012-11-22 16:20 - 00000320 ____A C:\Windows\Tasks\NRBAEO.job
2012-11-29 18:34 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-11-29 18:21 - 2009-09-06 15:02 - 00713888 ____A C:\Windows\System32\PerfStringBackup.INI
2012-11-29 17:17 - 2012-11-29 17:17 - 00907994 ____A (Farbar) C:\Users\mstcraig\Desktop\FRST.exe
2012-11-29 10:13 - 2011-01-10 17:02 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2012-11-28 21:46 - 2010-12-16 07:43 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\Audacity
2012-11-28 20:23 - 2012-11-21 14:11 - 00000000 ____D C:\Program Files\Mozilla Firefox
2012-11-28 10:12 - 2012-11-27 18:11 - 00018178 ____A C:\Windows\PFRO.log
2012-11-27 18:26 - 2012-11-27 18:24 - 00415877 ____A C:\Windows\System32\Drivers\vsconfig.xml
2012-11-27 18:24 - 2012-11-27 18:24 - 00000000 ____D C:\Users\mstcraig\Documents\ForceField Shared Files
2012-11-27 18:23 - 2012-11-27 18:23 - 00000732 ____A C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2012-11-27 18:23 - 2012-11-27 17:47 - 00000000 ____D C:\Program Files\CheckPoint
2012-11-27 17:50 - 2012-11-27 17:50 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\CheckPoint
2012-11-27 17:50 - 2012-11-24 19:34 - 01224144 ____A C:\Windows\System32\Drivers\Cat.DB
2012-11-27 17:50 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\DriverStore
2012-11-27 17:47 - 2012-11-27 17:47 - 00000000 ____D C:\Users\All Users\ZA_PreservedFiles
2012-11-27 11:35 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\rescache
2012-11-27 11:01 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\System32\LogFiles
2012-11-27 10:58 - 2012-11-27 10:58 - 00000000 ____A C:\Windows\setuperr.log
2012-11-26 14:52 - 2012-11-26 14:52 - 00000000 ____D C:\Program Files\Common Files\Java
2012-11-26 14:51 - 2012-11-26 14:52 - 00246760 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00174056 ____A (Oracle Corporation) C:\Windows\System32\java.exe
2012-11-26 14:51 - 2012-11-26 14:51 - 00093672 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2012-11-26 14:51 - 2012-11-26 14:51 - 00000000 ____D C:\Program Files\Java
2012-11-26 14:51 - 2012-05-13 10:32 - 00821736 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll
2012-11-26 14:51 - 2010-07-27 02:00 - 00746984 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll
2012-11-25 13:10 - 2012-11-25 12:33 - 00000000 ____D C:\ComboFix
2012-11-25 13:09 - 2012-11-25 13:09 - 00012522 ____A C:\ComboFix.txt
2012-11-25 13:09 - 2012-11-25 12:33 - 00000000 ____D C:\Qoobox
2012-11-25 13:09 - 2009-07-13 18:37 - 00000000 __RHD C:\users\Default
2012-11-25 13:09 - 2009-07-13 18:37 - 00000000 ___RD C:\users\Public
2012-11-25 13:04 - 2012-11-25 12:32 - 00000000 ____D C:\Windows\erdnt
2012-11-25 13:01 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-11-25 12:48 - 2009-07-13 18:37 - 00000000 ____D C:\Windows\Microsoft.NET
2012-11-25 12:29 - 2012-11-25 12:29 - 05006177 ____R (Swearware) C:\Users\mstcraig\Desktop\ComboFix.exe
2012-11-24 19:44 - 2012-11-24 19:34 - 00000000 ____D C:\Program Files\Common Files\PC Tools
2012-11-24 19:41 - 2012-11-24 19:41 - 00002191 ____A C:\Users\Public\Desktop\PC Tools Spyware Doctor.lnk
2012-11-24 19:41 - 2012-11-24 19:34 - 00000000 ____D C:\Program Files\PC Tools
2012-11-24 19:41 - 2012-11-24 19:33 - 00000000 ____D C:\Users\All Users\PC Tools
2012-11-24 19:33 - 2012-11-24 19:33 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\TestApp
2012-11-24 18:58 - 2009-07-13 20:33 - 00288008 ____A C:\Windows\System32\FNTCACHE.DAT
2012-11-24 17:34 - 2009-07-13 18:37 - 00000000 ___DC C:\Windows\$NtUninstallKB56032$
2012-11-24 17:31 - 2012-11-24 17:31 - 00000984 ____A C:\Windows\System32\config\qurcl
2012-11-24 17:31 - 2011-10-10 12:56 - 00000000 __SHD C:\Users\mstcraig\AppData\Local\e636c329
2012-11-24 17:18 - 2012-11-24 17:18 - 00001483 ____A C:\Users\mstcraig\Desktop\Malware Bytes Anti-Rootkit.lnk
2012-11-24 17:15 - 2012-11-24 17:15 - 00000000 ____D C:\Users\mstcraig\Documents\mbar-1.01.0.1009
2012-11-24 16:35 - 2012-11-24 16:35 - 00048954 ____A C:\Users\mstcraig\Desktop\Extras.Txt
2012-11-24 16:34 - 2012-11-24 16:34 - 00091800 ____A C:\Users\mstcraig\Desktop\OTL.Txt
2012-11-24 16:08 - 2012-06-30 08:33 - 00001226 ____A C:\Users\mstcraig\Desktop\Revo Uninstaller.lnk
2012-11-24 16:08 - 2012-06-30 08:33 - 00000000 ____D C:\Program Files\VS Revo Group
2012-11-24 15:56 - 2012-11-24 15:56 - 00000000 ____D C:\_OTL
2012-11-24 15:56 - 2009-07-13 18:04 - 00000098 ____A C:\Windows\System32\Drivers\etc\hosts.old
2012-11-24 15:54 - 2012-11-24 15:54 - 00602112 ____A (OldTimer Tools) C:\Users\mstcraig\Desktop\OTL.exe
2012-11-24 15:08 - 2010-12-01 13:19 - 00000000 ____D C:\users\mstcraig
2012-11-24 14:07 - 2012-02-09 11:23 - 00000000 ____D C:\Program Files\stinger
2012-11-24 14:04 - 2012-11-24 14:04 - 00001593 ____A C:\scu.dat
2012-11-24 13:58 - 2012-11-24 13:58 - 00000000 ____D C:\Program Files\ESET
2012-11-24 13:05 - 2011-12-08 13:48 - 00014664 ____A (McAfee, Inc.) C:\Windows\stinger.sys
2012-11-24 13:03 - 2012-11-24 13:03 - 10521192 ____A (McAfee Inc.) C:\Users\mstcraig\Desktop\stinger.exe
2012-11-23 14:51 - 2012-10-20 13:23 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\Winamp
2012-11-23 14:51 - 2012-06-30 12:19 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\Media Player Classic
2012-11-22 16:20 - 2012-11-22 16:20 - 00135168 _RASH C:\Windows\System32\usbperfw.dll
2012-11-20 14:32 - 2012-02-09 13:46 - 00000000 ____D C:\Users\All Users\WebEx
2012-11-17 10:34 - 2011-07-07 10:12 - 00000000 ____D C:\Users\mstcraig\Desktop\Manuals & Assorted
2012-11-15 18:42 - 2011-12-01 19:19 - 00138890 ____A C:\Users\mstcraig\Desktop\flyer.odt
2012-11-10 10:52 - 2012-11-10 10:52 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2012-11-10 10:52 - 2012-10-14 10:49 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-11-06 12:32 - 2012-11-06 12:32 - 00000000 ____D C:\Users\mstcraig\AppData\Roaming\Foxit Software
2012-11-01 12:35 - 2012-11-24 19:41 - 00071752 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsg.sys
2012-11-01 12:35 - 2012-11-24 19:41 - 00068272 ____A (PC Tools) C:\Windows\System32\Drivers\pctplsm.sys
2012-11-01 12:35 - 2012-11-24 19:41 - 00019464 ____A (PC Tools) C:\Windows\System32\Drivers\pctBTFix.sys
2012-11-01 12:35 - 2012-11-24 19:34 - 00202280 ____A (PC Tools) C:\Windows\System32\Drivers\PCTSD.sys
2012-10-31 11:21 - 2012-11-24 19:42 - 00260760 ____A (PC Tools) C:\Windows\System32\Drivers\pctgntdi.sys
2012-10-31 11:21 - 2012-11-24 19:42 - 00178584 ____A (PC Tools) C:\Windows\System32\Drivers\pctwfpfilter.sys
2012-10-30 12:04 - 2012-10-30 12:04 - 00001100 ____A C:\Users\Public\Desktop\Foxit Reader.lnk
2012-10-30 12:04 - 2012-10-30 12:04 - 00000000 ____D C:\Program Files\Foxit Software
2012-10-30 11:45 - 2010-07-27 01:18 - 00000000 ____D C:\Program Files\Adobe
2012-10-30 11:44 - 2010-07-27 01:18 - 00000000 ____D C:\Users\All Users\Adobe
2012-10-30 11:43 - 2010-12-14 13:07 - 00000000 ____D C:\Users\mstcraig\AppData\Local\Adobe
2012-10-30 11:41 - 2010-07-27 00:02 - 00000000 ____D C:\Windows\System32\Macromed


==================== Known DLLs (Whitelisted) =================


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2012-11-24 15:20:31
Restore point made on: 2012-11-24 15:57:25
Restore point made on: 2012-11-24 16:16:49
Restore point made on: 2012-11-24 17:31:45
Restore point made on: 2012-11-24 18:46:56
Restore point made on: 2012-11-25 09:59:22
Restore point made on: 2012-11-26 14:51:13

==================== Memory info ===========================

Percentage of memory in use: 47%
Total physical RAM: 1011.9 MB
Available physical RAM: 533.4 MB
Total Pagefile: 1011.9 MB
Available Pagefile: 532.59 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.3 MB

==================== Partitions =============================

1 Drive c: () (Fixed) (Total:216.66 GB) (Free:186.1 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (RECOVERY) (Fixed) (Total:15.93 GB) (Free:2.56 GB) NTFS ==>[System with boot components (obtained from reading drive)]
3 Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
4 Drive g: () (Removable) (Total:7.45 GB) (Free:3.84 GB) FAT32
5 Drive h: () (Removable) (Total:14.9 GB) (Free:14.85 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 232 GB 0 B
Disk 1 Online 7633 MB 0 B
Disk 2 Online 14 GB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 216 GB 200 MB
Partition 3 Primary 15 GB 216 GB
Partition 4 Primary 103 MB 232 GB

=========================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 0 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 216 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 E RECOVERY NTFS Partition 15 GB Healthy

=========================================================

Disk: 0
Partition 4
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 7633 MB 16 KB

=========================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT32 Removable 7633 MB Healthy

=========================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 16 KB

=========================================================

Disk: 2
Partition 1
Type : 0C
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H FAT32 Removable 14 GB Healthy

=========================================================

Last Boot: 2012-11-26 15:16

==================== End Of Log ============================


More to come. CRaig

#11 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 30 November 2012 - 03:18 PM

ST,

I ran Stinger and have those results, but the system is not letting me post it as it's too long. I've shortened it several times and the system still will not let me post it. Can I send it to you as a text attachment instead?

As always, thanks for your help!
Craig

#12 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 30 November 2012 - 05:16 PM

Hi Craig!

I ran Stinger and have those results, but the system is not letting me post it as it's too long. I've shortened it several times and the system still will not let me post it. Can I send it to you as a text attachment instead?

Yep, you can go ahead and attach it for me to review.


Running FRST Fix

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt

start
2012-11-24 17:31 - 2012-11-24 17:31 - 00000984 ____A C:\Windows\System32\config\qurcl
2012-11-22 16:20 - 2012-11-29 18:34 - 00000320 ____A C:\Windows\Tasks\NRBAEO.job
2012-11-22 16:20 - 2012-11-22 16:20 - 00135168 _RASH C:\Windows\System32\usbperfw.dll
2012-11-29 18:34 - 2012-11-22 16:20 - 00000320 ____A C:\Windows\Tasks\NRBAEO.job
2012-11-24 17:34 - 2009-07-13 18:37 - 00000000 ___DC C:\Windows\$NtUninstallKB56032$
2012-11-24 17:31 - 2012-11-24 17:31 - 00000984 ____A C:\Windows\System32\config\qurcl
2012-11-24 17:31 - 2011-10-10 12:56 - 00000000 __SHD C:\Users\mstcraig\AppData\Local\e636c329
2012-11-22 16:20 - 2012-11-22 16:20 - 00135168 _RASH C:\Windows\System32\usbperfw.dll
end

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.


Please run a new scan with ComboFix after doing the above. If it prompts you to update, please allow it to do so.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#13 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 01 December 2012 - 02:21 PM

Hi ST,

1) I tried to attach the Stinger file as an attachment for you- The system will not accept it as it's too long! I'm seeing a pattern here... I guess we'll just go without it for now.

2) I'm having trouble with the following instructions: On Vista or Windows 7: Now please enter System Recovery Options. Run FRST64 and press the Fix button just once and wait.

I do not see anything called 'FRST64' listed anywhere. Could you shed more light or more detailed instructions as to how I proceed please? I'm not about to muck around with things I know little about- It only leads to more problems!

Thanks, Craig

#14 SweetTech

SweetTech

    Agent ST


  • Members
  • 13,421 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Antarctica
  • Local time:07:17 PM

Posted 02 December 2012 - 02:31 PM

Hi Craig!

1) I tried to attach the Stinger file as an attachment for you- The system will not accept it as it's too long! I'm seeing a pattern here... I guess we'll just go without it for now.

Lets not worry about that file for right now.

I do not see anything called 'FRST64' listed anywhere. Could you shed more light or more detailed instructions as to how I proceed please? I'm not about to muck around with things I know little about- It only leads to more problems!

Yep, I can. See the following below:

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Fix button.
[*]It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Please see if the above instructions help.

Let me know how the above goes and please let me know if you're able to run the new updated scan with ComboFix.

-ST.

Have I helped you? If you'd like to assist in the fight against malware, click here Posted Image


The instructions seen in this post have been specifically tailored to this user and the issues they are experiencing with their computer. If you think you have a similar problem, please first read this topic, and then begin your own, new thread. I do not offer private support via Private Message.


#15 mstcraig

mstcraig
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 02 December 2012 - 04:30 PM

Here you go, ST. I need to leave for the day- I'll resume this fix tomorrow. Let me know what the next step(s) are.

Have a good evening,
Craig


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-11-2012
Ran by SYSTEM at 2012-12-02 15:00:20 Run:1
Running from H:\

==============================================

C:\Windows\System32\config\qurcl moved successfully.
C:\Windows\Tasks\NRBAEO.job moved successfully.
C:\Windows\System32\usbperfw.dll moved successfully.
C:\Windows\Tasks\NRBAEO.job not found.
C:\Windows\$NtUninstallKB56032$ moved successfully.
C:\Windows\System32\config\qurcl not found.
C:\Users\mstcraig\AppData\Local\e636c329 moved successfully.
C:\Windows\System32\usbperfw.dll not found.

==== End of Fixlog ====




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users