Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

windows vista, google redirect


  • This topic is locked This topic is locked
25 replies to this topic

#1 epa100

epa100

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 09 February 2013 - 03:43 PM

hi,

 

first of all thank all of you for the help.

i am new here, so sorry if i do something wrong.

 

i have a windows vista home premium, service pack 2, 32 bit

i have AVG free 2013 and microsoft security essentials running.

 

i runned both and nothnig found. then i runned tdskiller and nothing found.

also i always run cccleaner.

 

google redirect still happening.

 

 



BC AdBot (Login to Remove)

 


#2 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 09 February 2013 - 03:45 PM

this is the report fro tdskiller

 

 

12:39:29.0758 2872  TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:39:30.0223 2872  ============================================================
12:39:30.0223 2872  Current date / time: 2013/02/09 12:39:30.0223
12:39:30.0223 2872  SystemInfo:
12:39:30.0223 2872  
12:39:30.0223 2872  OS Version: 6.0.6002 ServicePack: 2.0
12:39:30.0223 2872  Product type: Workstation
12:39:30.0223 2872  ComputerName: OWNER-LAP
12:39:30.0224 2872  UserName: Owner
12:39:30.0224 2872  Windows directory: C:\Windows
12:39:30.0224 2872  System windows directory: C:\Windows
12:39:30.0224 2872  Processor architecture: Intel x86
12:39:30.0224 2872  Number of processors: 2
12:39:30.0224 2872  Page size: 0x1000
12:39:30.0224 2872  Boot type: Normal boot
12:39:30.0224 2872  ============================================================
12:39:31.0365 2872  Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
12:39:31.0368 2872  ============================================================
12:39:31.0368 2872  \Device\Harddisk0\DR0:
12:39:31.0368 2872  MBR partitions:
12:39:31.0368 2872  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BA632CC
12:39:31.0368 2872  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BA6330B, BlocksNum 0x1761276
12:39:31.0368 2872  ============================================================
12:39:31.0377 2872  C: <-> \Device\Harddisk0\DR0\Partition1
12:39:31.0422 2872  D: <-> \Device\Harddisk0\DR0\Partition2
12:39:31.0423 2872  ============================================================
12:39:31.0423 2872  Initialize success
12:39:31.0423 2872  ============================================================
12:39:34.0397 5140  ============================================================
12:39:34.0397 5140  Scan started
12:39:34.0397 5140  Mode: Manual;
12:39:34.0397 5140  ============================================================
12:39:34.0816 5140  ================ Scan system memory ========================
12:39:34.0816 5140  System memory - ok
12:39:34.0817 5140  ================ Scan services =============================
12:39:35.0054 5140  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
12:39:35.0057 5140  ACPI - ok
12:39:35.0182 5140  [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
12:39:35.0185 5140  AdobeARMservice - ok
12:39:35.0259 5140  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx         C:\Windows\system32\drivers\adp94xx.sys
12:39:35.0268 5140  adp94xx - ok
12:39:35.0304 5140  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci         C:\Windows\system32\drivers\adpahci.sys
12:39:35.0312 5140  adpahci - ok
12:39:35.0344 5140  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
12:39:35.0347 5140  adpu160m - ok
12:39:35.0392 5140  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320         C:\Windows\system32\drivers\adpu320.sys
12:39:35.0396 5140  adpu320 - ok
12:39:35.0430 5140  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
12:39:35.0431 5140  AeLookupSvc - ok
12:39:35.0482 5140  [ 3911B972B55FEA0478476B2E777B29FA ] AFD             C:\Windows\system32\drivers\afd.sys
12:39:35.0484 5140  AFD - ok
12:39:35.0528 5140  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
12:39:35.0532 5140  agp440 - ok
12:39:35.0619 5140  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx         C:\Windows\system32\drivers\djsvs.sys
12:39:35.0622 5140  aic78xx - ok
12:39:35.0641 5140  [ A1545B731579895D8CC44FC0481C1192 ] ALG             C:\Windows\System32\alg.exe
12:39:35.0642 5140  ALG - ok
12:39:35.0671 5140  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
12:39:35.0683 5140  aliide - ok
12:39:35.0743 5140  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
12:39:35.0747 5140  amdagp - ok
12:39:35.0765 5140  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
12:39:35.0767 5140  amdide - ok
12:39:35.0783 5140  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7           C:\Windows\system32\drivers\amdk7.sys
12:39:35.0786 5140  AmdK7 - ok
12:39:35.0796 5140  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
12:39:35.0798 5140  AmdK8 - ok
12:39:35.0842 5140  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo         C:\Windows\System32\appinfo.dll
12:39:35.0843 5140  Appinfo - ok
12:39:35.0896 5140  [ 5D2888182FB46632511ACEE92FDAD522 ] arc             C:\Windows\system32\drivers\arc.sys
12:39:35.0899 5140  arc - ok
12:39:35.0938 5140  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
12:39:35.0968 5140  arcsas - ok
12:39:36.0013 5140  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
12:39:36.0014 5140  AsyncMac - ok
12:39:36.0046 5140  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi           C:\Windows\system32\drivers\atapi.sys
12:39:36.0047 5140  atapi - ok
12:39:36.0092 5140  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:39:36.0096 5140  AudioEndpointBuilder - ok
12:39:36.0126 5140  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
12:39:36.0129 5140  Audiosrv - ok
12:39:36.0542 5140  [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent     C:\Program Files\AVG\AVG2013\avgidsagent.exe
12:39:36.0597 5140  AVGIDSAgent - ok
12:39:36.0732 5140  [ 7BB2C605094DBCA536D127B434214862 ] AVGIDSDriver    C:\Windows\system32\DRIVERS\avgidsdriverx.sys
12:39:36.0760 5140  AVGIDSDriver - ok
12:39:36.0831 5140  [ 8F50F98686C9A397A19FCBAE284DB1C5 ] AVGIDSHX        C:\Windows\system32\DRIVERS\avgidshx.sys
12:39:36.0832 5140  AVGIDSHX - ok
12:39:36.0865 5140  [ A8DE230CC8536790CA07D37FBCD87A74 ] AVGIDSShim      C:\Windows\system32\DRIVERS\avgidsshimx.sys
12:39:36.0867 5140  AVGIDSShim - ok
12:39:36.0920 5140  [ D53D35031365A0ECCB1DC1BC1B15B18E ] Avgldx86        C:\Windows\system32\DRIVERS\avgldx86.sys
12:39:36.0925 5140  Avgldx86 - ok
12:39:36.0974 5140  [ 95889A9D23F3133250FA8AD13C982D58 ] Avglogx         C:\Windows\system32\DRIVERS\avglogx.sys
12:39:36.0977 5140  Avglogx - ok
12:39:37.0039 5140  [ AF7AA9BA434CD28833A66E90993E8DFD ] Avgmfx86        C:\Windows\system32\DRIVERS\avgmfx86.sys
12:39:37.0041 5140  Avgmfx86 - ok
12:39:37.0057 5140  [ F3D57358DE0B8B3491013C615754A7C7 ] Avgrkx86        C:\Windows\system32\DRIVERS\avgrkx86.sys
12:39:37.0058 5140  Avgrkx86 - ok
12:39:37.0076 5140  [ BA73B38E9033FC6018DB736B635706AE ] Avgtdix         C:\Windows\system32\DRIVERS\avgtdix.sys
12:39:37.0080 5140  Avgtdix - ok
12:39:37.0108 5140  [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd           C:\Program Files\AVG\AVG2013\avgwdsvc.exe
12:39:37.0112 5140  avgwd - ok
12:39:37.0174 5140  [ CF6A67C90951E3E763D2135DEDE44B85 ] BCM43XV         C:\Windows\system32\DRIVERS\bcmwl6.sys
12:39:37.0197 5140  BCM43XV - ok
12:39:37.0231 5140  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
12:39:37.0234 5140  Beep - ok
12:39:37.0289 5140  [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE             C:\Windows\System32\bfe.dll
12:39:37.0324 5140  BFE - ok
12:39:37.0447 5140  [ 93952506C6D67330367F7E7934B6A02F ] BITS            C:\Windows\system32\qmgr.dll
12:39:37.0456 5140  BITS - ok
12:39:37.0489 5140  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
12:39:37.0493 5140  blbdrive - ok
12:39:37.0524 5140  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
12:39:37.0525 5140  bowser - ok
12:39:37.0561 5140  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
12:39:37.0563 5140  BrFiltLo - ok
12:39:37.0586 5140  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
12:39:37.0588 5140  BrFiltUp - ok
12:39:37.0610 5140  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser         C:\Windows\System32\browser.dll
12:39:37.0612 5140  Browser - ok
12:39:37.0654 5140  [ B304E75CFF293029EDDF094246747113 ] Brserid         C:\Windows\system32\drivers\brserid.sys
12:39:37.0664 5140  Brserid - ok
12:39:37.0687 5140  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
12:39:37.0689 5140  BrSerWdm - ok
12:39:37.0714 5140  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
12:39:37.0734 5140  BrUsbMdm - ok
12:39:37.0759 5140  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
12:39:37.0777 5140  BrUsbSer - ok
12:39:37.0824 5140  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
12:39:37.0832 5140  BTHMODEM - ok
12:39:37.0966 5140  catchme - ok
12:39:37.0987 5140  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
12:39:37.0991 5140  cdfs - ok
12:39:38.0042 5140  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
12:39:38.0044 5140  cdrom - ok
12:39:38.0096 5140  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc     C:\Windows\System32\certprop.dll
12:39:38.0559 5140  CertPropSvc - ok
12:39:38.0622 5140  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
12:39:38.0633 5140  circlass - ok
12:39:38.0675 5140  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
12:39:38.0677 5140  CLFS - ok
12:39:38.0767 5140  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:39:38.0771 5140  clr_optimization_v2.0.50727_32 - ok
12:39:38.0851 5140  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:39:38.0864 5140  clr_optimization_v4.0.30319_32 - ok
12:39:38.0910 5140  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
12:39:38.0912 5140  CmBatt - ok
12:39:38.0936 5140  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
12:39:38.0938 5140  cmdide - ok
12:39:39.0068 5140  [ D8774ACE03B46C9B01A49818055F9AD4 ] Com4Qlb         C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
12:39:39.0150 5140  Com4Qlb - ok
12:39:39.0181 5140  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
12:39:39.0182 5140  Compbatt - ok
12:39:39.0188 5140  COMSysApp - ok
12:39:39.0208 5140  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk         C:\Windows\system32\drivers\crcdisk.sys
12:39:39.0209 5140  crcdisk - ok
12:39:39.0237 5140  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
12:39:39.0247 5140  Crusoe - ok
12:39:39.0295 5140  [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
12:39:39.0297 5140  CryptSvc - ok
12:39:39.0364 5140  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
12:39:39.0372 5140  DcomLaunch - ok
12:39:39.0403 5140  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
12:39:39.0405 5140  DfsC - ok
12:39:39.0556 5140  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
12:39:39.0613 5140  DFSR - ok
12:39:39.0657 5140  [ 6CC6C4B9D7B906A151AA094CA087B9F0 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
12:39:39.0660 5140  dg_ssudbus - ok
12:39:39.0695 5140  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
12:39:39.0698 5140  Dhcp - ok
12:39:39.0739 5140  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
12:39:39.0740 5140  disk - ok
12:39:39.0786 5140  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
12:39:39.0788 5140  Dnscache - ok
12:39:39.0825 5140  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc         C:\Windows\System32\dot3svc.dll
12:39:39.0828 5140  dot3svc - ok
12:39:39.0872 5140  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS             C:\Windows\system32\dps.dll
12:39:39.0874 5140  DPS - ok
12:39:39.0910 5140  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
12:39:39.0912 5140  drmkaud - ok
12:39:40.0011 5140  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
12:39:40.0024 5140  DXGKrnl - ok
12:39:40.0065 5140  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60           C:\Windows\system32\DRIVERS\E1G60I32.sys
12:39:40.0069 5140  E1G60 - ok
12:39:40.0094 5140  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost         C:\Windows\System32\eapsvc.dll
12:39:40.0095 5140  EapHost - ok
12:39:40.0156 5140  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
12:39:40.0158 5140  Ecache - ok
12:39:40.0244 5140  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
12:39:40.0247 5140  ehRecvr - ok
12:39:40.0313 5140  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched         C:\Windows\ehome\ehsched.exe
12:39:40.0314 5140  ehSched - ok
12:39:40.0336 5140  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart         C:\Windows\ehome\ehstart.dll
12:39:40.0337 5140  ehstart - ok
12:39:40.0394 5140  [ 23B62471681A124889978F6295B3F4C6 ] elxstor         C:\Windows\system32\drivers\elxstor.sys
12:39:40.0402 5140  elxstor - ok
12:39:40.0458 5140  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt         C:\Windows\system32\emdmgmt.dll
12:39:40.0463 5140  EMDMgmt - ok
12:39:40.0492 5140  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
12:39:40.0494 5140  ErrDev - ok
12:39:40.0582 5140  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem     C:\Windows\system32\es.dll
12:39:40.0585 5140  EventSystem - ok
12:39:40.0685 5140  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat           C:\Windows\system32\drivers\exfat.sys
12:39:40.0690 5140  exfat - ok
12:39:40.0741 5140  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
12:39:40.0745 5140  fastfat - ok
12:39:40.0776 5140  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
12:39:40.0779 5140  fdc - ok
12:39:40.0804 5140  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost         C:\Windows\system32\fdPHost.dll
12:39:40.0806 5140  fdPHost - ok
12:39:40.0818 5140  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
12:39:40.0821 5140  FDResPub - ok
12:39:40.0849 5140  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
12:39:40.0850 5140  FileInfo - ok
12:39:40.0873 5140  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
12:39:40.0887 5140  Filetrace - ok
12:39:40.0911 5140  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
12:39:40.0913 5140  flpydisk - ok
12:39:40.0952 5140  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
12:39:40.0955 5140  FltMgr - ok
12:39:41.0041 5140  [ 8CE364388C8ECA59B14B539179276D44 ] FontCache       C:\Windows\system32\FntCache.dll
12:39:41.0049 5140  FontCache - ok
12:39:41.0127 5140  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
12:39:41.0175 5140  FontCache3.0.0.0 - ok
12:39:41.0218 5140  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
12:39:41.0223 5140  Fs_Rec - ok
12:39:41.0251 5140  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
12:39:41.0253 5140  gagp30kx - ok
12:39:41.0300 5140  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc           C:\Windows\System32\gpsvc.dll
12:39:41.0307 5140  gpsvc - ok
12:39:41.0392 5140  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
12:39:41.0405 5140  gupdate - ok
12:39:41.0426 5140  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
12:39:41.0428 5140  gupdatem - ok
12:39:41.0478 5140  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:39:41.0484 5140  HdAudAddService - ok
12:39:41.0586 5140  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
12:39:41.0597 5140  HDAudBus - ok
12:39:41.0623 5140  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
12:39:41.0629 5140  HidBth - ok
12:39:41.0657 5140  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr           C:\Windows\system32\drivers\hidir.sys
12:39:41.0659 5140  HidIr - ok
12:39:41.0686 5140  [ 84067081F3318162797385E11A8F0582 ] hidserv         C:\Windows\System32\hidserv.dll
12:39:41.0688 5140  hidserv - ok
12:39:41.0796 5140  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
12:39:41.0814 5140  HidUsb - ok
12:39:41.0887 5140  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
12:39:41.0891 5140  hkmsvc - ok
12:39:41.0944 5140  [ 0D26C438E2938A3E6BDD91173BC96FF0 ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
12:39:41.0945 5140  HP Health Check Service - ok
12:39:41.0988 5140  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs         C:\Windows\system32\drivers\hpcisss.sys
12:39:41.0991 5140  HpCISSs - ok
12:39:42.0022 5140  [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr      C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
12:39:42.0024 5140  HpqKbFiltr - ok
12:39:42.0097 5140  [ 115C0933B3ED51DFBEC4449348C8065B ] HpqRemHid       C:\Windows\system32\DRIVERS\HpqRemHid.sys
12:39:42.0099 5140  HpqRemHid - ok
12:39:42.0129 5140  [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex        C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
12:39:42.0132 5140  hpqwmiex - ok
12:39:42.0170 5140  [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL        C:\Windows\system32\DRIVERS\VSTAZL3.SYS
12:39:42.0176 5140  HSFHWAZL - ok
12:39:42.0244 5140  [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV         C:\Windows\system32\DRIVERS\VSTDPV3.SYS
12:39:42.0277 5140  HSF_DPV - ok
12:39:42.0334 5140  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
12:39:42.0337 5140  HTTP - ok
12:39:42.0366 5140  [ C6B032D69650985468160FC9937CF5B4 ] i2omp           C:\Windows\system32\drivers\i2omp.sys
12:39:42.0368 5140  i2omp - ok
12:39:42.0418 5140  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
12:39:42.0420 5140  i8042prt - ok
12:39:42.0517 5140  [ 681EF6E0CC7BBAA0C09ACABEB91F669E ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
12:39:42.0521 5140  IAANTMON - ok
12:39:42.0619 5140  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
12:39:42.0622 5140  iaStor - ok
12:39:42.0662 5140  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV         C:\Windows\system32\drivers\iastorv.sys
12:39:42.0668 5140  iaStorV - ok
12:39:42.0756 5140  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
12:39:42.0794 5140  IDriverT - ok
12:39:42.0888 5140  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:39:42.0946 5140  idsvc - ok
12:39:43.0150 5140  [ A9221D13D8F1F772010EE293BA9BAEB7 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
12:39:43.0193 5140  igfx - ok
12:39:43.0227 5140  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp           C:\Windows\system32\drivers\iirsp.sys
12:39:43.0229 5140  iirsp - ok
12:39:43.0305 5140  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
12:39:43.0327 5140  IKEEXT - ok
12:39:43.0457 5140  [ 1F10ED6F98C57EFB4E7FB9972B2DBB71 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
12:39:43.0589 5140  IntcAzAudAddService - ok
12:39:43.0621 5140  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
12:39:43.0622 5140  intelide - ok
12:39:43.0632 5140  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
12:39:43.0633 5140  intelppm - ok
12:39:43.0660 5140  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
12:39:43.0663 5140  IPBusEnum - ok
12:39:43.0682 5140  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:39:43.0690 5140  IpFilterDriver - ok
12:39:43.0719 5140  [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
12:39:43.0722 5140  iphlpsvc - ok
12:39:43.0728 5140  IpInIp - ok
12:39:43.0753 5140  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV         C:\Windows\system32\drivers\ipmidrv.sys
12:39:43.0775 5140  IPMIDRV - ok
12:39:43.0800 5140  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT           C:\Windows\system32\DRIVERS\ipnat.sys
12:39:43.0803 5140  IPNAT - ok
12:39:43.0826 5140  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
12:39:43.0828 5140  IRENUM - ok
12:39:43.0850 5140  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
12:39:43.0853 5140  isapnp - ok
12:39:43.0891 5140  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
12:39:43.0895 5140  iScsiPrt - ok
12:39:43.0917 5140  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
12:39:43.0919 5140  iteatapi - ok
12:39:43.0936 5140  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid         C:\Windows\system32\drivers\iteraid.sys
12:39:43.0938 5140  iteraid - ok
12:39:43.0961 5140  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
12:39:43.0963 5140  kbdclass - ok
12:39:43.0998 5140  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
12:39:44.0015 5140  kbdhid - ok
12:39:44.0050 5140  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
12:39:44.0052 5140  KeyIso - ok
12:39:44.0092 5140  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
12:39:44.0096 5140  KSecDD - ok
12:39:44.0146 5140  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm           C:\Windows\system32\msdtckrm.dll
12:39:44.0181 5140  KtmRm - ok
12:39:44.0224 5140  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\System32\srvsvc.dll
12:39:44.0228 5140  LanmanServer - ok
12:39:44.0278 5140  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:39:44.0284 5140  LanmanWorkstation - ok
12:39:44.0325 5140  [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:39:44.0344 5140  LightScribeService - ok
12:39:44.0374 5140  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
12:39:44.0375 5140  lltdio - ok
12:39:44.0403 5140  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
12:39:44.0410 5140  lltdsvc - ok
12:39:44.0426 5140  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts         C:\Windows\System32\lmhsvc.dll
12:39:44.0428 5140  lmhosts - ok
12:39:44.0456 5140  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
12:39:44.0477 5140  LSI_FC - ok
12:39:44.0514 5140  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS         C:\Windows\system32\drivers\lsi_sas.sys
12:39:44.0527 5140  LSI_SAS - ok
12:39:44.0574 5140  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
12:39:44.0577 5140  LSI_SCSI - ok
12:39:44.0595 5140  [ 8F5C7426567798E62A3B3614965D62CC ] luafv           C:\Windows\system32\drivers\luafv.sys
12:39:44.0597 5140  luafv - ok
12:39:44.0633 5140  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
12:39:44.0637 5140  Mcx2Svc - ok
12:39:44.0662 5140  [ 0001CE609D66632FA17B84705F658879 ] megasas         C:\Windows\system32\drivers\megasas.sys
12:39:44.0664 5140  megasas - ok
12:39:44.0689 5140  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
12:39:44.0711 5140  MegaSR - ok
12:39:44.0819 5140  [ 780D96F551833E0DCFE0A33B02B774E8 ] MemeoBackgroundService C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
12:39:44.0822 5140  MemeoBackgroundService - ok
12:39:44.0835 5140  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS           C:\Windows\system32\mmcss.dll
12:39:44.0837 5140  MMCSS - ok
12:39:44.0848 5140  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem           C:\Windows\system32\drivers\modem.sys
12:39:44.0850 5140  Modem - ok
12:39:44.0899 5140  [ CBB59C41F19EFEA1A000793E08070A62 ] MODEMCSA        C:\Windows\system32\drivers\MODEMCSA.sys
12:39:44.0901 5140  MODEMCSA - ok
12:39:44.0935 5140  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
12:39:44.0936 5140  monitor - ok
12:39:44.0955 5140  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
12:39:44.0956 5140  mouclass - ok
12:39:44.0965 5140  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
12:39:44.0966 5140  mouhid - ok
12:39:44.0985 5140  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
12:39:44.0987 5140  MountMgr - ok
12:39:45.0081 5140  [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:39:45.0084 5140  MozillaMaintenance - ok
12:39:45.0180 5140  [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
12:39:45.0182 5140  MpFilter - ok
12:39:45.0205 5140  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
12:39:45.0208 5140  mpio - ok
12:39:45.0318 5140  [ A69630D039C38018689190234F866D77 ] MpKslffdc9159   c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{15A90291-1DA0-41ED-A3FA-93B242CA2091}\MpKslffdc9159.sys
12:39:45.0319 5140  MpKslffdc9159 - ok
12:39:45.0335 5140  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
12:39:45.0337 5140  mpsdrv - ok
12:39:45.0375 5140  [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc          C:\Windows\system32\mpssvc.dll
12:39:45.0381 5140  MpsSvc - ok
12:39:45.0425 5140  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
12:39:45.0428 5140  Mraid35x - ok
12:39:45.0464 5140  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
12:39:45.0465 5140  MRxDAV - ok
12:39:45.0532 5140  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
12:39:45.0534 5140  mrxsmb - ok
12:39:45.0580 5140  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:39:45.0583 5140  mrxsmb10 - ok
12:39:45.0602 5140  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:39:45.0603 5140  mrxsmb20 - ok
12:39:45.0620 5140  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
12:39:45.0621 5140  msahci - ok
12:39:45.0640 5140  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
12:39:45.0643 5140  msdsm - ok
12:39:45.0664 5140  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC           C:\Windows\System32\msdtc.exe
12:39:45.0669 5140  MSDTC - ok
12:39:45.0711 5140  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
12:39:45.0713 5140  Msfs - ok
12:39:45.0744 5140  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
12:39:45.0746 5140  msisadrv - ok
12:39:45.0780 5140  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
12:39:45.0785 5140  MSiSCSI - ok
12:39:45.0792 5140  msiserver - ok
12:39:45.0815 5140  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
12:39:45.0817 5140  MSKSSRV - ok
12:39:45.0873 5140  [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc         c:\Program Files\Microsoft Security Client\MsMpEng.exe
12:39:45.0874 5140  MsMpSvc - ok
12:39:45.0912 5140  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
12:39:45.0914 5140  MSPCLOCK - ok
12:39:45.0931 5140  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
12:39:45.0933 5140  MSPQM - ok
12:39:46.0008 5140  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
12:39:46.0011 5140  MsRPC - ok
12:39:46.0040 5140  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
12:39:46.0041 5140  mssmbios - ok
12:39:46.0059 5140  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
12:39:46.0061 5140  MSTEE - ok
12:39:46.0081 5140  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup             C:\Windows\system32\Drivers\mup.sys
12:39:46.0083 5140  Mup - ok
12:39:46.0127 5140  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
12:39:46.0135 5140  napagent - ok
12:39:46.0200 5140  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
12:39:46.0202 5140  NativeWifiP - ok
12:39:46.0276 5140  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
12:39:46.0281 5140  NDIS - ok
12:39:46.0322 5140  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
12:39:46.0324 5140  NdisTapi - ok
12:39:46.0344 5140  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
12:39:46.0345 5140  Ndisuio - ok
12:39:46.0381 5140  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
12:39:46.0385 5140  NdisWan - ok
12:39:46.0404 5140  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
12:39:46.0407 5140  NDProxy - ok
12:39:46.0419 5140  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
12:39:46.0422 5140  NetBIOS - ok
12:39:46.0461 5140  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt           C:\Windows\system32\DRIVERS\netbt.sys
12:39:46.0466 5140  netbt - ok
12:39:46.0483 5140  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
12:39:46.0486 5140  Netlogon - ok
12:39:46.0525 5140  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
12:39:46.0531 5140  Netman - ok
12:39:46.0574 5140  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
12:39:46.0582 5140  netprofm - ok
12:39:46.0633 5140  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:39:46.0637 5140  NetTcpPortSharing - ok
12:39:46.0759 5140  [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
12:39:46.0832 5140  NETw4v32 - ok
12:39:47.0018 5140  [ 8DE67BD902095A13329FD82C85A1FA09 ] NETw5v32        C:\Windows\system32\DRIVERS\NETw5v32.sys
12:39:47.0162 5140  NETw5v32 - ok
12:39:47.0363 5140  [ D4EF7A9767C05905500EC312CB29EF46 ] NETwLv32        C:\Windows\system32\DRIVERS\NETwLv32.sys
12:39:47.0553 5140  NETwLv32 - ok
12:39:47.0602 5140  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960         C:\Windows\system32\drivers\nfrd960.sys
12:39:47.0604 5140  nfrd960 - ok
12:39:47.0649 5140  [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:39:47.0653 5140  NisDrv - ok
12:39:47.0678 5140  [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
12:39:47.0683 5140  NisSrv - ok
12:39:47.0713 5140  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
12:39:47.0717 5140  NlaSvc - ok
12:39:47.0746 5140  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
12:39:47.0776 5140  Npfs - ok
12:39:47.0805 5140  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi             C:\Windows\system32\nsisvc.dll
12:39:47.0808 5140  nsi - ok
12:39:47.0830 5140  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
12:39:47.0832 5140  nsiproxy - ok
12:39:47.0932 5140  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
12:39:47.0965 5140  Ntfs - ok
12:39:48.0000 5140  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi       C:\Windows\system32\drivers\ntrigdigi.sys
12:39:48.0002 5140  ntrigdigi - ok
12:39:48.0021 5140  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
12:39:48.0025 5140  Null - ok
12:39:48.0068 5140  [ 1657F3FBD9061526C14FF37E79306F98 ] NVENETFD        C:\Windows\system32\DRIVERS\nvm60x32.sys
12:39:48.0090 5140  NVENETFD - ok
12:39:48.0137 5140  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
12:39:48.0140 5140  nvraid - ok
12:39:48.0258 5140  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
12:39:48.0277 5140  nvstor - ok
12:39:48.0308 5140  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
12:39:48.0311 5140  nv_agp - ok
12:39:48.0317 5140  NwlnkFlt - ok
12:39:48.0325 5140  NwlnkFwd - ok
12:39:48.0370 5140  [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
12:39:48.0372 5140  ohci1394 - ok
12:39:48.0452 5140  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:39:48.0457 5140  ose - ok
12:39:48.0611 5140  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:39:48.0732 5140  osppsvc - ok
12:39:48.0785 5140  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
12:39:48.0795 5140  p2pimsvc - ok
12:39:48.0830 5140  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
12:39:48.0840 5140  p2psvc - ok
12:39:48.0868 5140  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport         C:\Windows\system32\drivers\parport.sys
12:39:48.0871 5140  Parport - ok
12:39:48.0914 5140  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
12:39:48.0916 5140  partmgr - ok
12:39:48.0933 5140  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
12:39:48.0935 5140  Parvdm - ok
12:39:48.0996 5140  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
12:39:49.0000 5140  PcaSvc - ok
12:39:49.0054 5140  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci             C:\Windows\system32\drivers\pci.sys
12:39:49.0057 5140  pci - ok
12:39:49.0090 5140  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
12:39:49.0092 5140  pciide - ok
12:39:49.0119 5140  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
12:39:49.0124 5140  pcmcia - ok
12:39:49.0168 5140  [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin        C:\Windows\system32\Drivers\pcouffin.sys
12:39:49.0170 5140  pcouffin - ok
12:39:49.0227 5140  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
12:39:49.0235 5140  PEAUTH - ok
12:39:49.0326 5140  [ B1689DF169143F57053F795390C99DB3 ] pla             C:\Windows\system32\pla.dll
12:39:49.0364 5140  pla - ok
12:39:49.0414 5140  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
12:39:49.0419 5140  PlugPlay - ok
12:39:49.0508 5140  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg     C:\Windows\system32\p2psvc.dll
12:39:49.0516 5140  PNRPAutoReg - ok
12:39:49.0663 5140  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc         C:\Windows\system32\p2psvc.dll
12:39:49.0670 5140  PNRPsvc - ok
12:39:49.0696 5140  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
12:39:49.0705 5140  PolicyAgent - ok
12:39:49.0734 5140  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
12:39:49.0737 5140  PptpMiniport - ok
12:39:49.0763 5140  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor       C:\Windows\system32\drivers\processr.sys
12:39:49.0765 5140  Processor - ok
12:39:49.0807 5140  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc         C:\Windows\system32\profsvc.dll
12:39:49.0810 5140  ProfSvc - ok
12:39:49.0828 5140  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
12:39:49.0831 5140  ProtectedStorage - ok
12:39:49.0857 5140  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
12:39:49.0859 5140  PSched - ok
12:39:49.0918 5140  [ 65D9E440F351EF710F5598DDF9612F19 ] QBCFMonitorService C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
12:39:49.0950 5140  QBCFMonitorService - ok
12:39:50.0025 5140  [ 2241EAF40E472C471CB80CF6B97CCA11 ] QBFCService     C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
12:39:50.0047 5140  QBFCService - ok
12:39:50.0136 5140  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
12:39:50.0170 5140  ql2300 - ok
12:39:50.0201 5140  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
12:39:50.0205 5140  ql40xx - ok
12:39:50.0303 5140  [ BA396D1C71934E22679D3F4DAC17E7AB ] QPCapSvc        C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
12:39:50.0306 5140  QPCapSvc - ok
12:39:50.0316 5140  [ 4B455E8C41CAD3219CCF53024DCAD604 ] QPSched         C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
12:39:50.0319 5140  QPSched - ok
12:39:50.0357 5140  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE           C:\Windows\system32\qwave.dll
12:39:50.0361 5140  QWAVE - ok
12:39:50.0381 5140  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
12:39:50.0382 5140  QWAVEdrv - ok
12:39:50.0398 5140  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
12:39:50.0399 5140  RasAcd - ok
12:39:50.0414 5140  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto         C:\Windows\System32\rasauto.dll
12:39:50.0418 5140  RasAuto - ok
12:39:50.0445 5140  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
12:39:50.0448 5140  Rasl2tp - ok
12:39:50.0520 5140  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
12:39:50.0525 5140  RasMan - ok
12:39:50.0557 5140  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
12:39:50.0559 5140  RasPppoe - ok
12:39:50.0586 5140  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
12:39:50.0589 5140  RasSstp - ok
12:39:50.0628 5140  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
12:39:50.0633 5140  rdbss - ok
12:39:50.0648 5140  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
12:39:50.0649 5140  RDPCDD - ok
12:39:50.0683 5140  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr           C:\Windows\system32\drivers\rdpdr.sys
12:39:50.0689 5140  rdpdr - ok
12:39:50.0695 5140  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
12:39:50.0697 5140  RDPENCDD - ok
12:39:50.0754 5140  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
12:39:50.0759 5140  RDPWD - ok
12:39:50.0800 5140  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
12:39:50.0803 5140  RemoteAccess - ok
12:39:50.0833 5140  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
12:39:50.0836 5140  RemoteRegistry - ok
12:39:50.0862 5140  [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk        C:\Windows\system32\DRIVERS\rimmptsk.sys
12:39:50.0864 5140  rimmptsk - ok
12:39:50.0883 5140  [ A4216C71DD4F60B26418CCFD99CD0815 ] rimsptsk        C:\Windows\system32\DRIVERS\rimsptsk.sys
12:39:50.0886 5140  rimsptsk - ok
12:39:50.0899 5140  [ D231B577024AA324AF13A42F3A807D10 ] rismxdp         C:\Windows\system32\DRIVERS\rixdptsk.sys
12:39:50.0901 5140  rismxdp - ok
12:39:50.0920 5140  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
12:39:50.0922 5140  RpcLocator - ok
12:39:50.0980 5140  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs           C:\Windows\system32\rpcss.dll
12:39:50.0987 5140  RpcSs - ok
12:39:51.0037 5140  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
12:39:51.0039 5140  rspndr - ok
12:39:51.0087 5140  [ 06992132CF20C3C1CBA3F072C4086DE8 ] RTL8169         C:\Windows\system32\DRIVERS\Rtlh86.sys
12:39:51.0094 5140  RTL8169 - ok
12:39:51.0106 5140  [ A3E186B4B935905B829219502557314E ] SamSs           C:\Windows\system32\lsass.exe
12:39:51.0108 5140  SamSs - ok
12:39:51.0131 5140  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
12:39:51.0135 5140  sbp2port - ok
12:39:51.0179 5140  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
12:39:51.0183 5140  SCardSvr - ok
12:39:51.0222 5140  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
12:39:51.0229 5140  Schedule - ok
12:39:51.0242 5140  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc     C:\Windows\System32\certprop.dll
12:39:51.0244 5140  SCPolicySvc - ok
12:39:51.0322 5140  [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus           C:\Windows\system32\DRIVERS\sdbus.sys
12:39:51.0325 5140  sdbus - ok
12:39:51.0353 5140  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
12:39:51.0357 5140  SDRSVC - ok
12:39:51.0427 5140  [ 16B44D246835EAC156F8DAF0AA4F530C ] SeagateDashboardService C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
12:39:51.0429 5140  SeagateDashboardService - ok
12:39:51.0467 5140  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
12:39:51.0468 5140  secdrv - ok
12:39:51.0486 5140  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
12:39:51.0490 5140  seclogon - ok
12:39:51.0511 5140  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\system32\sens.dll
12:39:51.0514 5140  SENS - ok
12:39:51.0527 5140  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum         C:\Windows\system32\drivers\serenum.sys
12:39:51.0530 5140  Serenum - ok
12:39:51.0551 5140  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
12:39:51.0571 5140  Serial - ok
12:39:51.0604 5140  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
12:39:51.0606 5140  sermouse - ok
12:39:51.0640 5140  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
12:39:51.0643 5140  SessionEnv - ok
12:39:51.0658 5140  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
12:39:51.0660 5140  sffdisk - ok
12:39:51.0683 5140  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
12:39:51.0685 5140  sffp_mmc - ok
12:39:51.0715 5140  [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
12:39:51.0717 5140  sffp_sd - ok
12:39:51.0742 5140  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy         C:\Windows\system32\drivers\sfloppy.sys
12:39:51.0744 5140  sfloppy - ok
12:39:51.0793 5140  [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
12:39:51.0796 5140  SharedAccess - ok
12:39:51.0839 5140  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:39:51.0843 5140  ShellHWDetection - ok
12:39:51.0863 5140  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
12:39:51.0866 5140  sisagp - ok
12:39:51.0886 5140  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
12:39:51.0889 5140  SiSRaid2 - ok
12:39:51.0922 5140  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
12:39:51.0926 5140  SiSRaid4 - ok
12:39:52.0061 5140  [ B866E8C5ED1DCBEA72285BA4107892C2 ] SkypeUpdate     C:\Program Files\Skype\Updater\Updater.exe
12:39:52.0063 5140  SkypeUpdate - ok
12:39:52.0227 5140  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc           C:\Windows\system32\SLsvc.exe
12:39:52.0257 5140  slsvc - ok
12:39:52.0307 5140  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
12:39:52.0310 5140  SLUINotify - ok
12:39:52.0353 5140  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
12:39:52.0356 5140  Smb - ok
12:39:52.0424 5140  [ 859E3ADC59D1C89A66AA6492C14D379E ] smserial        C:\Windows\system32\DRIVERS\smserial.sys
12:39:52.0459 5140  smserial - ok
12:39:52.0500 5140  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
12:39:52.0503 5140  SNMPTRAP - ok
12:39:52.0535 5140  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr           C:\Windows\system32\drivers\spldr.sys
12:39:52.0536 5140  spldr - ok
12:39:52.0607 5140  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler         C:\Windows\System32\spoolsv.exe
12:39:52.0611 5140  Spooler - ok
12:39:52.0654 5140  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv             C:\Windows\system32\DRIVERS\srv.sys
12:39:52.0657 5140  srv - ok
12:39:52.0677 5140  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
12:39:52.0679 5140  srv2 - ok
12:39:52.0702 5140  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
12:39:52.0704 5140  srvnet - ok
12:39:52.0724 5140  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
12:39:52.0729 5140  SSDPSRV - ok
12:39:52.0770 5140  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
12:39:52.0774 5140  SstpSvc - ok
12:39:52.0826 5140  [ 359FEE084F1173FFFFD7F9CCBD43D47F ] ssudmdm         C:\Windows\system32\DRIVERS\ssudmdm.sys
12:39:52.0831 5140  ssudmdm - ok
12:39:52.0898 5140  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
12:39:52.0905 5140  stisvc - ok
12:39:52.0968 5140  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
12:39:52.0970 5140  swenum - ok
12:39:53.0014 5140  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv           C:\Windows\System32\swprv.dll
12:39:53.0019 5140  swprv - ok
12:39:53.0041 5140  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx         C:\Windows\system32\drivers\symc8xx.sys
12:39:53.0044 5140  Symc8xx - ok
12:39:53.0062 5140  SymIM - ok
12:39:53.0072 5140  SymIMMP - ok
12:39:53.0096 5140  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
12:39:53.0098 5140  Sym_hi - ok
12:39:53.0117 5140  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
12:39:53.0122 5140  Sym_u3 - ok
12:39:53.0169 5140  [ 6DD49E1A5FA0F01824652F1A0A8866FB ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
12:39:53.0177 5140  SynTP - ok
12:39:53.0230 5140  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain         C:\Windows\system32\sysmain.dll
12:39:53.0240 5140  SysMain - ok
12:39:53.0269 5140  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:39:53.0274 5140  TabletInputService - ok
12:39:53.0313 5140  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv         C:\Windows\System32\tapisrv.dll
12:39:53.0318 5140  TapiSrv - ok
12:39:53.0330 5140  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS             C:\Windows\System32\tbssvc.dll
12:39:53.0335 5140  TBS - ok
12:39:53.0399 5140  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
12:39:53.0407 5140  Tcpip - ok
12:39:53.0488 5140  [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
12:39:53.0495 5140  Tcpip6 - ok
12:39:53.0520 5140  [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
12:39:53.0522 5140  tcpipreg - ok
12:39:53.0547 5140  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
12:39:53.0549 5140  TDPIPE - ok
12:39:53.0573 5140  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
12:39:53.0575 5140  TDTCP - ok
12:39:53.0601 5140  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
12:39:53.0604 5140  tdx - ok
12:39:53.0616 5140  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
12:39:53.0618 5140  TermDD - ok
12:39:53.0671 5140  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService     C:\Windows\System32\termsrv.dll
12:39:53.0677 5140  TermService - ok
12:39:53.0695 5140  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
12:39:53.0699 5140  Themes - ok
12:39:53.0714 5140  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER     C:\Windows\system32\mmcss.dll
12:39:53.0716 5140  THREADORDER - ok
12:39:53.0742 5140  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
12:39:53.0747 5140  TrkWks - ok
12:39:53.0844 5140  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:39:53.0845 5140  TrustedInstaller - ok
12:39:53.0880 5140  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
12:39:53.0883 5140  tssecsrv - ok
12:39:53.0916 5140  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp           C:\Windows\system32\DRIVERS\tunmp.sys
12:39:53.0918 5140  tunmp - ok
12:39:53.0950 5140  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
12:39:53.0952 5140  tunnel - ok
12:39:53.0976 5140  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
12:39:53.0979 5140  uagp35 - ok
12:39:54.0022 5140  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
12:39:54.0027 5140  udfs - ok
12:39:54.0069 5140  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
12:39:54.0072 5140  UI0Detect - ok
12:39:54.0093 5140  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
12:39:54.0096 5140  uliagpkx - ok
12:39:54.0175 5140  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci         C:\Windows\system32\drivers\uliahci.sys
12:39:54.0181 5140  uliahci - ok
12:39:54.0207 5140  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
12:39:54.0211 5140  UlSata - ok
12:39:54.0243 5140  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2         C:\Windows\system32\drivers\ulsata2.sys
12:39:54.0247 5140  ulsata2 - ok
12:39:54.0262 5140  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
12:39:54.0284 5140  umbus - ok
12:39:54.0328 5140  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
12:39:54.0333 5140  upnphost - ok
12:39:54.0358 5140  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
12:39:54.0361 5140  usbccgp - ok
12:39:54.0381 5140  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
12:39:54.0385 5140  usbcir - ok
12:39:54.0426 5140  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
12:39:54.0428 5140  usbehci - ok
12:39:54.0454 5140  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
12:39:54.0460 5140  usbhub - ok
12:39:54.0475 5140  [ 7BDB7B0E7D45AC0402D78B90789EF47C ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
12:39:54.0478 5140  usbohci - ok
12:39:54.0504 5140  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
12:39:54.0506 5140  usbprint - ok
12:39:54.0529 5140  [ A508C9BD8724980512136B039BBA65E9 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
12:39:54.0532 5140  usbscan - ok
12:39:54.0556 5140  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:39:54.0559 5140  USBSTOR - ok
12:39:54.0588 5140  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
12:39:54.0590 5140  usbuhci - ok
12:39:54.0606 5140  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
12:39:54.0610 5140  usbvideo - ok
12:39:54.0649 5140  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms           C:\Windows\System32\uxsms.dll
12:39:54.0653 5140  UxSms - ok
12:39:54.0707 5140  [ CD88D1B7776DC17A119049742EC07EB4 ] vds             C:\Windows\System32\vds.exe
12:39:54.0713 5140  vds - ok
12:39:54.0737 5140  [ 87B06E1F30B749A114F74622D013F8D4 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
12:39:54.0739 5140  vga - ok
12:39:54.0762 5140  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave         C:\Windows\System32\drivers\vga.sys
12:39:54.0789 5140  VgaSave - ok
12:39:54.0815 5140  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
12:39:54.0819 5140  viaagp - ok
12:39:54.0845 5140  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7           C:\Windows\system32\drivers\viac7.sys
12:39:54.0847 5140  ViaC7 - ok
12:39:54.0879 5140  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
12:39:54.0881 5140  viaide - ok
12:39:54.0911 5140  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
12:39:54.0913 5140  volmgr - ok
12:39:54.0955 5140  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
12:39:54.0959 5140  volmgrx - ok
12:39:55.0005 5140  [ 786DB5771F05EF300390399F626BF30A ] volsnap         C:\Windows\system32\drivers\volsnap.sys
12:39:55.0008 5140  volsnap - ok
12:39:55.0042 5140  [ 587253E09325E6BF226B299774B728A9 ] vsmraid         C:\Windows\system32\drivers\vsmraid.sys
12:39:55.0046 5140  vsmraid - ok
12:39:55.0114 5140  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS             C:\Windows\system32\vssvc.exe
12:39:55.0148 5140  VSS - ok
12:39:55.0186 5140  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time         C:\Windows\system32\w32time.dll
12:39:55.0191 5140  W32Time - ok
12:39:55.0231 5140  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
12:39:55.0233 5140  WacomPen - ok
12:39:55.0255 5140  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
12:39:55.0281 5140  Wanarp - ok
12:39:55.0286 5140  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
12:39:55.0288 5140  Wanarpv6 - ok
12:39:55.0331 5140  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc         C:\Windows\System32\wcncsvc.dll
12:39:55.0339 5140  wcncsvc - ok
12:39:55.0354 5140  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:39:55.0357 5140  WcsPlugInService - ok
12:39:55.0373 5140  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
12:39:55.0375 5140  Wd - ok
12:39:55.0423 5140  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
12:39:55.0428 5140  Wdf01000 - ok
12:39:55.0445 5140  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
12:39:55.0449 5140  WdiServiceHost - ok
12:39:55.0455 5140  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
12:39:55.0459 5140  WdiSystemHost - ok
12:39:55.0505 5140  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient       C:\Windows\System32\webclnt.dll
12:39:55.0510 5140  WebClient - ok
12:39:55.0545 5140  [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc          C:\Windows\system32\wecsvc.dll
12:39:55.0549 5140  Wecsvc - ok
12:39:55.0569 5140  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
12:39:55.0573 5140  wercplsupport - ok
12:39:55.0613 5140  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
12:39:55.0617 5140  WerSvc - ok
12:39:55.0671 5140  [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf        C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
12:39:55.0704 5140  winachsf - ok
12:39:55.0786 5140  [ 4575AA12561C5648483403541D0D7F2B ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
12:39:55.0794 5140  WinDefend - ok
12:39:55.0801 5140  WinHttpAutoProxySvc - ok
12:39:55.0922 5140  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
12:39:55.0924 5140  Winmgmt - ok
12:39:55.0980 5140  [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM           C:\Windows\system32\WsmSvc.dll
12:39:56.0012 5140  WinRM - ok
12:39:56.0065 5140  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUSB          C:\Windows\system32\DRIVERS\WinUSB.sys
12:39:56.0067 5140  WinUSB - ok
12:39:56.0116 5140  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc         C:\Windows\System32\wlansvc.dll
12:39:56.0124 5140  Wlansvc - ok
12:39:56.0211 5140  [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:39:56.0258 5140  wlidsvc - ok
12:39:56.0315 5140  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
12:39:56.0316 5140  WmiAcpi - ok
12:39:56.0351 5140  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
12:39:56.0352 5140  wmiApSrv - ok
12:39:56.0412 5140  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
12:39:56.0419 5140  WMPNetworkSvc - ok
12:39:56.0440 5140  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
12:39:56.0445 5140  WPCSvc - ok
12:39:56.0483 5140  [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
12:39:56.0487 5140  WPDBusEnum - ok
12:39:56.0532 5140  [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
12:39:56.0535 5140  WpdUsb - ok
12:39:56.0675 5140  [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
12:39:56.0682 5140  WPFFontCache_v0400 - ok
12:39:56.0699 5140  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
12:39:56.0701 5140  ws2ifsl - ok
12:39:56.0736 5140  [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc          C:\Windows\system32\wscsvc.dll
12:39:56.0741 5140  wscsvc - ok
12:39:56.0748 5140  WSearch - ok
12:39:56.0866 5140  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
12:39:56.0918 5140  wuauserv - ok
12:39:56.0979 5140  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
12:39:56.0980 5140  WudfPf - ok
12:39:57.0018 5140  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
12:39:57.0021 5140  WUDFRd - ok
12:39:57.0097 5140  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
12:39:57.0101 5140  wudfsvc - ok
12:39:57.0115 5140  ================ Scan global ===============================
12:39:57.0139 5140  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
12:39:57.0181 5140  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:39:57.0204 5140  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
12:39:57.0243 5140  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
12:39:57.0248 5140  [Global] - ok
12:39:57.0249 5140  ================ Scan MBR ==================================
12:39:57.0270 5140  [ 1A1A06F62E891045814007163C1C76C3 ] \Device\Harddisk0\DR0
12:39:57.0949 5140  \Device\Harddisk0\DR0 - ok
12:39:57.0950 5140  ================ Scan VBR ==================================
12:39:57.0957 5140  [ 1FAC30270FC209710D1E782B8D80A8F2 ] \Device\Harddisk0\DR0\Partition1
12:39:57.0959 5140  \Device\Harddisk0\DR0\Partition1 - ok
12:39:57.0965 5140  [ 486B6D319A106D46B6871FBB06EA3800 ] \Device\Harddisk0\DR0\Partition2
12:39:57.0967 5140  \Device\Harddisk0\DR0\Partition2 - ok
12:39:57.0969 5140  ============================================================
12:39:57.0969 5140  Scan finished
12:39:57.0969 5140  ============================================================
12:39:57.0986 4060  Detected object count: 0
12:39:57.0986 4060  Actual detected object count: 0
 



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 09 February 2013 - 07:28 PM


Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-
  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
information and logs
  • In your next post I need the following
    • both reports from DDS
    • report from security check
    • let me know of any problems you may have had
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 09 February 2013 - 09:22 PM

hi gringo_pr

thank you so much

 

here are the reports

 

Results of screen317's Security Check version 0.99.57  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG Anti-Virus Free Edition 2013   
Microsoft Security Essentials      
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 CCleaner     
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Flash Player     11.5.502.146  
 Adobe Reader 10.1.0 Adobe Reader out of Date!  
 Mozilla Firefox (18.0.2)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 AVG avgwdsvc.exe
 AVG avgrsx.exe
 AVG avgnsx.exe
 AVG avgemc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 3 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

 

 

DDS log 1

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457
Run by Owner at 18:19:57 on 2013-02-09
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1426 [GMT -8:00]
.
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
============== Running Processes ================
.
C:\PROGRA~1\AVG\AVG2013\avgrsx.exe
C:\Program Files\AVG\AVG2013\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG2013\avgidsagent.exe
C:\Program Files\AVG\AVG2013\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\AVG\AVG2013\avgnsx.exe
C:\Program Files\AVG\AVG2013\avgemcx.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\igfxsrvc.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\conime.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [AVG_UI] "c:\program files\avg\avg2013\avgui.exe" /TRAYONLY
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office14\EXCEL.EXE/3000
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
TCP: NameServer = 192.168.10.1
TCP: Interfaces\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C} : DHCPNameServer = 192.168.10.1
TCP: Interfaces\{321D3394-8262-4D13-9E82-CB05BA9FDABE} : DHCPNameServer = 192.168.10.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\iwva7gdh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\progra~1\micros~3\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~3\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - plugin: c:\windows\system32\webclient\npwebclient.dll
FF - ExtSQL: 2013-01-09 22:15; 2.0@disconnect.me; c:\users\owner\appdata\roaming\mozilla\firefox\profiles\iwva7gdh.default\extensions\2.0@disconnect.me.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 19:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-10-15 55776]
R0 Avglogx;AVG Logging Driver;c:\windows\system32\drivers\avglogx.sys [2012-9-21 177376]
R0 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2012-11-15 94048]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-9-14 35552]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2012-10-22 179936]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2012-9-21 19936]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-10-2 159712]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-9-21 164832]
R1 MpKslffdc9159;MpKslffdc9159;c:\programdata\microsoft\microsoft antimalware\definition updates\{15a90291-1da0-41ed-a3fa-93b242ca2091}\MpKslffdc9159.sys [2013-2-9 29904]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2013\avgidsagent.exe [2012-11-15 5814904]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2013\avgwdsvc.exe [2012-10-22 196664]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-5-4 25824]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-3-20 99272]
R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-6-1 14088]
R3 NETwLv32;    Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2011-9-1 6639616]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-10-19 160944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-11-8 83168]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-11-17 3668480]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2012-11-8 181344]
.
=============== Created Last 30 ================
.
2013-02-09 20:39:36    29904    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{15a90291-1da0-41ed-a3fa-93b242ca2091}\MpKslffdc9159.sys
2013-02-08 23:59:29    6991832    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\{15a90291-1da0-41ed-a3fa-93b242ca2091}\mpengine.dll
2013-02-07 22:23:20    6991832    ----a-w-    c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-02-04 05:11:08    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-02-04 05:11:04    --------    d-----w-    c:\users\owner\appdata\local\temp
2013-02-04 04:56:49    208896    ----a-w-    c:\windows\MBR.exe
2013-02-04 04:56:48    98816    ----a-w-    c:\windows\sed.exe
2013-02-04 04:56:48    256000    ----a-w-    c:\windows\PEV.exe
2013-02-04 04:56:44    --------    d-----w-    C:\ComboFix
2013-02-04 04:43:57    --------    d-----w-    c:\users\owner\appdata\local\{288D106D-2AF0-4590-8F24-C12FAD1CE511}
2013-02-02 16:36:06    --------    d-----w-    c:\users\owner\appdata\local\{245B21FA-4C5B-4A85-A8F4-08ACB32F382F}
2013-02-02 00:13:39    --------    d-----w-    c:\users\owner\appdata\local\{CF695776-E477-4AD7-AAB6-BB56142B42B3}
2013-02-01 00:03:52    --------    d-----w-    c:\users\owner\appdata\local\{3C2AE406-3701-44D0-B0FD-F385ED24BAEC}
2013-01-31 02:28:46    --------    d-----w-    c:\users\owner\appdata\local\{3C53D222-E8DA-48B8-A4A8-E2E8119F9211}
2013-01-30 00:18:48    --------    d-----w-    c:\users\owner\appdata\local\{FFD00D20-39C4-485C-ACA4-F61699DBE087}
2013-01-28 20:23:30    --------    d-----w-    c:\users\owner\appdata\local\{42865206-9972-4FB7-9AAD-B3A85F2F175E}
2013-01-26 22:49:29    --------    d-----w-    c:\users\owner\appdata\local\{802B80C1-937C-4271-ACF8-CFBF919BA22D}
2013-01-26 02:12:33    --------    d-----w-    c:\users\owner\appdata\local\{9E0DFB0B-1F4B-46FE-8BC6-A5410E0D6A5A}
2013-01-25 04:33:11    --------    d-----w-    c:\users\owner\appdata\local\{79B409B5-A933-4154-B40F-02A295272154}
2013-01-24 16:32:40    --------    d-----w-    c:\users\owner\appdata\local\{E1789826-EF48-4366-96BA-4B3C54CDF8C6}
2013-01-24 04:32:08    --------    d-----w-    c:\users\owner\appdata\local\{E57F0A56-BC4E-4086-A9A1-A58B243E1D82}
2013-01-23 16:34:08    --------    d-----w-    c:\programdata\AVG January 2013 Campaign
2013-01-23 16:31:37    --------    d-----w-    c:\users\owner\appdata\local\{7173CB79-ECD5-491A-9557-43902E3302E3}
2013-01-22 06:37:32    --------    d-----w-    c:\program files\ESET
2013-01-21 22:30:51    --------    d-----w-    c:\users\owner\appdata\local\{A0785513-5EB1-448C-A0AF-45BAA19A8A62}
2013-01-21 04:41:27    --------    d-----w-    c:\users\owner\appdata\local\{9AE979D7-4B11-48F8-9C1E-71CD70993C16}
2013-01-19 19:52:08    --------    d-----w-    c:\users\owner\appdata\local\{B50A993C-2D17-4558-936B-D81543968DBC}
2013-01-19 00:26:40    --------    d-----w-    c:\users\owner\appdata\local\{1E25C8F8-B430-4FF9-B970-3B7B6C9CC788}
2013-01-17 20:48:03    --------    d-----w-    c:\users\owner\appdata\local\{986EB3C4-0C3A-4CFF-87D9-2B8AAC93FEE7}
2013-01-16 08:10:35    --------    d-----w-    c:\users\owner\appdata\local\{015D3631-5DFE-4535-B723-09ADBD34FD54}
2013-01-15 20:09:57    --------    d-----w-    c:\users\owner\appdata\local\{611D678C-ED07-495F-9CF6-9FEC41905108}
2013-01-15 00:04:52    --------    d-----w-    c:\users\owner\appdata\local\{A969B2EE-324B-4AF0-B72F-C33323D70156}
2013-01-14 03:42:52    --------    d-----w-    c:\users\owner\appdata\local\{5D5D3F81-A92C-4937-96C5-2F1B89F0F3C4}
2013-01-12 18:19:32    --------    d-----w-    c:\users\owner\appdata\local\{18575AFA-931D-4F94-A4EE-FC5A8D74AAC8}
2013-01-12 17:01:47    --------    d-----w-    c:\users\owner\appdata\local\SWTOR
2013-01-12 04:46:19    3850760    ----a-w-    c:\windows\system32\D3DX9_38.dll
2013-01-12 04:45:43    --------    d-----w-    c:\program files\common files\BioWare
2013-01-11 20:17:57    --------    d-----w-    c:\users\owner\appdata\local\{508A1973-7E07-4F73-9EC7-47F1143C7307}
.
==================== Find3M  ====================
.
2013-01-30 10:53:21    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-21 05:46:08    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-21 05:46:08    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12:54    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 10:50:29    293376    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-15 00:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-11-28 18:35:43    859072    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-11-28 18:35:38    779704    ----a-w-    c:\windows\system32\deployJava1.dll
2012-11-23 01:35:53    2048000    ----a-w-    c:\windows\system32\win32k.sys
2012-11-20 04:22:50    204288    ----a-w-    c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 01:58:15    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 01:49:25    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 01:44:42    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51    2048    ----a-w-    c:\windows\system32\tzres.dll
.
============= FINISH: 18:20:41.09 ===============
 

 

DDS log 2

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/11/2008 2:44:54 AM
System Uptime: 2/9/2013 11:33:33 AM (7 hours ago)
.
Motherboard: Quanta |  | 30CC
Processor: Intel® Core™2 Duo CPU     T5550  @ 1.83GHz | U2E1 | 1833/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 35.389 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 2.013 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1250: 2/1/2013 4:23:01 PM - Windows Update
RP1251: 2/2/2013 11:55:16 AM - Scheduled Checkpoint
RP1252: 2/5/2013 4:15:42 PM - Windows Update
RP1253: 2/6/2013 5:57:39 PM - Scheduled Checkpoint
RP1254: 2/7/2013 3:01:00 PM - Scheduled Checkpoint
RP1255: 2/8/2013 5:45:44 PM - Scheduled Checkpoint
RP1256: 2/9/2013 6:05:17 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.0) - Português
Adobe Shockwave Player
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Arquivo do WinRAR
AVG 2013
CCleaner
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EPSON Printer Software
ESET Online Scanner v3
Google Earth Plug-in
Google Update Helper
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Active Support Library
HP Deskjet 3050 J610 series Basic Device Software
HP Deskjet 3050 J610 series Help
HP Doc Viewer
HP Easy Setup - Frontend
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP Update
HP User Guides 0087
HP Wireless Assistant
HPNetworkAssistant
ImagXpress
Intel® Graphics Media Accelerator Driver
Intel® TV Wizard
Intel® Matrix Storage Manager
IRPF2011 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
Java Auto Updater
K-Lite Codec Pack 9.4.2 (Full)
Lavasoft Reghance 2.1
LightScribe System Software  1.14.17.1
Malwarebytes Anti-Malware version 1.70.0.1100
Memeo Instant Backup
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Antimalware Service PT-BR Language Pack
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Business 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Security Client
Microsoft Security Client PT-BR Language Pack
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Motorola SM56 Speakerphone Modem
Mozilla Firefox 18.0.2 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MyFreeCodec
neroxml
QuickBooks
QuickBooks Premier Edition 2009
QuickTime
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Receitanet
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Seagate Dashboard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Segoe UI
Skype™ 6.0
SopCast 3.4.8
Star Wars: The Old Republic
SupportSoft Assisted Service
swMSM
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Veetle TV
Viewpoint Media Player
Vuze
WeatherBug Gadget
WebClient
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
.
==== Event Viewer Messages From Past Week ========
.
2/9/2013 11:35:33 AM, Error: Service Control Manager [7006]  - The ScRegSetValueExW call failed for FailureActions with the following error:  Access is denied.
2/9/2013 11:35:33 AM, Error: Service Control Manager [7000]  - The Parallel port driver service failed to start due to the following error:  The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
2/3/2013 9:08:41 PM, Error: Service Control Manager [7030]  - The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
.
==== End Of File ===========================
 



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 09 February 2013 - 10:23 PM




Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller or from here
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 09 February 2013 - 10:51 PM

hi Gringo

 

here are the reports

 

ADW

 

# AdwCleaner v2.111 - Logfile created 02/09/2013 at 19:37:38
# Updated 05/02/2013 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Owner - OWNER-LAP
# Boot Mode : Normal
# Running from : C:\Users\Owner\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\ProgramData\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (pt-BR)

File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iwva7gdh.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3195 octets] - [09/02/2013 19:37:38]

########## EOF - C:\AdwCleaner[S1].txt - [3255 octets] ##########
 

 

 

RK report 1

 

RogueKiller V8.5.0 [Feb  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Scan -- Date : 02/09/2013 19:46:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2250BH +++++
--- User ---
[MBR] f3ce3f1422d3e6d6a799c8bbe88fbb9b
[BSP] 99099082f465035c874ad6c7205c49ca : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226502 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463876875 | Size: 11970 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02092013_02d1946.txt >>
RKreport[1]_S_02092013_02d1946.txt



RK report 2

 

RogueKiller V8.5.0 [Feb  9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Owner [Admin rights]
Mode : Remove -- Date : 02/09/2013 19:48:14
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[TASK][SUSP PATH] ROC_REG_JAN_DELETE.job : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
[TASK][SUSP PATH] ROC_REG_JAN_DELETE : C:\ProgramData\AVG January 2013 Campaign\ROC.exe /DELETE_FROM_SYSTEM=1 -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHY2250BH +++++
--- User ---
[MBR] f3ce3f1422d3e6d6a799c8bbe88fbb9b
[BSP] 99099082f465035c874ad6c7205c49ca : HP tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 226502 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 463876875 | Size: 11970 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_02092013_02d1948.txt >>
RKreport[1]_S_02092013_02d1946.txt ; RKreport[2]_D_02092013_02d1948.txt


 



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 09 February 2013 - 11:05 PM


Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

  • Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 February 2013 - 12:47 PM

hi Gringo

 

here is the combofix log

 

ComboFix 13-02-07.02 - Owner 02/09/2013  20:13:35.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1966 [GMT -8:00]
Running from: c:\users\Owner\Desktop\Programas\Anti Virus\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-10 to 2013-02-10  )))))))))))))))))))))))))))))))
.
.
2013-02-10 04:21 . 2013-02-10 04:21    --------    d-----w-    c:\users\Owner\AppData\Local\temp
2013-02-10 04:21 . 2013-02-10 04:21    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-10 04:10 . 2013-02-10 04:10    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42841183-0865-465D-91B0-3DBC9043299F}\MpKsl0f04bcfa.sys
2013-02-10 03:55 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42841183-0865-465D-91B0-3DBC9043299F}\mpengine.dll
2013-02-08 23:59 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-23 16:34 . 2013-01-23 16:36    --------    d-----w-    c:\programdata\AVG January 2013 Campaign
2013-01-22 06:37 . 2013-01-22 06:37    --------    d-----w-    c:\program files\ESET
2013-01-12 17:01 . 2013-01-12 17:01    --------    d-----w-    c:\users\Owner\AppData\Local\SWTOR
2013-01-12 04:46 . 2008-05-30 22:11    3850760    ----a-w-    c:\windows\system32\D3DX9_38.dll
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\program files\Common Files\BioWare
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\program files\Electronic Arts
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\users\hedev
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-04-28 05:25    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-21 05:46 . 2012-03-31 03:25    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-21 05:46 . 2011-06-14 05:50    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 00:23    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 00:23    293376    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2012-01-04 03:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-11-29 03:06 . 2012-11-29 03:08    740840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45891ADB-50CE-4441-983A-FB4A475385BD}\gapaengine.dll
2012-11-28 18:35 . 2012-10-05 22:57    859072    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-11-28 18:35 . 2010-04-28 04:58    779704    ----a-w-    c:\windows\system32\deployJava1.dll
2012-11-23 01:35 . 2013-01-08 23:33    2048000    ----a-w-    c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-08 23:33    204288    ----a-w-    c:\windows\system32\ncrypt.dll
2012-11-16 07:33 . 2012-11-16 07:33    94048    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2012-11-14 02:09 . 2012-12-13 00:10    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 00:10    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 00:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 00:10    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 00:10    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 00:11    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-11 21:43    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-02-06 00:59 . 2013-02-06 00:58    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 947176]
"AVG_UI"="c:\program files\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55    937920    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 19:55    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-02-03 02:07    240544    ----a-r-    c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 20:57    173592    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 20:08    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-24 10:02    178712    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 20:57    141848    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-11-18 22:01    623880    ----a-w-    c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-12-18 01:10    578560    ----a-w-    c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-12-20 09:44    844296    ----a-w-    c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-20 09:44    1476104    ----a-w-    c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-20 09:44    310280    ----a-w-    c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-04 21:10    136416    ----a-w-    c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 20:57    150552    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31    202032    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-09 17:25    7539232    ----a-w-    c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42    79112    ----a-w-    c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 21:46    1458176    ----a-w-    c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 11:36    2299176    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 23:32    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28    2153472    ----a-w-    c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0F04BCFA
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 04:28]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iwva7gdh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-01-09 22:15; 2.0@disconnect.me; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iwva7gdh.default\extensions\2.0@disconnect.me.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 19:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-09 20:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-09  20:23:26
ComboFix-quarantined-files.txt  2013-02-10 04:23
ComboFix2.txt  2013-02-04 05:11
.
Pre-Run: 47,487,565,824 bytes free
Post-Run: 47,457,046,528 bytes free
.
- - End Of File - - 37FC80C03DAEA2C09D264DB4A73C8949
 



#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 10 February 2013 - 01:01 PM



Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:
 ClearJavaCache:: 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 February 2013 - 02:24 PM

hi Gringo

 

here is the log

 

ComboFix 13-02-07.02 - Owner 02/10/2013  11:10:47.3.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3062.1770 [GMT -8:00]
Running from: c:\users\Owner\Desktop\Programas\Anti Virus\ComboFix.exe
Command switches used :: c:\users\Owner\Desktop\CFScript.txt
AV: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: AVG Anti-Virus Free Edition 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2013-01-10 to 2013-02-10  )))))))))))))))))))))))))))))))
.
.
2013-02-10 19:19 . 2013-02-10 19:19    --------    d-----w-    c:\users\Owner\AppData\Local\temp
2013-02-10 19:19 . 2013-02-10 19:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-02-10 04:10 . 2013-02-10 04:10    29904    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42841183-0865-465D-91B0-3DBC9043299F}\MpKsl0f04bcfa.sys
2013-02-10 03:55 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42841183-0865-465D-91B0-3DBC9043299F}\mpengine.dll
2013-02-08 23:59 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-23 16:34 . 2013-01-23 16:36    --------    d-----w-    c:\programdata\AVG January 2013 Campaign
2013-01-22 06:37 . 2013-01-22 06:37    --------    d-----w-    c:\program files\ESET
2013-01-12 17:01 . 2013-01-12 17:01    --------    d-----w-    c:\users\Owner\AppData\Local\SWTOR
2013-01-12 04:46 . 2008-05-30 22:11    3850760    ----a-w-    c:\windows\system32\D3DX9_38.dll
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\program files\Common Files\BioWare
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\program files\Electronic Arts
2013-01-12 04:45 . 2013-01-12 04:45    --------    d-----w-    c:\users\hedev
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2010-04-28 05:25    232336    ------w-    c:\windows\system32\MpSigStub.exe
2013-01-21 05:46 . 2012-03-31 03:25    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-01-21 05:46 . 2011-06-14 05:50    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-16 13:12 . 2012-12-21 00:23    34304    ----a-w-    c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-21 00:23    293376    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-15 00:49 . 2012-01-04 03:49    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-11-29 03:06 . 2012-11-29 03:08    740840    ------w-    c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{45891ADB-50CE-4441-983A-FB4A475385BD}\gapaengine.dll
2012-11-28 18:35 . 2012-10-05 22:57    859072    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-11-28 18:35 . 2010-04-28 04:58    779704    ----a-w-    c:\windows\system32\deployJava1.dll
2012-11-23 01:35 . 2013-01-08 23:33    2048000    ----a-w-    c:\windows\system32\win32k.sys
2012-11-20 04:22 . 2013-01-08 23:33    204288    ----a-w-    c:\windows\system32\ncrypt.dll
2012-11-16 07:33 . 2012-11-16 07:33    94048    ----a-w-    c:\windows\system32\drivers\avgmfx86.sys
2012-11-14 02:09 . 2012-12-13 00:10    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-13 00:10    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 00:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-13 00:10    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 00:10    420864    ----a-w-    c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 00:11    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-11 21:43    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-02-06 00:59 . 2013-02-06 00:58    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 19:55    937920    ----a-w-    c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 19:55    35736    ----a-w-    c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-10-12 05:56    59280    ----a-w-    c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-21 02:25    125952    ----a-w-    c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashPlayerUpdate]
2009-02-03 02:07    240544    ----a-r-    c:\windows\System32\Macromed\Flash\FlashUtil10b.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-02-26 20:57    173592    ----a-w-    c:\windows\System32\hkcmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2010-03-12 20:08    49208    ----a-w-    c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47    480560    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-24 10:02    178712    ----a-w-    c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-02-26 20:57    141848    ----a-w-    c:\windows\System32\igfxtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Intuit SyncManager]
2008-11-18 22:01    623880    ----a-w-    c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage]
2012-12-18 01:10    578560    ----a-w-    c:\program files\Samsung\Kies\KiesAirMessage.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-12-20 09:44    844296    ----a-w-    c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2012-12-20 09:44    1476104    ----a-w-    c:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-12-20 09:44    310280    ----a-w-    c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Instant Backup]
2011-05-04 21:10    136416    ----a-w-    c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-02-26 20:57    150552    ----a-w-    c:\windows\System32\igfxpers.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 21:31    202032    ----a-w-    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-20 02:27    468264    ----a-w-    c:\program files\HP\QuickPlay\QPService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 11:12    421888    ----a-w-    c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
2009-06-09 17:25    7539232    ----a-w-    c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42    79112    ----a-w-    c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
2009-10-26 21:46    1458176    ----a-w-    c:\program files\Motorola\SMSERIAL\sm56hlpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 16:04    252848    ----a-w-    c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2011-10-14 11:36    2299176    ----a-w-    c:\program files\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-09-13 23:32    222504    ------w-    c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53    311296    ----a-w-    c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2009-04-11 06:28    2153472    ----a-w-    c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0F04BCFA
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14    451872    ----a-w-    c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 04:28]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-22 04:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.10.1
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iwva7gdh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - ExtSQL: 2013-01-09 22:15; 2.0@disconnect.me; c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\iwva7gdh.default\extensions\2.0@disconnect.me.xpi
FF - ExtSQL: !HIDDEN! 2009-07-08 19:00; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 11:21
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Data]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET CLR Networking 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for Oracle]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NET Data Provider for SqlServer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\.NETFramework]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ACPI]
"ImagePath"="system32\drivers\acpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AdobeARMservice]
"ImagePath"="\"c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adp94xx]
"ImagePath"="\SystemRoot\system32\drivers\adp94xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpahci]
"ImagePath"="\SystemRoot\system32\drivers\adpahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\drivers\adpu160m.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adpu320]
"ImagePath"="\SystemRoot\system32\drivers\adpu320.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\adsi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AeLookupSvc]
"ServiceDll"="%SystemRoot%\System32\aelupsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\system32\drivers\afd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\agp440]
"ImagePath"="\SystemRoot\system32\drivers\agp440.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\drivers\djsvs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\aliide]
"ImagePath"="\SystemRoot\system32\drivers\aliide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdagp]
"ImagePath"="\SystemRoot\system32\drivers\amdagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\amdide]
"ImagePath"="\SystemRoot\system32\drivers\amdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK7]
"ImagePath"="\SystemRoot\system32\drivers\amdk7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AmdK8]
"ImagePath"="system32\DRIVERS\amdk8.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Appinfo]
"ServiceDll"="%SystemRoot%\System32\appinfo.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arc]
"ImagePath"="\SystemRoot\system32\drivers\arc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\arcsas]
"ImagePath"="\SystemRoot\system32\drivers\arcsas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\atapi]
"ImagePath"="system32\drivers\atapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AudioEndpointBuilder]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Audiosrv]
"ServiceDll"="%SystemRoot%\System32\Audiosrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avg]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSAgent]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgidsagent.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSDriver]
"ImagePath"="system32\DRIVERS\avgidsdriverx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSHX]
"ImagePath"="system32\DRIVERS\avgidshx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\AVGIDSShim]
"ImagePath"="system32\DRIVERS\avgidsshimx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgldx86]
"ImagePath"="system32\DRIVERS\avgldx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avglogx]
"ImagePath"="system32\DRIVERS\avglogx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgmfx86]
"ImagePath"="system32\DRIVERS\avgmfx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgrkx86]
"ImagePath"="system32\DRIVERS\avgrkx86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Avgtdix]
"ImagePath"="system32\DRIVERS\avgtdix.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\avgwd]
"ImagePath"="\"c:\program files\AVG\AVG2013\avgwdsvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BattC]
"MofImagePath"="system32\drivers\battc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BCM43XV]
"ImagePath"="system32\DRIVERS\bcmwl6.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Beep]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ServiceDll"="%SystemRoot%\System32\bfe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\blbdrive]
"ImagePath"="\SystemRoot\system32\drivers\blbdrive.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\bowser]
"ImagePath"="system32\DRIVERS\bowser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltLo]
"ImagePath"="\SystemRoot\system32\drivers\brfiltlo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrFiltUp]
"ImagePath"="\SystemRoot\system32\drivers\brfiltup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Brserid]
"ImagePath"="\SystemRoot\system32\drivers\brserid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrSerWdm]
"ImagePath"="\SystemRoot\system32\drivers\brserwdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbMdm]
"ImagePath"="\SystemRoot\system32\drivers\brusbmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BrUsbSer]
"ImagePath"="\SystemRoot\system32\drivers\brusbser.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHMODEM]
"ImagePath"="\SystemRoot\system32\drivers\bthmodem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BTHPORT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\users\Owner\AppData\Local\Temp\catchme.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdfs]
"ImagePath"="system32\DRIVERS\cdfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CertPropSvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\circlass]
"ImagePath"="\SystemRoot\system32\drivers\circlass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLFS]
"ImagePath"="System32\CLFS.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\clr_optimization_v4.0.30319_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdide]
"ImagePath"="\SystemRoot\system32\drivers\cmdide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Com4Qlb]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\COMSysApp]
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crcdisk]
"ImagePath"="system32\drivers\crcdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Crusoe]
"ImagePath"="\SystemRoot\system32\drivers\crusoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\crypt32]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\system32\cryptsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DCLocator]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DfsC]
"ImagePath"="System32\Drivers\dfsc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DFSR]
"ImagePath"="%SystemRoot%\system32\DFSR.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dg_ssudbus]
"ImagePath"="system32\DRIVERS\ssudbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\system32\dhcpcsvc.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\disk]
"ImagePath"="system32\drivers\disk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DPS]
"ServiceDll"="%SystemRoot%\system32\dps.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\DXGKrnl]
"ImagePath"="\SystemRoot\System32\drivers\dxgkrnl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\E1G60]
"ImagePath"="system32\DRIVERS\E1G60I32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabfiltr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\eabusb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ecache]
"ImagePath"="System32\drivers\ecache.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehRecvr]
"ImagePath"="%systemroot%\ehome\ehRecvr.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehSched]
"ImagePath"="%systemroot%\ehome\ehsched.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ehstart]
"ServiceDll"="%SystemRoot%\ehome\ehstart.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\elxstor]
"ImagePath"="\SystemRoot\system32\drivers\elxstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EmdCache]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EMDMgmt]
"ServiceDll"="%systemroot%\system32\emdmgmt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ErrDev]
"ImagePath"="\SystemRoot\system32\drivers\errdev.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ESENT]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog]
"ServiceDll"="%SystemRoot%\System32\wevtsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventSystem]
"ServiceDll"="%systemroot%\system32\es.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\exfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fastfat]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\fdPHost]
"ServiceDll"="%SystemRoot%\system32\fdPHost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FDResPub]
"ServiceDll"="%SystemRoot%\system32\fdrespub.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FileInfo]
"ImagePath"="system32\drivers\fileinfo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Filetrace]
"ImagePath"="system32\drivers\filetrace.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache]
"ServiceDll"="%SystemRoot%\system32\FntCache.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fs_Rec]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gagp30kx]
"ImagePath"="\SystemRoot\system32\drivers\gagp30kx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gpsvc]
"ServiceDll"="%SystemRoot%\System32\gpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\gupdatem]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /medsvc"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hcw85bda]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidBth]
"ImagePath"="\SystemRoot\system32\drivers\hidbth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidIr]
"ImagePath"="\SystemRoot\system32\drivers\hidir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hidserv]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hkmsvc]
"ServiceDLL"="%SystemRoot%\system32\kmsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HP Health Check Service]
"ImagePath"="\"c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpCISSs]
"ImagePath"="\SystemRoot\system32\drivers\hpcisss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpqKbFiltr]
"ImagePath"="system32\DRIVERS\HpqKbFiltr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HpqRemHid]
"ImagePath"="system32\DRIVERS\HpqRemHid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hpqwmiex]
"ImagePath"="c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSFHWAZL]
"ImagePath"="system32\DRIVERS\VSTAZL3.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HSF_DPV]
"ImagePath"="system32\DRIVERS\VSTDPV3.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HTTP]
"ImagePath"="system32\drivers\HTTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i2omp]
"ImagePath"="\SystemRoot\system32\drivers\i2omp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IAANTMON]
"ImagePath"="c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ialm]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStor]
"ImagePath"="system32\DRIVERS\iaStor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iaStorV]
"ImagePath"="\SystemRoot\system32\drivers\iastorv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\idsvc]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\igfx]
"ImagePath"="system32\DRIVERS\igdkmd32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iirsp]
"ImagePath"="\SystemRoot\system32\drivers\iirsp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IKEEXT]
"ServiceDll"="%SystemRoot%\System32\ikeext.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\inetaccs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RTKVHDA.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelide]
"ImagePath"="system32\drivers\intelide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPBusEnum]
"ServiceDll"="%SystemRoot%\system32\ipbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iphlpsvc]
"ServiceDll"="%SystemRoot%\System32\iphlpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPMIDRV]
"ImagePath"="\SystemRoot\system32\drivers\ipmidrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IPNAT]
"ImagePath"="system32\DRIVERS\ipnat.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IRENUM]
"ImagePath"="system32\drivers\irenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\isapnp]
"ImagePath"="\SystemRoot\system32\drivers\isapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iScsiPrt]
"ImagePath"="system32\DRIVERS\msiscsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteatapi]
"ImagePath"="\SystemRoot\system32\drivers\iteatapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\iteraid]
"ImagePath"="\SystemRoot\system32\drivers\iteraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KeyIso]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KSecDD]
"ImagePath"="System32\Drivers\ksecdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\KtmRm]
"ServiceDll"="%systemroot%\system32\msdtckrm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanServer]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LanmanWorkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ldap]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Common Files\LightScribe\LSSrvc.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdio]
"ImagePath"="system32\DRIVERS\lltdio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lltdsvc]
"ServiceDll"="%SystemRoot%\System32\lltdsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\lmhosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Lsa]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_FC]
"ImagePath"="\SystemRoot\system32\drivers\lsi_fc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SAS]
"ImagePath"="\SystemRoot\system32\drivers\lsi_sas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\LSI_SCSI]
"ImagePath"="\SystemRoot\system32\drivers\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\luafv]
"ImagePath"="\SystemRoot\system32\drivers\luafv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mcx2Svc]
"ServiceDll"="%SystemRoot%\system32\Mcx2Svc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\megasas]
"ImagePath"="\SystemRoot\system32\drivers\megasas.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MegaSR]
"ImagePath"="\SystemRoot\system32\drivers\megasr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MemeoBackgroundService]
"ImagePath"="c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MMCSS]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Modem]
"ImagePath"="system32\drivers\modem.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MODEMCSA]
"ImagePath"="system32\drivers\MODEMCSA.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\monitor]
"ImagePath"="system32\DRIVERS\monitor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MountMgr]
"ImagePath"="System32\drivers\mountmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MozillaMaintenance]
"ImagePath"="c:\program files\Mozilla Maintenance Service\maintenanceservice.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpFilter]
"ImagePath"="system32\DRIVERS\MpFilter.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpio]
"ImagePath"="\SystemRoot\system32\drivers\mpio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpKsl0f04bcfa]
"ImagePath"="\??\c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{42841183-0865-465D-91B0-3DBC9043299F}\MpKsl0f04bcfa.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mpsdrv]
"ImagePath"="System32\drivers\mpsdrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ServiceDll"="%SystemRoot%\system32\mpssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mraid35x]
"ImagePath"="\SystemRoot\system32\drivers\mraid35x.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxDAV]
"ImagePath"="\SystemRoot\system32\drivers\mrxdav.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb10]
"ImagePath"="system32\DRIVERS\mrxsmb10.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mrxsmb20]
"ImagePath"="system32\DRIVERS\mrxsmb20.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msahci]
"ImagePath"="system32\drivers\msahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msdsm]
"ImagePath"="\SystemRoot\system32\drivers\msdsm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC]
"ImagePath"="%SystemRoot%\System32\msdtc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSDTC Bridge 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Msfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msisadrv]
"ImagePath"="system32\drivers\msisadrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSiSCSI]
"ServiceDll"="%systemroot%\system32\iscsiexe.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsMpSvc]
"ImagePath"="\"c:\program files\Microsoft Security Client\MsMpEng.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MsRPC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSSCNTRS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Mup]
"ImagePath"="System32\Drivers\mup.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\napagent]
"ServiceDLL"="%SystemRoot%\system32\qagentRT.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NativeWifiP]
"ImagePath"="system32\DRIVERS\nwifi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"ImagePath"="system32\drivers\ndis.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netbt]
"ImagePath"="System32\DRIVERS\netbt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\netprofm]
"ServiceDll"="%SystemRoot%\System32\netprofm.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETw4v32]
"ImagePath"="system32\DRIVERS\NETw4v32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETw5v32]
"ImagePath"="system32\DRIVERS\NETw5v32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NETwLv32]
"ImagePath"="system32\DRIVERS\NETwLv32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nfrd960]
"ImagePath"="\SystemRoot\system32\drivers\nfrd960.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NisDrv]
"ImagePath"="system32\DRIVERS\NisDrvWFP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NisSrv]
"ImagePath"="\"c:\program files\Microsoft Security Client\NisSrv.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NlaSvc]
"ServiceDll"="%SystemRoot%\System32\nlasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Npfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsi]
"ServiceDll"="%systemroot%\system32\nsisvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nsiproxy]
"ImagePath"="system32\drivers\nsiproxy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NTDS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Ntfs]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntrigdigi]
"ImagePath"="\SystemRoot\system32\drivers\ntrigdigi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Null]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\nvm60x32.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvraid]
"ImagePath"="\SystemRoot\system32\drivers\nvraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nvstor]
"ImagePath"="\SystemRoot\system32\drivers\nvstor.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\nv_agp]
"ImagePath"="\SystemRoot\system32\drivers\nv_agp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\osppsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2pimsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p2psvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parport]
"ImagePath"="\SystemRoot\system32\drivers\parport.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\partmgr]
"ImagePath"="System32\drivers\partmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Parvdm]
"ImagePath"="\SystemRoot\system32\drivers\parvdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PcaSvc]
"ServiceDll"="%SystemRoot%\System32\pcasvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pci]
"ImagePath"="system32\drivers\pci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pciide]
"ImagePath"="\SystemRoot\system32\drivers\pciide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcmcia]
"ImagePath"="\SystemRoot\system32\drivers\pcmcia.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PEAUTH]
"ImagePath"="system32\drivers\peauth.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfDisk]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfNet]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfOS]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pla]
"ServiceDll"="%systemroot%\system32\pla.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PlugPlay]
"ServiceDll"="%SystemRoot%\system32\umpnpmgr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPAutoReg]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PNRPsvc]
"ServiceDll"="%SystemRoot%\system32\p2psvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PolicyAgent]
"ServiceDll"="%SystemRoot%\System32\ipsecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PortProxy]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Processor]
"ImagePath"="\SystemRoot\system32\drivers\processr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProfSvc]
"ServiceDll"="%systemroot%\system32\profsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\pacer.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QBCFMonitorService]
"ImagePath"="\"c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QBFCService]
"ImagePath"="\"c:\program files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql2300]
"ImagePath"="\SystemRoot\system32\drivers\ql2300.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ql40xx]
"ImagePath"="\SystemRoot\system32\drivers\ql40xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPCapSvc]
"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe\"\00\03\00\00\00\00\00\00\00\00\02\00\00\00c:\program files\HP\QuickPlay\Kernel\TV\Ca"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QPSched]
"ImagePath"="\"c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe\"\00a\00y\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00Q\00P\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVE]
"ServiceDll"="%windir%\system32\qwave.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\QWAVEdrv]
"ImagePath"="\SystemRoot\system32\drivers\qwavedrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAcd]
"ImagePath"="System32\DRIVERS\rasacd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RasSstp]
"ImagePath"="system32\DRIVERS\rassstp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdpdr]
"ImagePath"="\SystemRoot\system32\drivers\rdpdr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPENCDD]
"ImagePath"="system32\drivers\rdpencdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPNP]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPWD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteAccess]
"ServiceDLL"="%SystemRoot%\System32\mprdim.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rimmptsk]
"ImagePath"="system32\DRIVERS\rimmptsk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rimsptsk]
"ImagePath"="system32\DRIVERS\rimsptsk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rismxdp]
"ImagePath"="system32\DRIVERS\rixdptsk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rspndr]
"ImagePath"="system32\DRIVERS\rspndr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RTL8169]
"ImagePath"="system32\DRIVERS\Rtlh86.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sbp2port]
"ImagePath"="\SystemRoot\system32\drivers\sbp2port.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCardSvr]
"ServiceDll"="%SystemRoot%\System32\SCardSvr.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Schedule]
"ServiceDll"="%systemroot%\system32\schedsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SCPolicySvc]
"ServiceDll"="%SystemRoot%\System32\certprop.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sdbus]
"ImagePath"="system32\DRIVERS\sdbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SDRSVC]
"ServiceDll"="%Systemroot%\System32\SDRSVC.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SeagateDashboardService]
"ImagePath"="c:\program files\Seagate\Seagate Dashboard\SeagateDashboardService.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\secdrv]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\seclogon]
"ServiceDll"="%windir%\system32\seclogon.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serenum]
"ImagePath"="\SystemRoot\system32\drivers\serenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Serial]
"ImagePath"="\SystemRoot\system32\drivers\serial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sermouse]
"ImagePath"="\SystemRoot\system32\drivers\sermouse.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ServiceModelService 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SessionEnv]
"ServiceDLL"="%SystemRoot%\system32\sessenv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffdisk]
"ImagePath"="system32\DRIVERS\sffdisk.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_mmc]
"ImagePath"="\SystemRoot\system32\drivers\sffp_mmc.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sffp_sd]
"ImagePath"="system32\DRIVERS\sffp_sd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sfloppy]
"ImagePath"="\SystemRoot\system32\drivers\sfloppy.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sisagp]
"ImagePath"="\SystemRoot\system32\drivers\sisagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid2]
"ImagePath"="\SystemRoot\system32\drivers\sisraid2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SiSRaid4]
"ImagePath"="\SystemRoot\system32\drivers\sisraid4.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SkypeUpdate]
"ImagePath"="\"c:\program files\Skype\Updater\Updater.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\slsvc]
"ImagePath"="%SystemRoot%\system32\SLsvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SLUINotify]
"ServiceDll"="%SystemRoot%\system32\SLUINotify.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Smb]
"ImagePath"="system32\DRIVERS\smb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\smserial]
"ImagePath"="system32\DRIVERS\smserial.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SMSvcHost 4.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SNMPTRAP]
"ImagePath"="%SystemRoot%\System32\snmptrap.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\spldr]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\System32\spoolsv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv]
"ImagePath"="System32\DRIVERS\srv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srv2]
"ImagePath"="System32\DRIVERS\srv2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\srvnet]
"ImagePath"="System32\DRIVERS\srvnet.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SstpSvc]
"ServiceDll"="%SystemRoot%\system32\sstpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ssudmdm]
"ImagePath"="system32\DRIVERS\ssudmdm.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\System32\wiaservc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\swprv]
"ServiceDll"="%Systemroot%\System32\swprv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Symc8xx]
"ImagePath"="\SystemRoot\system32\drivers\symc8xx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SymIM]
"ImagePath"="system32\DRIVERS\SymIM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SymIMMP]
"ImagePath"="system32\DRIVERS\SymIM.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SYMTDI]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_hi]
"ImagePath"="\SystemRoot\system32\drivers\sym_hi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sym_u3]
"ImagePath"="\SystemRoot\system32\drivers\sym_u3.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SysMain]
"ServiceDll"="%systemroot%\system32\sysmain.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TabletInputService]
"ServiceDll"="%SystemRoot%\System32\TabSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TBS]
"ServiceDll"="%SystemRoot%\System32\tbssvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip]
"ImagePath"="System32\drivers\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip6]
"ImagePath"="system32\DRIVERS\tcpip.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tcpipreg]
"ImagePath"="System32\drivers\tcpipreg.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDPIPE]
"ImagePath"="system32\drivers\tdpipe.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TDTCP]
"ImagePath"="system32\drivers\tdtcp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tdx]
"ImagePath"="system32\DRIVERS\tdx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\system32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\THREADORDER]
"ServiceDll"="%SystemRoot%\system32\mmcss.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\System32\trkwks.dll"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller]
"ImagePath"="%SystemRoot%\servicing\TrustedInstaller.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TSDDD]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tssecsrv]
"ImagePath"="System32\DRIVERS\tssecsrv.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunmp]
"ImagePath"="system32\DRIVERS\tunmp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\tunnel]
"ImagePath"="system32\DRIVERS\tunnel.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uagp35]
"ImagePath"="\SystemRoot\system32\drivers\uagp35.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\udfs]
"ImagePath"="system32\DRIVERS\udfs.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGatherer]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UGTHRSVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UI0Detect]
"ImagePath"="%SystemRoot%\system32\UI0Detect.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliagpkx]
"ImagePath"="\SystemRoot\system32\drivers\uliagpkx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\uliahci]
"ImagePath"="\SystemRoot\system32\drivers\uliahci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UlSata]
"ImagePath"="\SystemRoot\system32\drivers\ulsata.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ulsata2]
"ImagePath"="\SystemRoot\system32\drivers\ulsata2.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\umbus]
"ImagePath"="system32\DRIVERS\umbus.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usb]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbcir]
"ImagePath"="\SystemRoot\system32\drivers\usbcir.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UxSms]
"ServiceDll"="%SystemRoot%\System32\uxsms.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vds]
"ImagePath"="%SystemRoot%\System32\vds.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vga]
"ImagePath"="system32\DRIVERS\vgapnp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaagp]
"ImagePath"="\SystemRoot\system32\drivers\viaagp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ViaC7]
"ImagePath"="\SystemRoot\system32\drivers\viac7.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\viaide]
"ImagePath"="\SystemRoot\system32\drivers\viaide.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgr]
"ImagePath"="system32\drivers\volmgr.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volmgrx]
"ImagePath"="System32\drivers\volmgrx.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\volsnap]
"ImagePath"="system32\drivers\volsnap.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\vsmraid]
"ImagePath"="\SystemRoot\system32\drivers\vsmraid.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\VSS]
"ImagePath"="%systemroot%\system32\vssvc.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W3SVC]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WacomPen]
"ImagePath"="\SystemRoot\system32\drivers\wacompen.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wanarpv6]
"ImagePath"="system32\DRIVERS\wanarp.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wcncsvc]
"ServiceDll"="%SystemRoot%\System32\wcncsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WcsPlugInService]
"ServiceDll"="%SystemRoot%\System32\WcsPlugInService.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wd]
"ImagePath"="\SystemRoot\system32\drivers\wd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\drivers\Wdf01000.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiServiceHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WdiSystemHost]
"ServiceDll"="%SystemRoot%\system32\wdi.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wecsvc]
"ServiceDll"="%SystemRoot%\system32\wecsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wercplsupport]
"ServiceDll"="%SystemRoot%\System32\wercplsupport.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WerSvc]
"ServiceDll"="%SystemRoot%\System32\WerSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\winachsf]
"ImagePath"="system32\DRIVERS\VSTCNXT3.SYS"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinDefend]
"ServiceDll"="%ProgramFiles%\Windows Defender\mpsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinHttpAutoProxySvc]
"ServiceDll"="winhttp.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinRM]
"ServiceDll"="%SystemRoot%\system32\WsmSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Winsock]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinUSB]
"ImagePath"="system32\DRIVERS\WinUSB.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Wlansvc]
"ServiceDll"="%SystemRoot%\System32\wlansvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wlidsvc]
"ImagePath"="\"c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WmiApRpl]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wmiApSrv]
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"%ProgramFiles%\Windows Media Player\wmpnetwk.exe\""
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPCSvc]
"ServiceDll"="%SystemRoot%\System32\wpcsvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPDBusEnum]
"ServiceDll"="%SystemRoot%\system32\wpdbusenum.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WPFFontCache_v0400]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ws2ifsl]
"ImagePath"="\SystemRoot\system32\drivers\ws2ifsl.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WSearchIdxPi]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wuauserv]
"ServiceDll"="%systemroot%\system32\wuaueng.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WudfPf]
"ImagePath"="system32\drivers\WudfPf.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WUDFRd]
"ImagePath"="system32\DRIVERS\WUDFRd.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\wudfsvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\xmlprov]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{07171AC2-0D2A-427d-BCE5-B6C2D6C7058B}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1C11AE53-28A5-4AC7-BA9F-CD4109D7856C}]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{321D3394-8262-4D13-9E82-CB05BA9FDABE}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2013-02-10  11:23:19
ComboFix-quarantined-files.txt  2013-02-10 19:23
ComboFix2.txt  2013-02-10 04:23
ComboFix3.txt  2013-02-04 05:11
.
Pre-Run: 42,636,021,760 bytes free
Post-Run: 42,610,348,032 bytes free
.
- - End Of File - - 8765DF74971CF622861735C5070BBC6B
 



#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 10 February 2013 - 02:37 PM



Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job
  • Programs to remove

    • Adobe Reader X (10.1.0) - Português
      Vuze



  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
  • .


    Update Adobe reader
    • Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

      You can download it from http://www.adobe.com/products/acrobat/readstep2.html
      After installing the latest Adobe Reader, uninstall all previous versions.
      If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.
      • If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

        Note: When installing FoxitReader, be careful not to install anything to do with AskBar.

    Clean Out Temp Files
    • This small application you may want to keep and use once a week to keep the computer clean.

      Download CCleaner from here http://www.ccleaner.com/
      • Run the installer to install the application.
      • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
      • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
      • Click Run Cleaner.
      • Close CCleaner.
: Malwarebytes' Anti-Malware :

I see you have MBAM installed - I think this is a great program and would like you to run a quick scan at this time
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidentally close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.



    Download HijackThis
    • Go Here to download HijackThis program
    • Save HijackThis to your desktop.
    • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
    • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
    • copy and paste hijackthis report into the topic
    "information and logs"
    • In your next post I need the following
      • Log From MBAM
      • report from Hijackthis
      • let me know of any problems you may have had
      • How is the computer doing now?
    Gringo









I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 February 2013 - 03:12 PM

hi Gringo

 

mbam report

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.10.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: OWNER-LAP [administrator]

2/10/2013 12:02:42 PM
mbam-log-2013-02-10 (12-02-42).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220832
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

 

hijack report

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:11:06 PM, on 2/10/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\AVG\AVG2013\avgui.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Desktop\Programas\Anti Virus\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MemeoBackgroundService - Memeo - C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 5580 bytes
 



#13 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 February 2013 - 03:14 PM

i left the hijack open because i don't know what to do with "fix this stuff"



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:25 PM

Posted 10 February 2013 - 04:03 PM




Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.
  • Run HijackThis (rightclick and run as admin)
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe


  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.
    • NOTE**You can research each of those lines >here< and see if you want to keep them or not
      just copy the name between the brackets and paste into the search space
      O4 - HKLM\..\Run: [IntelliPoint]

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    • Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.

  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish
  • When the scan is complete
    • If no threats were found
      • put a checkmark in "Uninstall application on close"
      • close program
      • report to me that nothing was found
    • If threats were found
      • click on "list of threats found"
      • click on "export to text file" and save it as ESET SCAN and save to the desktop
      • Click on back
      • put a checkmark in "Uninstall application on close"
      • click on finish
      • close program
      • copy and paste the report here
    Gringo





I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 epa100

epa100
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:07:25 PM

Posted 10 February 2013 - 07:37 PM

hi Gringo

 

here is the report

 

 

C:\Users\Owner\Desktop\fabiano\New Folder\XBOXISO14\tools\XDFSExtract.exe    probably a variant of Win32/Agent.NMDAZIM trojan
C:\Users\Owner\Desktop\Photoshop CS5 Extended Portable\patch.bat    BAT/HostsChanger.A application
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\ARPPRODUCTICON.exe    Win32/Toolbar.Widgi application
C:\Windows\Installer\{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}\UNINST_Uninstall_G_F6A848FB884248E6A4CDCBDCF41F6A74_1.exe    Win32/Toolbar.Widgi application
 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users